Auth and redirection

Hello everyone,

I’ve been trying to solve the task that seemed simple at the beginning but I stuck.
I have a small home server with few services running and use caddy primarily as reverse-proxy. What I’m trying to achieve is caddy to redirect unauthorised users to login page and then back to the page they were requesting.
For example:

  1. User requests
  2. User unauthorised? and then if everything is ok
  3. User authorised?

I was trying to solve it using login plugin and reath plugin with loginsrv as service:

reauth {
path /sonarr
failure redirect target=
upstream url=
proxy /login loginsrv:8080/login {
proxy /sonarr sonarr:8080 {

However it keeps redirecting me to login page after successful auth.
I would appreciate any help!

Sounds like your /login endpoint isn’t able to authenticate Caddy’s request. When you ping /sonarr, Caddy pings /login with basic auth, redirecting on failure.

What are you using for auth? Basic, cookies, JWT?

Did you try loginsrv as a caddy plugin?

Reauth wouldn’t be needed.

Which authentification provider do you wish to use?

I don’t know about OP’s needs but as far as I understand we both would love to see an nginx-like “auth_request” implementation in Caddy.

IMHO which works best with “auth_request” is IMHO the default auth-provider solution out there right now.

While loginsrv integrates directly in caddy (awesome) it lacks most of the backends of oauth2_proxy including scope limitation (for example: When using GitHub as auth backend you want to limit access to users of a specific ORG).

Yes, I did. Loginsrv is unable to redirect to originally requested URL. For example, if I request /sonarr it redirects to /login firstly and after successful auth it redirects to /
So I have to request /sonarr once again.

I will be more than happy with basic, however I’d like to use custom login form, not browser window. All my services use no authentication, and what I’m trying to archive is to have auth frontend to protect them alltogether.

Did you try loginsrv with redirect as well as redirect-query-parameter?

It was added recently and should be available in a future release.

Ref: Dynamic success URL · Issue #45 · tarent/loginsrv · GitHub

Thank you @magikstm
Yes, it works. I’m not very happy with requested url transferred openly as login page parameter, but my original question is solved indeed.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.