Hello, hope you’re all doing well.
I’m not sure how to format a Caddyfile for what I want, or if what I want is even possible currently.
I have a number of web apps running on a single server, on different ports.
I have Caddy set up as a transparent reverse proxy, giving each app a subdomain.
Ideally, I’d like to emulate Single Sign-On with basicauth - that is, once a user authenticates using basicauth at one subdomain, they won’t be prompted to reauthenticate at any other subdomain.
This can be done with Apache, as this StackOverflow answer details .
I was looking at basicauth Realms as a possible solution, but I’m not sure what the syntax for subdomains as realms would be, or if it would work.
Here’s a sample Caddyfile for what I have currently, without basicauth:
Caddyfile
www.vopeful.xyz, vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:8088 {
}
}
app1.vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:2222 {
transparent
}
}
app2.vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:2435 {
transparent
}
}
app3.vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:8765 {
transparent
}
}
app4.vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:5643 {
transparent
}
}
app5.vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:6665 {
transparent
}
}
app6.vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:6666 {
transparent
}
}
app7.vopeful.xyz {
tls hello@vopeful.com
proxy / localhost:7777 {
transparent
}
}
Thank you in advance for any pointers you can provide!
As far as I know, and supported by the StackOverflow link you’ve provided, this is not possible with basic auth, not even for Apache.
The answers on StackOverflow actually suggest using http digest auth instead.
I don’t believe Caddy has this functionality yet, but here’s an open issue here and an open pull request here you can look into.
1 Like
magikstm
(Magikstm)
October 31, 2017, 2:00am
3
loginsrv (a Caddy plugin) can do single sign-on for multiple subdomains.
Unsure it fits all your specs as I don’t use proxies with it.
See: GitHub - tarent/loginsrv: JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
2 Likes
The relevant Caddy plugin is http.login - combine with http.jwt .
Also see further documentation .
Might work pretty well, actually. Don’t see why it wouldn’t play nice with a proxy.
2 Likes
Whitestrake:
As far as I know, and supported by the StackOverflow link you’ve provided, this is not possible with basic auth, not even for Apache.
The answers on StackOverflow actually suggest using http digest auth instead.
I don’t believe Caddy has this functionality yet, but here’s an open issue here and an open pull request here you can look into.
Correct, sorry for the poor phrasing on my part. Thanks for the links, I will give these a look when I have some free time.
Whitestrake:
The relevant Caddy plugin is http.login - combine with http.jwt.
Also see further documentation.
Might work pretty well, actually. Don’t see why it wouldn’t play nice with a proxy.
This looks extremely promising, thank you both! Will hopefully have more time to experiment throughout the week, but I’ll make sure to report back with a working config if I’m successful.
1 Like
system
(system)
Closed
January 29, 2018, 6:06am
6
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.