ForwardAuth Middleware is not working in Traefik as API Gateway

Question

I am trying to run Traefik as an API gateway and want to trigger ForwardAuth middleware by using the following docker compose file but the middleware the auth endpoint is not being hit. I am using it with localhost.

version: '3'

services:
  reverse-proxy:
    image: traefik # The official Traefik docker image
    command: --api --docker # Enables the web UI and tells Traefik to listen to docker
    ports:
      - "80:80"     # The HTTP port
      - "8080:8080" # The Web UI (enabled by --api)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - $PWD/traefik.toml:/traefik.toml     

  whoami:
    image: emilevauge/whoami
    labels:
      - traefik.enable=true
      - "traefik.frontend.rule=Host:whoami.docker.localhost"
      - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
      - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
      - "traefik.http.middlewares.testauth.ForwardAuth.Address=http://localhost:55391/api/Auth"

Answer 1

I was struggling with this for a while as well, and couldn't find an answer anywhere other than fairly hidden in the Traefik docs. The ForwardAuth docs don't actually mention this, but looking at the middlewares overview configuration example I suddenly noticed that you not only have to specify the middleware, you also have to apply it to the router.

Adding this label to whoami service should do the trick:

- "traefik.http.routers.whoami.middlewares=testauth"

Note that you can also specify multiple middlewares here, by comma-separating them, so you could add the other middlewares you defined like so:

- "traefik.http.routers.whoami.middlewares=testauth,test-redirectscheme,test-replacepath"