Auth-portal user registration management

1. Caddy version (caddy version):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

a. System environment:

$ cat /etc/os-release 
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION="10 (buster)"

b. Command:

systemctl start caddy

c. Service/unit/compose file:

# caddy.service


ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile


d. My complete Caddyfile or JSON config:

$ caddy fmt /etc/caddy/Caddyfile

	storage file_system {
		root /opt/caddy/storage
	http_port 80
	https_port 443
} {
	log {
		level INFO
		format console
		output file /var/log/caddy/caddy.log
	# caddy auth portal login
	route /auth* {
		auth_portal {
			path /auth
			backends {
				local_backend {
					method local
					path /opt/caddy/auth/user_db.json
					realm local
			jwt {
				token_name access_token
				token_secret AnExampleSecretString123
				token_lifetime 43200
			ui {
				theme basic
				generic_template "/opt/caddy/templates/em20-tmpl/generic.template"
				login_template "/opt/caddy/templates/em20-tmpl/login.template"
				portal_template "/opt/caddy/templates/em20-tmpl/portal.template"
				register_template "/opt/caddy/templates/em20-tmpl/register.template"
				whoami_template "/opt/caddy/templates/em20-tmpl/whoami.template"
				settings_template "/opt/caddy/templates/em20-tmpl/settings.template"
				custom_css_path "/opt/caddy/css/custom.css"
				logo_url ""
				links {
					"Elite Manager" /
					"Auth Portal Settings" /auth/settings
					"who am i check" /auth/whoami
					"Add MFA Authentication App" /auth/settings/mfa/add/app
			registration {
				dropbox /opt/caddy/auth/registrations_db.json
				title "User Registration"
				code "NY2020"
	# grafana with modified base URL configuration for /gr running on port 3000 route with auth proxy & jwt authzn
	route /gr/* {
		jwt {
			enable claim headers
		reverse_proxy http://localhost:3000
	route /version* {
		respond * "2.0.0-a" 200
	# node-red dahsboard running on port 1880 route with integrated jwt and custom middleware
	route /ui/* {
		jwt {
			enable claim headers
		reverse_proxy http://localhost:1880
	# elite manager running on port 1081 route
	route /* {
		jwt {
			primary yes
			trusted_tokens {
				static_secret {
					token_name access_token
					token_secret AnExampleSecretString123
			enable claim headers
		reverse_proxy http://localhost:1081

3. The problem I’m having:

I’m trying to add the ability for administrators already in user_db.json to move registered users from registrations_db.json to user_db.json. It doesn’t look like this has been implemented, although there was some talk of it in this issue.

Ideally, it would be nice to have this feature implemented.

For a temporary workaround, I’d like to add a new template file to handle this functionality, then be able to use it by adding an entry to links that points to that template/path. This doesn’t seem possible according to how the routing/templating is done, which only allows the existing paths/templates to be used.

Is this something that could be extended with a plugin that ties into the auth portal? It would need to override some routing, as well as make the necessary db changes. I use JavaScript mostly, so I can only make so much sense of the Caddy Go code. If there would be a better way to do this, I’m all ears.

4. Error messages and/or full log output:


5. What I already tried:

Created new template test.template
Added the test template to Caddyfile under ui
Added a link to point to /auth/test under links
Navigate to /auth/test - 404 Not Found

6. Links to relevant resources:

@greenpau FYI

This requires some work. I was planning creating admin interface for approve/deny registrations and moving approved users to users db.

Did not have time to get to it yet.


That would be fantastic. Unfortunately it doesn’t seem like this is a huge deal for other people based on the low activity/reactions on the issue, so I fully understand why this may not be the highest priority - no judgement here.

I’ll check with the team to see what our next step should be. With no Go devs it may be difficult for us to work out a solution and contribute back, but we’ll see what we can come up with because this would be a great feature to have. Thanks Paul!

1 Like

@dczysz , current web pages are for the most part pure html. I wanted the “admin” page to be written in Angular. Did not have time to bring it to fruition yet, because I am focusing on MFA/U2F right now.

This topic was automatically closed after 30 days. New replies are no longer allowed.