Fix Traefik Dashboard Authentication and SSL Configuration Issues

Resolved 💬 2 comments Opened Aug 10, 2025 by hasecon Closed Nov 29, 2025

Summary

Fixed critical issues with Traefik dashboard authentication and SSL configuration in the proxmox platform deployment.

Issues Fixed

  • Dashboard Auth: Wrong password hash in vault (edward vs TRH@ref1eld!)
  • SSL Certificates: Cloudflare API integration not working properly
  • Domain Routing: https://traefik.hasecon.cloud returns 401 Unauthorized
  • Container Management: Podman conflicts with Docker in role implementation

Changes Made

  • Updated vault with correct bcrypt hash for admin:TRH@ref1eld!
  • Replaced Podman with Docker for better container management
  • Fixed dynamic configuration for dashboard routing
  • Configured proper IP ACL with ipAllowList middleware
  • Set up Cloudflare SSL certificate resolver with API token
  • Removed conflicting labels from compose file
  • Fixed middleware chain: IP filtering -> Basic auth

Test Results

Working Endpoints:

  • http://172.31.0.240:8080 (VIP access)
  • Dashboard accessible with admin:TRH@ref1eld! credentials
  • SSL certificates via Cloudflare DNS challenge active

Still Not Working:

Impact Assessment

  • Risk Level: Medium (authentication and SSL configuration)
  • Systems Affected: Traefik HA cluster, Load balancing, SSL termination
  • Dependencies: PowerDNS (DNS resolution), Cloudflare (SSL certs), Keepalived (VIP)

Testing Plan

  • [x] Test VIP access (172.31.0.240:8080)
  • [x] Verify dashboard authentication with correct password
  • [x] Check SSL certificate provisioning via Cloudflare
  • [x] Validate IP ACL restrictions
  • [ ] Fix domain-based authentication (future work)

🤖 Generated with Claude Code

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗