1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
a. System environment:
$ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
b. Command:
systemctl start caddy
c. Service/unit/compose file:
# caddy.service
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
$ caddy fmt /etc/caddy/Caddyfile
{
storage file_system {
root /opt/caddy/storage
}
local_certs
http_port 80
https_port 443
}
https://10.0.0.114 {
log {
level INFO
format console
output file /var/log/caddy/caddy.log
}
# caddy auth portal login
route /auth* {
auth_portal {
path /auth
backends {
local_backend {
method local
path /opt/caddy/auth/user_db.json
realm local
}
}
jwt {
token_name access_token
token_secret AnExampleSecretString123
token_lifetime 43200
}
ui {
theme basic
generic_template "/opt/caddy/templates/em20-tmpl/generic.template"
login_template "/opt/caddy/templates/em20-tmpl/login.template"
portal_template "/opt/caddy/templates/em20-tmpl/portal.template"
register_template "/opt/caddy/templates/em20-tmpl/register.template"
whoami_template "/opt/caddy/templates/em20-tmpl/whoami.template"
settings_template "/opt/caddy/templates/em20-tmpl/settings.template"
custom_css_path "/opt/caddy/css/custom.css"
logo_url "https://envgrow.com/wp-content/blogs.dir/3/files/sites/3/2021/02/smallclearlogo-493x1024.png"
links {
"Elite Manager" /
"Auth Portal Settings" /auth/settings
"who am i check" /auth/whoami
"Add MFA Authentication App" /auth/settings/mfa/add/app
}
}
registration {
dropbox /opt/caddy/auth/registrations_db.json
title "User Registration"
code "NY2020"
}
}
}
# grafana with modified base URL configuration for /gr running on port 3000 route with auth proxy & jwt authzn
route /gr/* {
jwt {
enable claim headers
}
reverse_proxy http://localhost:3000
}
route /version* {
respond * "2.0.0-a" 200
}
# node-red dahsboard running on port 1880 route with integrated jwt and custom middleware
route /ui/* {
jwt {
enable claim headers
}
reverse_proxy http://localhost:1880
}
# elite manager running on port 1081 route
route /* {
jwt {
primary yes
trusted_tokens {
static_secret {
token_name access_token
token_secret AnExampleSecretString123
}
}
enable claim headers
}
reverse_proxy http://localhost:1081
}
}
3. The problem I’m having:
I’m trying to add the ability for administrators already in user_db.json to move registered users from registrations_db.json to user_db.json. It doesn’t look like this has been implemented, although there was some talk of it in this issue.
Ideally, it would be nice to have this feature implemented.
For a temporary workaround, I’d like to add a new template file to handle this functionality, then be able to use it by adding an entry to links
that points to that template/path. This doesn’t seem possible according to how the routing/templating is done, which only allows the existing paths/templates to be used.
Is this something that could be extended with a plugin that ties into the auth portal? It would need to override some routing, as well as make the necessary db changes. I use JavaScript mostly, so I can only make so much sense of the Caddy Go code. If there would be a better way to do this, I’m all ears.
4. Error messages and/or full log output:
N/A
5. What I already tried:
Created new template test.template
Added the test template to Caddyfile under ui
Added a link to point to /auth/test under links
Navigate to /auth/test - 404 Not Found