Node-red behind Traefik proxy problem

General
1

I have my Node-Red installation behind a traefik proxy using basicAuth.
With basicAuth middleware enabled i get the nodered banner and nothing more.
fqdn/ui shows my UI and works.

When i disable basicAuth as middleware in traefik, the nodered flows and gui works as normal.

Anyone knows how to fix this? Have tested a lot, but came no closer to a solution.

Traefik proxy configuration:

http:
  routers:
    router1:
      entryPoints:
      - "websecure"
      service: "nodered"
      rule: "Host(`nodered.......com`)"
      tls:
        certresolver: "letsencrypt"
      middlewares:
        - "iotlogin"

    nodered:
      loadBalancer:
        servers:
        - url: "http://192.168.99.30:1880"

  middlewares:
    iotlogin:
      basicAuth:
        removeHeader: false
        headerField: "X-WebAuth-User"
        users:
          - "test:1234"

The above config does not work , after removing the following, it works:

      middlewares:
        - "iotlogin"

Note that eg. are configuration items i have experimented with:

        removeHeader: false
        headerField: "X-WebAuth-User"

The same configuration works flawless with HomeAssistant.

1 Like
2

Not ever used Traefik as I use NGINX but I rather imagine that it means that the iotlogin function is failing. But without knowing more about what that is, hard to say. Isn't there any log output?

3

This is the error message in the browser console:

Source map error: Error: request failed with status 404
Resource URL: https://nodered......com/vendor/vendor.js?v=3.0.2
Source Map URL: purify.min.js.map

Error: Promised response from onMessage listener went out of scope

The vendor.js is accessible via the proxy.

Firefox, shows the black banner line.
Safari, shows the Node-red login dialogue but does not accept the username/password combination.

4

I suspect that the source map error isn't the issue here. That is really just a warning that the js files source map can't be found. It doesn't stop anything from working since a source map is purely optional.

But I don't think that the problem is at the browser end anyway. The actual problem, as I said, is almost certainly in the "iotlogin" middleware. You need to understand what that is or isn't doing and whether it is generating any log output on the server.

5

Thanks you for you time.
I will investigate further.

Cheers Peter

6

any insights on this?

7

No, i have not been pursuing a solution actively.
There are other issues that need more attention then this one.

Any hints to solve this are welcome though :slight_smile:

8

You mean beyond the one I already gave? :wink:

1 Like
9

the error your showed with purifi.min.js is somehow discussed and solved here:

another thing is the auth-users.
pwd must me encrypted, not like your example - "test:1234"
see docu: Traefik BasicAuth Documentation - Traefik

the pwd-hash must not be escaped in .yaml config,
but if the label-directive is used special chars must be escaped.
there is a lot on the web for this

does anything of this help?

edit:
spend 1/2 day with my config: that helped mit with the slash
-> Need URL rewrite to add trailing slash · Issue #563 · traefik/traefik · GitHub

10

Hi,

Thanks for the reply.

This is only a placeholder, i know i need to generate a hashed version.

This gives some nice insights, but i need to apply it to my installation.
My Node-red installation is not on the same machine as my traefik is.

Cheers, thanks !

11

my node-red instances are also on separate hardware.
so a redirect from traefik to the node-red makes it working.

image

good luck! cheers

12

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.