From e2e7095a7af9ddb1160d2a9a12775d61ff52defd Mon Sep 17 00:00:00 2001 From: Evie Litherland-Smith Date: Thu, 25 May 2023 17:17:23 +0100 Subject: [PATCH] Set up and use auth middleware for traefik and qbittorrent Remove use of traefik insecure dashboard/API --- Vanguard.nix | 1 + server/qbittorrent.nix | 1 + server/traefik.nix | 9 +++++---- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Vanguard.nix b/Vanguard.nix index 1a3a6a21..17af0f4b 100644 --- a/Vanguard.nix +++ b/Vanguard.nix @@ -10,6 +10,7 @@ ./server/sshd.nix ./server/adguardhome.nix ./server/gitea.nix + ./server/qbittorrent.nix # ./server/nextcloud.nix ]; diff --git a/server/qbittorrent.nix b/server/qbittorrent.nix index 1efc40de..e8d894f6 100644 --- a/server/qbittorrent.nix +++ b/server/qbittorrent.nix @@ -6,6 +6,7 @@ rule = "Host(`torrent.xenia.me.uk`)"; entryPoints = ["http" "https"]; service = "qbittorrent-webinterface"; + middlewares = ["auth"]; tls = {certResolver = "default";}; }; services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}]; diff --git a/server/traefik.nix b/server/traefik.nix index b2346413..cf009e6a 100644 --- a/server/traefik.nix +++ b/server/traefik.nix @@ -3,7 +3,7 @@ services.traefik = { enable = true; staticConfigOptions = { - api = {insecure = true;}; + api = {dashboard = true;}; entryPoints = { http = { address = ":80"; @@ -26,13 +26,14 @@ }; }; dynamicConfigOptions.http = { - routers.traefik = { + routers.api = { rule = "Host(`traefik.xenia.me.uk`)"; entryPoints = ["http" "https"]; - service = "traefik-webinterface"; + service = "api@internal"; + middlewares = ["auth"]; tls = {certResolver = "default";}; }; - services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}]; + middlewares.auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."]; }; }; networking.firewall = {