traefik/docs/content/middlewares/digestauth.md

# DigestAuth

Adding Digest Authentication
{: .subtitle } 

![BasicAuth](../assets/img/middleware/digestauth.png)

The DigestAuth middleware is a quick way to restrict access to your services to known users.

## Configuration Examples

```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```

```yaml tab="Kubernetes"
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-auth
spec:
  digestAuth:
    users:
    - test:traefik:a2688e031edb4be6a3797f3882655c05
    - test2:traefik:518845800f9e2bfb1f1f740ec24f074e
```

```json tab="Marathon"
"labels": {
  "traefik.http.middlewares.test-auth.digestauth.users": "test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
}
```

```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```

```toml tab="File (TOML)"
[http.middlewares]
  [http.middlewares.test-auth.digestAuth]
    users = [
      "test:traefik:a2688e031edb4be6a3797f3882655c05",
      "test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
    ]
```

```yaml tab="File (YAML)"
http:
  middlewares:
    test-auth:
      digestAuth:
        users:
        - "test:traefik:a2688e031edb4be6a3797f3882655c05"
        - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```

!!! tip 
   
    Use `htdigest` to generate passwords.

## Configuration Options

### `users`

The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.

!!! Note
    
    If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

### `usersFile`

The `usersFile` option is the path to an external file that contains the authorized users for the middleware.

The file content is a list of `name:realm:encoded-password`.

??? example "A file containing test/test and test2/test2"

    ```txt
    test:traefik:a2688e031edb4be6a3797f3882655c05
    test2:traefik:518845800f9e2bfb1f1f740ec24f074e
    ```

!!! Note
    
    If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

### `realm`

You can customize the realm for the authentication with the `realm` option. The default value is `traefik`. 

### `headerField`

You can customize the header field for the authenticated user using the `headerField`option.

Example "File -- Passing Authenticated User to Services Via Headers"

```yaml tab="Docker"
labels:
  - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
```

```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: my-auth
spec:
  digestAuth:
    # ...
    headerField: X-WebAuth-User
```

```yaml tab="Rancher"
labels:
  - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
```

```json tab="Marathon"
"labels": {
  "traefik.http.middlewares.my-auth.digestauth.headerField": "X-WebAuth-User"
}
```

```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth]
  # ...
  headerField = "X-WebAuth-User"
```

```yaml tab="File (YAML)"
http:
  middlewares:
    my-auth:
      digestAuth:
        # ...
        headerField: "X-WebAuth-User"
```

### `removeHeader`

Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00			`# DigestAuth`

			`Adding Digest Authentication`
			`{: .subtitle }`

			`![BasicAuth](../assets/img/middleware/digestauth.png)`

			`The DigestAuth middleware is a quick way to restrict access to your services to known users.`

			`## Configuration Examples`

Enhance middleware examples. 2019-03-29 11:34:05 +00:00			```yaml tab="Docker"
			`labels:`
Adds middlewares examples for k8s. 2019-04-03 12:32:04 +00:00			`- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"`
			```

			```yaml tab="Kubernetes"
			`# Declaring the user list`
			`apiVersion: traefik.containo.us/v1alpha1`
			`kind: Middleware`
			`metadata:`
			`name: test-auth`
			`spec:`
			`digestAuth:`
			`users:`
			`- test:traefik:a2688e031edb4be6a3797f3882655c05`
			`- test2:traefik:518845800f9e2bfb1f1f740ec24f074e`
Enhance middleware examples. 2019-03-29 11:34:05 +00:00			```

Handle TCP in the marathon provider Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com> 2019-04-15 16:22:07 +00:00			```json tab="Marathon"
			`"labels": {`
			`"traefik.http.middlewares.test-auth.digestauth.users": "test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"`
			`}`
			```

Update the middleware documentation 2019-04-08 15:14:08 +00:00			```yaml tab="Rancher"
			`labels:`
			`- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"`
			```

doc: improve examples. 2019-07-22 07:58:04 +00:00			```toml tab="File (TOML)"
Enhance middleware examples. 2019-03-29 11:34:05 +00:00			`[http.middlewares]`
Adds middlewares examples for k8s. 2019-04-03 12:32:04 +00:00			`[http.middlewares.test-auth.digestAuth]`
			`users = [`
			`"test:traefik:a2688e031edb4be6a3797f3882655c05",`
			`"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",`
			`]`
Enhance middleware examples. 2019-03-29 11:34:05 +00:00			```
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
doc: improve examples. 2019-07-22 07:58:04 +00:00			```yaml tab="File (YAML)"
			`http:`
			`middlewares:`
			`test-auth:`
			`digestAuth:`
			`users:`
			`- "test:traefik:a2688e031edb4be6a3797f3882655c05"`
			`- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"`
			```

Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00			`!!! tip`

			Use `htdigest` to generate passwords.

			`## Configuration Options`

Use the same case everywhere 2019-07-01 09:30:05 +00:00			### `users`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
			The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.

			`!!! Note`

			If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

Use the same case everywhere 2019-07-01 09:30:05 +00:00			### `usersFile`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
			The `usersFile` option is the path to an external file that contains the authorized users for the middleware.

			The file content is a list of `name:realm:encoded-password`.

			`??? example "A file containing test/test and test2/test2"`

Review documentation 2019-04-24 15:44:04 +00:00			```txt
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00			`test:traefik:a2688e031edb4be6a3797f3882655c05`
			`test2:traefik:518845800f9e2bfb1f1f740ec24f074e`
			```

			`!!! Note`

			If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

Use the same case everywhere 2019-07-01 09:30:05 +00:00			### `realm`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
			You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.

Use the same case everywhere 2019-07-01 09:30:05 +00:00			### `headerField`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
			You can customize the header field for the authenticated user using the `headerField`option.

Adds middlewares examples for k8s. 2019-04-03 12:32:04 +00:00			`Example "File -- Passing Authenticated User to Services Via Headers"`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
Adds middlewares examples for k8s. 2019-04-03 12:32:04 +00:00			```yaml tab="Docker"
			`labels:`
			`- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"`
			```

			```yaml tab="Kubernetes"
			`apiVersion: traefik.containo.us/v1alpha1`
			`kind: Middleware`
			`metadata:`
			`name: my-auth`
			`spec:`
			`digestAuth:`
			`# ...`
			`headerField: X-WebAuth-User`
			```

Update the middleware documentation 2019-04-08 15:14:08 +00:00			```yaml tab="Rancher"
			`labels:`
			`- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"`
			```

Review documentation 2019-04-24 15:44:04 +00:00			```json tab="Marathon"
			`"labels": {`
			`"traefik.http.middlewares.my-auth.digestauth.headerField": "X-WebAuth-User"`
			`}`
			```

doc: improve examples. 2019-07-22 07:58:04 +00:00			```toml tab="File (TOML)"
Adds middlewares examples for k8s. 2019-04-03 12:32:04 +00:00			`[http.middlewares.my-auth.digestAuth]`
			`# ...`
			`headerField = "X-WebAuth-User"`
			```
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
doc: improve examples. 2019-07-22 07:58:04 +00:00			```yaml tab="File (YAML)"
			`http:`
			`middlewares:`
			`my-auth:`
			`digestAuth:`
			`# ...`
			`headerField: "X-WebAuth-User"`
			```

Use the same case everywhere 2019-07-01 09:30:05 +00:00			### `removeHeader`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00
			Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)