From 6271ec1ee93cf20a402b29e3ccbce7139f89d060 Mon Sep 17 00:00:00 2001
From: Nicco <hi@nicco.io>
Date: Mon, 7 Oct 2024 10:58:41 +0200
Subject: [PATCH] add basic auth example

---
 examples/traefik/README.md | 42 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/examples/traefik/README.md b/examples/traefik/README.md
index 6fd5dbc..127d02d 100644
--- a/examples/traefik/README.md
+++ b/examples/traefik/README.md
@@ -2,7 +2,7 @@
 
 Assumptions:
 
-- Traefik 2 installed.
+- Traefik 2/3 installed.
 - External proxy docker network `proxy`.
 - A certificate resolver `le`.
 - A https entrypoint `secure`.
@@ -34,3 +34,43 @@ services:
       - traefik.http.routers.cryptgeon.entrypoints=secure
       - traefik.http.routers.cryptgeon.tls.certresolver=le
 ```
+
+## With basic auth
+
+Some times it's useful to hide the service behind auth. This is easily achieved with traefik middleware. Many reverse proxies support similar features, so while traefik is used in this example, other reverse proxies can do the same.
+
+```yaml
+services:
+  traefik:
+    image: traefik:v3.0
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+    ports:
+      - "80:80"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  redis:
+    image: redis:7-alpine
+
+  cryptgeon:
+    image: cupcakearmy/cryptgeon
+    depends_on:
+      - redis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.cryptgeon.rule=Host(`cryptgeon.localhost`)"
+      - "traefik.http.routers.cryptgeon.entrypoints=web"
+      - "traefik.http.routers.cryptgeon.middlewares=cryptgeon-auth"
+      - "traefik.http.middlewares.cryptgeon-auth.basicauth.users=user:$$2y$$05$$juUw0zgc5ebvJ00MFPVVLujF6P.rcEMbGZ99Jfq6ZWEa1dgetacEq"
+```
+
+```bash
+docker compose up -d
+```
+
+1. Open http://cryptgeon.localhost
+2. Log in with user and secret