Works great!
I now have it like this:
handle_path /elasticsearch* {
basicauth bcrypt Elasticsearch {
import elasticsearch.auth
}
reverse_proxy http://elasticsearch:9200
}
It’s not as nice as htpasswd, though. htpasswd allows for easy UPDATING of passwords of a user. A simple printf "%s %s\n" "username" "$(caddy hash-password)" >> file.auth doesn’t cut it, as it would just add a line.
I guess some sort of sed or perl magic would be required here.
Or, instead of having ONE file with all the passwords, multiple files could be used, one per user, and then import elasticsearch.auth.*. In this case, removing a user would be as simple as rm elasticsearch.auth.username.