1. Caddy version (caddy version
):
2.3.0
2. How I run Caddy:
my.site.ngo {
reverse_proxy app:80
}
a. System environment:
docker-compose
b. Command:
c. Service/unit/compose file:
caddy:
image: caddy:2.3.0
expose:
- "80"
- "443"
ports:
- 80:80
- 443:443
volumes:
- $PWD/caddy2/Caddyfile:/etc/caddy/Caddyfile:ro```
3. The problem I’m having:
Revisiting https://caddy.community/t/caddy-v2-support-auth-request-like-mode-that-nginx-has/7678:
Is there a way to:
- get request
/abc/def/
- forward request (or headers) to
auth_app:81/auth/
- if 200, continue to reverse proxy to
full_app:82/xyz/def/
- if not 200, go to
403
In nginx, it’d be something like:
location /abc/ {
auth_request auth_app:81/auth/
error_page 403 /login_error_handler/?upon_success=$request_uri
proxy_pass full_app:82/xyz
With Caddyfile, I can only see as far as:
site.ngo {
reverse_proxy full_app:82/xyz
}
4. Error messages and/or full log output:
5. What I already tried:
It looked like there was a belief that this would be fun and easy in Caddy v2 support "auth-request" like mode that nginx has?
The alternative of the recommended plugin introduces its own auth / account / rbac system. It seems like a large dependency and unclear how to have it instead use the app-defined account system. In general, while interesting as an idea, not a clear fit for using an app’s auth. In contrast, nginx’s auth_request
is a quite thin separation of concerns, but I couldn’t map it to Caddy’s directives.
Have recommendations changed here for using Caddy to do surface-level auth checks that reuse internal routes? I’m thinking the simplest path is we can implement an internal redirection service to mimic what a plugin might do…