diff --git a/defaults/main.yml b/defaults/main.yml
index ad381f9..98f9615 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -62,6 +62,11 @@ enable_tls: false
 acme_email: ""
 domain_name: ""
 
+# Enable basic auth for external node
+enable_basic_auth: false
+basic_auth_username: ""
+basic_auth_secret: ""
+
 # Force restore pg database
 force_pg_restore: false
 
diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2
index cd9a9c4..eb0a8fd 100644
--- a/templates/docker-compose.yaml.j2
+++ b/templates/docker-compose.yaml.j2
@@ -69,6 +69,10 @@ services:
       - "traefik.http.routers.external_node_health.rule=PathPrefix(`/`)"
       - "traefik.http.routers.external_node_health.entrypoints=external_node_health"
       - "traefik.http.routers.external_node_health.service=external_node_health"
+{% if enable_basic_auth %}
+      - "traefik.http.routers.external_node_main.middlewares=external_node_auth"
+      - "traefik.http.middlewares.external_node_auth.basicauth.users={{ basic_auth_username }}:{{ basic_auth_secret }}"
+{% endif %}
     expose:
       - {{ rpc_http_port }}
       - {{ rpc_ws_port }}