Basic Auth Middleware
The configuration is slightly different forStandard Applications andDocker Compose based applications/one-click services.
Standard Applications
traefik.http.middlewares.<random_unique_name>.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNGtraefik.http.routers.<unique_router_name>.middlewares=<random_unique_name>In the example above, we are usingtest as username andtest as password.
INFO
You most likely have atraefik.http.middlewares label already set. In that case, you must append therandom_unique_name middleware to the existing value. For example:
traefik.http.routers.<unique_router_name>.middlewares=gzip,<random_unique_name>Note: The<random_unique_name> and<unique_router_name> are placeholders. You need to replace them when you add them to your own labels section. The<random_unique_name> is a unique name for the middleware and you need to make that up yourself. The<unique_router_name> is the unique name for the router that Coolify has already generated for you.
An ngnix Simple Web Container Example
Let's say you have an ngnix simple web container that was generated by Coolify with the following Dockerfile:
FROM nginx:alpineCOPY . /usr/share/nginx/htmlTheContainer Labels generated by Coolify would look like this:
traefik.enable=truetraefik.http.middlewares.gzip.compress=truetraefik.http.middlewares.redirect-to-https.redirectscheme.scheme=httpstraefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.entryPoints=httptraefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.middlewares=redirect-to-httpstraefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.rule=Host(`ngnixsite.mysite.com`) && PathPrefix(`/`)traefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.service=http-0-wc04wo4ow4scokgsw8wow4s8traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.entryPoints=httpstraefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.middlewares=gziptraefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.rule=Host(`ngnixsite.mysite.com`) && PathPrefix(`/`)traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.service=https-0-wc04wo4ow4scokgsw8wow4s8traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.tls.certresolver=letsencrypttraefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.tls=truetraefik.http.services.http-0-wc04wo4ow4scokgsw8wow4s8.loadbalancer.server.port=80traefik.http.services.https-0-wc04wo4ow4scokgsw8wow4s8.loadbalancer.server.port=80caddy_0.encode=zstd gzipcaddy_0.handle_path.0_reverse_proxy={{upstreams 80}}caddy_0.handle_path=/*caddy_0.header=-Servercaddy_0.try_files={path} /index.html /index.phpcaddy_0=https://ngnixsite.73rdst.comcaddy_ingress_network=coolifyIf you want to add basic authentication to this service, assuming you want to name your auth middlewaremybasicauth, you could add the following label below the first linetraefik.enable=true:
traefik.http.middlewares.mybasicauth.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNG
Notice thatmybasicauth has replaced the<random_unique_name> placeholder. In other words, you have named your own auth middlewaremybasicauth.
Then you need to add the middleware to the router label, and since one or more middlewares are already set, you need to append the new middleware to the existing value.
For example you would update the current line
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.middlewares=gzip
to:
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.middlewares=gzip,mybasicauth
Notice that in this case<unique_router_name> has been replaced withhttps-0-wc04wo4ow4scokgsw8wow4s8 which is the unique name for the router that Coolify has already generated for you.
Yourngnix simple web container is protected by basic authentication.
Docker Compose And Services
To addbasicauth middleware to your service, you need to add the following labels to yourdocker-compose.yml file.:
services: ngnix-simple-web-container:: image:'nginx:alpine' ports: -'8080:80' labels: -'traefik.http.middlewares.<random_unique_name>.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNG'You should replace the placeholders<random_unique_name> with a unique name for the middleware. For example, you might name itmybasicauth, and then replace the placeholder withmybasicauth. That label would then look like this:
labels: -'traefik.http.middlewares.mybasicauth.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNG'We have now addedbasicauth middleware to thenginx-simple-web-container service.
Yourngnix simple web container is protected by basic authentication with a username of test and password of test.
Note: When applying basic authentication labels, special characters like $, @, and , must be escaped to avoid parsing errors. That is for example, enclose the label values in quotes and use a backslash () before special characters if you're using double quotes.
How to generate user/password?
You need to set your username and password in thebasicauth.users label.
You can generate one with thehtpasswd command:
htpasswd -nbB test testThis will generate a password hash for the usertest with the passwordtest. You can then replacetest with the desired username and password. Then substitute the generated hash in thebasicauth.users label above.
Note: thehtpasswd command is available on most Linux distributions. It is part of theapache2-utils package on Debian/Ubuntu and can be foundhere.