1. The problem I’m having:
I am trying to set a basic auth for a reverse_proxy i am running. But creating the Hash and setting the basicauth option for the host has no effect at all, User is never prompted to enter Username/Password
2. Error messages and/or full log output:
# Caddy log
[root@proteus carnager]# caddy run --config /etc/caddy/Caddyfile
2023/04/18 19:20:08.576 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2023/04/18 19:20:08.581 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/04/18 19:20:08.581 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/04/18 19:20:08.581 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00049aaf0"}
2023/04/18 19:20:08.581 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2023/04/18 19:20:08.582 INFO http enabling HTTP/3 listener {"addr": ":443"}
2023/04/18 19:20:08.582 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/04/18 19:20:08.582 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/04/18 19:20:08.582 INFO http enabling automatic TLS certificate management {"domains": MY_DOMAIN}
2023/04/18 19:20:08.582 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2023/04/18 19:20:08.585 INFO tls finished cleaning storage units
2023/04/18 19:20:08.587 INFO autosaved config (load with --resume flag) {"file": "/root/.local/share/caddy/autosave.json"}
2023/04/18 19:20:08.587 INFO serving initial configuration
# curl output
* Trying 88.198.115.32:443...
* Connected to DOMAIN port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=DOMAIN
* start date: Apr 15 19:54:05 2023 GMT
* expire date: Jul 14 19:54:04 2023 GMT
* subjectAltName: host "DOMAIN matched cert's "DOMAIN"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: DOMAIN]
* h2h3 [user-agent: curl/8.0.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x5639515b9ea0)
> GET / HTTP/2
> Host: DOMAIN
> user-agent: curl/8.0.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 401
< alt-svc: h3=":443"; ma=2592000
< permissions-policy: interest-cohort=()
< referrer-policy: no-referrer
< server: Caddy
< strict-transport-security: max-age=31536000;
< www-authenticate: Basic realm="restricted"
< content-length: 0
< date: Tue, 18 Apr 2023 19:20:39 GMT
<
* Connection #0 to host DOMAIN left intact
3. Caddy version:
2.6.4
4. How I installed and ran Caddy:
Arch Linux package
a. System environment:
b. Command:
caddy run --config /etc/caddy/Caddyfile
d. My complete Caddy config:
(basic-auth) {
basicauth /* {
User $HASH
}
}
foo.domain.tld {
import basic-auth
reverse_proxy localhost:8081
import global
}