Simple Traefik Identity
Simple & Configurable – SSO, for Traefik.
Preview
Logon
Logoff
(if not authorized, you can login via another account)
Features
Role Based Access Control (RBAC)
groups:
- name: quebec
sub_domains:
- "*"
- name: saskatchewan
sub_domains:
- canada.ca
- www.tourismnewbrunswick.ca
- name: newfoundland
sub_domains:
- www.gov.nu.ca
users:
- name: yukon
password: yukon
session: 0.5 # logs you out after half a day
groups:
- quebec
- name: nunavut
password: nunavut
groups:
- saskatchewan
- newfoundland
Rate Limit
rate_limit:
headers:
- Cf-Connecting-Ip
- Another-Header
- So-on
rate: 5
timer: 30
Custom UI
display:
title: Simple Traefik Identity
background: |-
https://github.com/ms-jpq/simple-traefik-identity/raw/xp/src/views/assets/xp.jpg
Usage
See minimal and maximal to get started.
sti:
image: msjpq/simple-traefik-identity
container_name: sti
labels:
- traefik.http.services.sti.loadbalancer.server.port=5050
- traefik.http.middlewares.auth.forwardauth.address=http://sti:5050
- traefik.http.middlewares.auth.forwardauth.authResponseHeaders=X-Forwarded-User
volumes:
- ./config/conf.yml:/sti/config/conf.yml
Security
👩💻 -------- Request --------> 👮♀️
👩💻 <---- Auth Challenge ----- 👮♀️
👩💻 ------ Credentials ------> 👮♀️
👩💻 <-- Samesite JWT Cookie -- 👮♀️
👩💻 -- Samesite JWT Cookie --> 👮♀️
👩💻 <---------- OK ----------- 👮♀️
👩💻 -- Samesite JWT Cookie --> 👮♀️
👩💻 <---------- OK ----------- 👮♀️
JWT payload only contain list of accessible domains
Sister
Check out my sister: Simple Traefik Dash
Zero conf service dashboard for Traefik v2