I’ve been trying to solve the task that seemed simple at the beginning but I stuck.
I have a small home server with few services running and use caddy primarily as reverse-proxy. What I’m trying to achieve is caddy to redirect unauthorised users to login page and then back to the page they were requesting.
For example:
I was trying to solve it using login plugin and reath plugin with loginsrv as service:
…
reauth {
path /sonarr
failure redirect target=https://srv.com/login
upstream url=https://srv.com/login
}
proxy /login loginsrv:8080/login {
transparent
}
proxy /sonarr sonarr:8080 {
transparent
}
However it keeps redirecting me to login page after successful auth.
I would appreciate any help!
Sounds like your /login endpoint isn’t able to authenticate Caddy’s request. When you ping /sonarr, Caddy pings /login with basic auth, redirecting on failure.
While loginsrv integrates directly in caddy (awesome) it lacks most of the backends of oauth2_proxy including scope limitation (for example: When using GitHub as auth backend you want to limit access to users of a specific ORG).
Yes, I did. Loginsrv is unable to redirect to originally requested URL. For example, if I request /sonarr it redirects to /login firstly and after successful auth it redirects to /
So I have to request /sonarr once again.
I will be more than happy with basic, however I’d like to use custom login form, not browser window. All my services use no authentication, and what I’m trying to archive is to have auth frontend to protect them alltogether.
Thank you @magikstm
Yes, it works. I’m not very happy with requested url transferred openly as login page parameter, but my original question is solved indeed.