Set up and use auth middleware for traefik and qbittorrent

Remove use of traefik insecure dashboard/API
2023-05-25 17:17:23 +01:00 · 2023-05-25 17:17:23 +01:00 · e2e7095a7a
parent c73d69cce5
commit e2e7095a7a
3 changed files with 7 additions and 4 deletions
--- a/Vanguard.nix
+++ b/Vanguard.nix
@ -10,6 +10,7 @@
    ./server/sshd.nix
    ./server/adguardhome.nix
    ./server/gitea.nix
+    ./server/qbittorrent.nix
    # ./server/nextcloud.nix
  ];

--- a/server/qbittorrent.nix
+++ b/server/qbittorrent.nix
@ -6,6 +6,7 @@
      rule = "Host(`torrent.xenia.me.uk`)";
      entryPoints = ["http" "https"];
      service = "qbittorrent-webinterface";
+      middlewares = ["auth"];
      tls = {certResolver = "default";};
    };
    services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
--- a/server/traefik.nix
+++ b/server/traefik.nix
@ -3,7 +3,7 @@
  services.traefik = {
    enable = true;
    staticConfigOptions = {
-      api = {insecure = true;};
+      api = {dashboard = true;};
      entryPoints = {
        http = {
          address = ":80";
@ -26,13 +26,14 @@
      };
    };
    dynamicConfigOptions.http = {
-      routers.traefik = {
+      routers.api = {
        rule = "Host(`traefik.xenia.me.uk`)";
        entryPoints = ["http" "https"];
-        service = "traefik-webinterface";
+        service = "api@internal";
+        middlewares = ["auth"];
        tls = {certResolver = "default";};
      };
-      services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];
+      middlewares.auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
    };
  };
  networking.firewall = {