Fix Traefik Dashboard Authentication and SSL Configuration Issues
Resolved 💬 2 comments Opened Aug 10, 2025 by hasecon Closed Nov 29, 2025
Summary
Fixed critical issues with Traefik dashboard authentication and SSL configuration in the proxmox platform deployment.
Issues Fixed
- ❌ Dashboard Auth: Wrong password hash in vault (edward vs TRH@ref1eld!)
- ❌ SSL Certificates: Cloudflare API integration not working properly
- ❌ Domain Routing: https://traefik.hasecon.cloud returns 401 Unauthorized
- ❌ Container Management: Podman conflicts with Docker in role implementation
Changes Made
- Updated vault with correct bcrypt hash for admin:TRH@ref1eld!
- Replaced Podman with Docker for better container management
- Fixed dynamic configuration for dashboard routing
- Configured proper IP ACL with ipAllowList middleware
- Set up Cloudflare SSL certificate resolver with API token
- Removed conflicting labels from compose file
- Fixed middleware chain: IP filtering -> Basic auth
Test Results
✅ Working Endpoints:
- http://172.31.0.240:8080 (VIP access)
- Dashboard accessible with admin:TRH@ref1eld! credentials
- SSL certificates via Cloudflare DNS challenge active
❌ Still Not Working:
- https://traefik.hasecon.cloud (401 Unauthorized) - domain-based routing issue
Impact Assessment
- Risk Level: Medium (authentication and SSL configuration)
- Systems Affected: Traefik HA cluster, Load balancing, SSL termination
- Dependencies: PowerDNS (DNS resolution), Cloudflare (SSL certs), Keepalived (VIP)
Testing Plan
- [x] Test VIP access (172.31.0.240:8080)
- [x] Verify dashboard authentication with correct password
- [x] Check SSL certificate provisioning via Cloudflare
- [x] Validate IP ACL restrictions
- [ ] Fix domain-based authentication (future work)
🤖 Generated with Claude Code
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗