There is an easy way to use base-auth for “securing” ingress access in Traefik, but, well - it’s base auth. It’s not that secure nor easy / nice to use in browsers, especially on mobile devices. So for long time, I was thinking how to integrate Traefik Ingress with an SSO (Single Sign-On) solution.
Prerequisites You will need some kind of SSO provider. I’m using Forgejo (a fork of Gitea). I didn’t need anything fancy, and I already had Gitea working, which had the OAuth2 provider out of the box.
Short guide how to use traefik-forward-auth to use SSO for any traefik ingress, so even simple dashboard with your self-hosted services can be hidden behind login.
Guide uses Forgejo / Gitea as OAuth2 provider, but you can go with whatever you already use.
This is great if you’re already using traefik ingress. Seems to be really easy to use after the initial setup. oauth2-proxy is another good project if you want to secure your endpoint regardless your ingress type.
This is great if you’re already using traefik ingress. Seems to be really easy to use after the initial setup. oauth2-proxy is another good project if you want to secure your endpoint regardless your ingress type.