Can I disable basic authentication for a specified path? - traefik

I use this Traefik (v1.7) file code to generate a basic auth:
[frontends]
[frontends.whoami]
backend = "whoami"
[frontends.whoami.routes]
[frontends.whoami.routes.route0]
rule = "Host:whoami.local"
[frontends.whoami.auth]
[frontends.whoami.auth.basic]
usersFile = ".htpasswd"
Is it possible to deactivate the basic auth for the following path with all his sub paths?
http://whoami.local/api
http://whoami.local/api/xxx

Related

404 when executing docker push to gitlab-container-registry

I have installed gitlab-ce 13.2.0 on my server and the container-registry was immediately available.
from a other sever (or my local machine) I can login, but when pushing a image to the container-registry I get a 404-error: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE html>\n<html>\n<head>...
in my gitlab.rb I have:
external_url 'https://git.xxxxxxxx.com'
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/trusted-certs/xxxxxxxx.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/trusted-certs/xxxxxxxx.com.key"
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
registry_external_url 'https://git.xxxxxxxx.com'
what is confusing, is that the registry_external_url is the same as the external_url. There are those lines in the gitlab.rb:
### Settings used by GitLab application
# gitlab_rails['registry_enabled'] = true
# gitlab_rails['registry_host'] = "git.xxxxxxxx.com"
# gitlab_rails['registry_port'] = "5005"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
But when I uncomment this, I cannot login.
what can be the problem here?
This is actually because you are using https port without proxying the registry in nginx.
Fix these lines according to the following in gitlab.rb:
registry_nginx['enable'] = true
registry_nginx['listen_https'] = true
registry_nginx['redirect_http_to_https'] = true
registry_external_url 'https://registry.YOUR_DOMAIN.gtld'
You don't need to touch nginx['ssl_*] parameters when you are using letsencrypt since the chef would take care.
How is your image named? Your image name must match exactly not only the registry URL, but project too.
You can't just build "myimage:latest" and push it. It must be like git.xxxxxxxx.com/mygroup/myproject:latest. You can obtain correct name from $CI_REGISTRY_IMAGE predefined variable.

Cors issue solved by using proxy not working after served in Netlify Create-react-app

I have built a real estate site that makes a an api request to "https://completecriminalchecks.com" In development mode I was getting the dreaded blocked by Cors error. Through some research I found that I needed to use a proxy to solve the issue, which it did in development mode on my local host. But now I have deployed the site to netlify, I am getting a 404 error when making the request. when I look at the request from the network devtools its says
Request URL: https://master--jessehaven.netlify.app/api/json/?apikey=6s4xxxxx13xlvtphrnuge19&search=radius&miles=2&center=98144
I dont think this is right. How do i make netlify make the proper request to the api that was having cors issues in development?
Have you tried netify documentation about it?
Proxy to another service Just like you can rewrite paths like /* to
/index.html, you can also set up rules to let parts of your site proxy
to external services. Let's say you need to communicate from a
single-page app with an API on https://api.example.com that doesn't
support CORS requests. The following rule will let you use /api/ from
your JavaScript client:
/api/* https://api.example.com/:splat 200
Now all requests to /api/... will be proxied through to
https://api.example.com straight from our CDN servers without an
additional connection from the browser. If the API supports standard
HTTP caching mechanisms like ETags or Last-Modified headers, the
responses will even get cached by our CDN nodes.
You do not need to use a proxy, you enable CORRS in your server. Are you using a onde server?
If you use express something like this:
npm install --save cors
And then use it as middleware:
var express = require('express');
var cors = require('cors');
var app = express();
app.use(cors());
Also in your netlify.toml file this will do the trick:
# The following redirect is intended for use with most SPAs that handle
# routing internally.
[[redirects]]
from = "/*"
to = "/index.html"
status = 200
[[headers]]
# Define which paths this specific [[headers]] block will cover.
for = "/*"
[headers.values]
Access-Control-Allow-Origin = "*"
I also faced the same issue and solved by creating a netlify.toml file in root directory.
Here is a sample code for redirect which worked for me.
Place this inside the netlify.toml file.
Documentation guide for proxy :
[[redirects]]
from = "/api/users/tickets/"
to = "https://some-external-site.com/api/users/tickets/"
status = 200
force = true
headers = {Access-Control-Allow-Origin = "*"}
[[redirects]]
from = "/api/users/cars/*"
to = "https://some-external-site.com/api/users/cars/:splat"
status = 200
force = true
headers = {Access-Control-Allow-Origin = "*"}
I also faced the same issue , so I removed the "proxy" from the "package.json" file and created a variable to store the IP addess or URL for backend , then used it with the URL parameter for calling API. The CORS issue is solved in backend by allowing "All origins".
File to store base URL:
constant.js :
export const baseUrl = "https://backEndUrl";
File to call API:
getDataApi.js:
import { baseUrl } from "./constant";
export const getProfileData = () => (dispatch) => {
axios
.get(`${baseUrl }/api/profile`)
.then((res) =>
dispatch({
type: GET_PROFILE,
payload: res.data,
})
)
.catch((err) =>
dispatch({
type: GET_PROFILE,
payload: null,
})
);
};

How to specify basic auth per frontend

Having read https://github.com/containous/traefik/issues/751 and https://github.com/containous/traefik/pull/1147 that are mentioning traefik.frontend.auth.basic I'm trying to set basic auth per traefik frontend (not entrypoint).
Neither
[frontends.kibana]
backend = "kibana"
[frontends.kibana.routes.nas]
rule = "Host:kibana.mydomain.io"
[frontends.kibana.auth]
basic = "kibana:$apr1$cHAIJt0o$..."
nor
[frontends.kibana]
backend = "kibana"
auth.basic = "kibana:$apr1$cHAIJt0o$..."
[frontends.kibana.routes.nas]
rule = "Host:kibana.mydomain.io"
is working. How can I specify basic auth on frontend level?
Like that:
[frontends.kibana]
backend = "kibana"
basicAuth = ["kibana:$apr1...", "anabik:$apr1..."]
[frontends.kibana.routes.nas]
rule = "Host:kibana.mydomain.io"

Traefik blue green deployment. Initialize web provider

I'm starting using traefik for blue/green deployment. I would like to use the REST API, so I have to put my configuration in the [web] section:
[web]
address = ":8080"
readOnly = false
[backends]
[backends.back]
[backends.back.loadbalancer.stickiness]
cookieName = "backend"
[backends.back.servers.S000]
url = "http://HOST_IP_ADDRESS:30000"
weight = 1
[backends.back.servers.S001]
url = "http://HOST_IP_ADDRESS:30001"
weight = 1
[frontends]
[frontends.front]
backend = "back"
passHostHeader = true
But it's not initialized with those values. However if I use PUT to http://localhost:8091/api/providers/web I can see the web provider OK. And if I use this same configuration for [file] it works right (but I'm unable to update it via API)
Is there any web to initialize [web] backends/frontends?
web section is deprecated.
try this:
# Enable API and dashboard
[api]
# Name of the related entry point
entryPoint = "traefik"
# Enabled Dashboard
dashboard = true

Certificate specified in header with openUI5 for SSL connection

I am trying to figure out how can I connect to Odata with ssl certificate authentification. We are using it with openUI5. Application is running as mobile application.
I tried several connection types on mobile device:
http is working good
https with optional certificate works good
https with required certificate Cannot access data
I also tried several connection types from browser:
http is working good
https with optional certificate works good
https with required certificate Can access data
So i was thinking that when I specify the certificate inside of header when creating the oModel inside of the app, it would work. But I don't know how to specify it correctly.
I tried to access certificates using this class:
https://help.sap.com/saphelp_smp235/helpdata/en/94/78b8de6c9110149d2cd7d1ca6ec99d/content.htm
It looks like this:
var certStore = listAvailableCertificatesFromFileSystem();
var certPaths = certStore.listAvailableCertificatesFromFileSystem("/sdcard/", "p12");
var cert = certStore.getSignedCertificateFromFile(certPaths[0], servicePassword);
var headersMap = [];
headersMap["SSL_CLIENT_CERT"] = cert.signedCertificate; // here I dont know how could I access it.
this.oModel = new sap.ui.model.odata.v2.ODataModel(this.serviceUrl, {
user: serviceLogin,
password: servicePassword,
withCredentials: true,
disableHeadRequestForToken: false,
useBatch: false,
headers: headersMap // here i specify the header...
});
Thank you