Basic Auth Middleware

The configuration is slightly different for Standard Applications and Docker Compose based applications/one-click services.

Standard Applications

traefik.http.middlewares.<random_unique_name>.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNG
traefik.http.routers.<unique_router_name>.middlewares=<random_unique_name>

In the example above, we are using test as username and test as password.

You most likely have a traefik.http.middlewares label already set. In that case, you must append the <random_unique_name> middleware to the existing value. For example:

traefik.http.routers.<unique_router_name>.middlewares=gzip,<random_unique_name>

Note: The <random_unique_name> and <unique_router_name> are placeholders. You need to replace them when you add them to your own labels section. The <random_unique_name> is a unique name for the middleware and you need to make that up yourself. The <unique_router_name> is the unique name for the router that Coolify has already generated for you.

An ngnix Simple Web Container Example

Let’s say you have an ngnix simple web container that was generated by Coolify with the following Dockerfile:

FROM nginx:alpine
COPY . /usr/share/nginx/html

The Container Labels generated by Coolify would look like this:

traefik.enable=true
traefik.http.middlewares.gzip.compress=true
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
traefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.entryPoints=http
traefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.middlewares=redirect-to-https
traefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.rule=Host(`ngnixsite.mysite.com`) && PathPrefix(`/`)
traefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.service=http-0-wc04wo4ow4scokgsw8wow4s8
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.entryPoints=https
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.middlewares=gzip
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.rule=Host(`ngnixsite.mysite.com`) && PathPrefix(`/`)
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.service=https-0-wc04wo4ow4scokgsw8wow4s8
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.tls.certresolver=letsencrypt
traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.tls=true
traefik.http.services.http-0-wc04wo4ow4scokgsw8wow4s8.loadbalancer.server.port=80
traefik.http.services.https-0-wc04wo4ow4scokgsw8wow4s8.loadbalancer.server.port=80
caddy_0.encode=zstd gzip
caddy_0.handle_path.0_reverse_proxy={{upstreams 80}}
caddy_0.handle_path=/*
caddy_0.header=-Server
caddy_0.try_files={path} /index.html /index.php
caddy_0=https://ngnixsite.73rdst.com
caddy_ingress_network=coolify

If you want to add basic authentication to this service, assuming you want to name your auth middleware mybasicauth, you could add the following label below the first line traefik.enable=true:

traefik.http.middlewares.mybasicauth.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNG

Notice that mybasicauth has replaced the <random_unique_name> placeholder. In other words, you have named your own auth middleware mybasicauth.

Then you need to add the middleware to the router label, and since one or more middlewares are already set, you need to append the new middleware to the existing value.

For example you would update the current line

traefik.http.routers.http-0-wc04wo4ow4scokgsw8wow4s8.middlewares=redirect-to-https

to:

traefik.http.routers.https-0-wc04wo4ow4scokgsw8wow4s8.middlewares=gzip,mybasicauth

Notice that in this case <unique_router_name> has been replaced with https-0-wc04wo4ow4scokgsw8wow4s8 which is the unique name for the router that Coolify has already generated for you.

Your ngnix simple web container is protected by basic authentication.

Docker Compose And Services

To add basicauth middleware to your service, you need to add the following labels to your docker-compose.yml file.:

services:
  ngnix-simple-web-container::
    image: 'nginx:alpine'
    ports:
      - '8080:80'
    labels:
      - 'traefik.http.middlewares.<random_unique_name>.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNG'

You should replace the placeholders <random_unique_name> with a unique name for the middleware. For example, you might name it mybasicauth, and then replace the placeholder with mybasicauth. That label would then look like this:

    labels:
      - 'traefik.http.middlewares.mybasicauth.basicauth.users=test:$2y$12$ci.4U63YX83CwkyUrjqxAucnmi2xXOIlEF6T/KdP9824f1Rf1iyNG'

We have now added basicauth middleware to the nginx-simple-web-container service.

Your ngnix simple web container is protected by basic authentication with a username of test and password of test.

Note: When applying basic authentication labels, special characters like $, @, and , must be escaped to avoid parsing errors. That is for example, enclose the label values in quotes and use a backslash () before special characters if you’re using double quotes.

How to generate user/password?

You need to set your username and password in the basicauth.users label.

You can generate one with the htpasswd command:

htpasswd -nbB test test

This will generate a password hash for the user test with the password test. You can then replace test with the desired username and password. Then substitute the generated hash in the basicauth.users label above.

Note: the htpasswd command is available on most Linux distributions. It is part of the apache2-utils package on Debian/Ubuntu and can be found here.