I’m serving a static site from a Caddy-based Docker container (in Kubernetes)
The Caddyfile isn’t included in the image, I provide it to Caddy using “-conf” pointing to a Docker-mounted path from the host, because the config varies slightly between prod/staging/dev (trying to follow good 12 Factor best practices here )
Actually the only difference between the prod/staging Caddyfile is that the staging one has “basicauth” enabled and prod doesn’t.
Here’s my problem : I still need to health check the Caddy container from Kubernetes on some path WITHOUT basic auth.
The ideal way to do that would be if this suggestion was implemented : Basic auth path exception?.
Something like that would be perfect :
basicauth user pass { / not /healthcheck.json }
But it doesn’t exist… so the way I achieved this was by explicitly listing all paths that need to be protected (ugly!)
basicauth {$AUTH_USER} {$AUTH_PASSWORD} {
/blabla.html
/blabla2.html
/index.html
}
The trouble is : I also want basicauth to apply to index.html, **including when the original request is “/” **
And unfortunately :
basicauth /
matches everything, not just “/” which serves index.html
So, my solution so far was to do this just before basicauth : explicitly rewrite “/” to “index.html”, then catch it in the basicauth section :
# Explicitly rewrite / to index.html so we can limit basicauth to it.
# Otherwise “basicauth /” catches everything
rewrite / /index.html
basicauth {$AUTH_USER} {$AUTH_PASSWORD} {
/blabla.html
/blabla2.html
/index.html
}
This worked fine in 0.9, unfortunately this now causes a redirect loop in 0.10 because “/” is no longer an exact match in the rewrite directive
My clever workaround is no longer working
Any ideas to solve this ? Basically I tried to use “rewrite” to work around a “basicauth” limitation, but now even rewrite doesn’t let me do what I need
Thanks