Basicauth not work in route

bjdaijun · May 25, 2021, 8:59am

1. Caddy version (`caddy version`):

2.4

2. How I run Caddy:

systemctl start caddy

a. System environment:

ubuntu

b. Command:

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

:8081 {
 route /api/* {
                rate_limit {remote.host} 5r/m
                reverse_proxy http://localhost:7000
                basicauth  {
                        Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
                }
        }
}

3. The problem I’m having:

I want to proxy /api to http://localhost:7000 with basicauth protect, but
basicauth not work in this situation, I don’t know how to config basic auth in route

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

francislavoie · May 25, 2021, 9:42am

Please post your full, unredacted config. We can’t help you if you omit important information.

And what do you mean by “doesn’t work”? Be specific. What happens?

What are in your logs?

The help topic template is there for a reason, please properly fill it out.

bjdaijun · May 25, 2021, 9:55am

sorry , I missed :8081{}
by this config, when I request /api/*, the reverse_proxy works, and responsed with correct data. But my browser did not propmt a auth dialog.

And I tried another config way:

:8081 {

         route /api/* {
                rate_limit {remote.host} 5r/m
                reverse_proxy http://localhost:7000
        }
        basicauth /api/* {
        Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
        }

}

and this config works fine. It prompted a basicauth dialog.And after I fill it with username and password, It response correct.

francislavoie · May 25, 2021, 1:53pm

I suggest you read the docs for the route directive to understand what it does:

Directives built-in to Caddy are ordered according to this predetermined directive order. Directives from plugins do not get assigned an order, so you need to use either route or the order global option to assign them one.

When you placed basicauth at the end of route, then the reverse_proxy directive ran first and prevented basicauth from running, because it’s a terminal handler (i.e. no other handlers run after that one if it runs).

I think you want to have rate_limit before basicauth though, because otherwise Caddy will check the password before checking the rate limits, and checking passwords is relatively expensive in terms of CPU workload.

So either of these configs would work for you:

:8081 {
	route /api/* {
		rate_limit {remote_host} 5r/m
		basicauth {
			Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
		}
		reverse_proxy http://localhost:7000
	}
}

Or with the order global option:

{
	order after basicauth
}

:8081 {
	rate_limit /api/* {remote_host} 5r/m
	basicauth /api/* {
		Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
	}
	reverse_proxy /api/* http://localhost:7000
}

Also I don’t think you had the right placeholder (i.e. {remote.host}) so I fixed it to {remote_host}. See the list of Caddyfile placeholder shortcuts here: Caddyfile Concepts — Caddy Documentation

bjdaijun · May 26, 2021, 1:08am

It works. Thanks alot!

system · June 24, 2021, 8:59am

This topic was automatically closed after 30 days. New replies are no longer allowed.