Node-red behind Traefik proxy problem

I have my Node-Red installation behind a traefik proxy using basicAuth.
With basicAuth middleware enabled i get the nodered banner and nothing more.
fqdn/ui shows my UI and works.

When i disable basicAuth as middleware in traefik, the nodered flows and gui works as normal.

Anyone knows how to fix this? Have tested a lot, but came no closer to a solution.

Traefik proxy configuration:

http:
  routers:
    router1:
      entryPoints:
      - "websecure"
      service: "nodered"
      rule: "Host(`nodered.......com`)"
      tls:
        certresolver: "letsencrypt"
      middlewares:
        - "iotlogin"

    nodered:
      loadBalancer:
        servers:
        - url: "http://192.168.99.30:1880"

  middlewares:
    iotlogin:
      basicAuth:
        removeHeader: false
        headerField: "X-WebAuth-User"
        users:
          - "test:1234"

The above config does not work , after removing the following, it works:

      middlewares:
        - "iotlogin"

Note that eg. are configuration items i have experimented with:

        removeHeader: false
        headerField: "X-WebAuth-User"

The same configuration works flawless with HomeAssistant.

1 Like

Not ever used Traefik as I use NGINX but I rather imagine that it means that the iotlogin function is failing. But without knowing more about what that is, hard to say. Isn't there any log output?

This is the error message in the browser console:

Source map error: Error: request failed with status 404
Resource URL: https://nodered......com/vendor/vendor.js?v=3.0.2
Source Map URL: purify.min.js.map

Error: Promised response from onMessage listener went out of scope

The vendor.js is accessible via the proxy.

Firefox, shows the black banner line.
Safari, shows the Node-red login dialogue but does not accept the username/password combination.

I suspect that the source map error isn't the issue here. That is really just a warning that the js files source map can't be found. It doesn't stop anything from working since a source map is purely optional.

But I don't think that the problem is at the browser end anyway. The actual problem, as I said, is almost certainly in the "iotlogin" middleware. You need to understand what that is or isn't doing and whether it is generating any log output on the server.

Thanks you for you time.
I will investigate further.

Cheers Peter

any insights on this?

No, i have not been pursuing a solution actively.
There are other issues that need more attention then this one.

Any hints to solve this are welcome though :slight_smile:

You mean beyond the one I already gave? :wink:

1 Like

the error your showed with purifi.min.js is somehow discussed and solved here:

another thing is the auth-users.
pwd must me encrypted, not like your example - "test:1234"
see docu: Traefik BasicAuth Documentation - Traefik

the pwd-hash must not be escaped in .yaml config,
but if the label-directive is used special chars must be escaped.
there is a lot on the web for this

does anything of this help?

edit:
spend 1/2 day with my config: that helped mit with the slash
-> Need URL rewrite to add trailing slash · Issue #563 · traefik/traefik · GitHub

Hi,

Thanks for the reply.

This is only a placeholder, i know i need to generate a hashed version.

This gives some nice insights, but i need to apply it to my installation.
My Node-red installation is not on the same machine as my traefik is.

Cheers, thanks !

my node-red instances are also on separate hardware.
so a redirect from traefik to the node-red makes it working.

image

good luck! cheers