Blank page on iPad for code-server on subdomain with reverse_proxy and basicauth

1. Caddy version (caddy version):

v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

2. How I run Caddy:

a. System environment:

Ubuntu 18.04 LTS

b. Command:

After having changed the Caddyfile

caddy stop;
caddy adapt;
sudo caddy start;

c. Service/unit/compose file:

Not applicable

d. My complete Caddyfile or JSON config:

subdomain.my_site.com {                                                                           
                                                                                             
reverse_proxy localhost:8081                                                                 
                                                                                             
basicauth {                                                                                  
user hashed_password}                                                                                            
                                                                                             
} 

3. The problem I’m having:

I’m setting code-server on a subdomain of a server I use for development, with the idea of being able to code also on an iPad. I want to password protect everything and I would like to use basicauth (or at least this is what I think is the best way).

On computers (various Windows and Macs) things seem to work, but on the iPad does not.
If I run the same configuration WITHOUT basicauth, on the iPad works as well.
With basicauth on the iPad I see a blank page after the password window.
I know that the iPad and code-server have this issue when using a self-signed certificate, so I guess https (which is necessary) has something to do with it.

4. Error messages and/or full log output:

5. What I already tried:

I’m new with Caddy, so at the beginning I thought I did something wrong on the configuration, but because it works on other devices I think that is correct, maybe something is missing, but I’m not sure what.

6. Links to relevant resources:

That’s not the right thing to do, you should be using caddy reload when making configuration changes (as long as Caddy is running with a valid config in the first place; can’t reload if it’s not running). Using caddy reload gets you zero-downtime config reloads.

The Caddyfile you posted doesn’t seem right, there’s lots of extra whitespace in there, and you have your closing } for basicauth tucked against the password. Whitespace is very important in the Caddyfile, Caddy might be reading the } as part of the password. Make sure the } is on its own line. You can also use the caddy fmt command to have it clean up the syntax for you automatically.

That said, if it worked on other devices, I don’t know why it doesn’t work on the iPad, that doesn’t seem like an issue with Caddy but rather an issue with Safari (and it’s known to have plenty of issues).

Thanks for th suggestions on the formatting, I appreciate it.

Regarding the iPad, the problem happens with both Safari and Chrome.

No difference, all browsers on iOS are Safari under the hood, because of Apple’s monopolistic policies. The rest are just skins on top of Safari’s engine.

@Olang, if you want a simple authentication portal, you could use:

• GitHub - greenpau/caddy-auth-portal: Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.

Then, for the protection of the reverse proxy endpoint, you could use:

• GitHub - greenpau/caddy-authorize: Authorization Plugin for Caddy v2 (JWT/PASETO)

Full example is here:

@Olang, regarding your specific config, please try to refactor it as follows:

subdomain.my_site.com {                                                                           
  route {                                                           
    basicauth {                                                                                  
      user hashed_password
    }                                                                                            
    reverse_proxy localhost:8081                                                                                                                                                            
  }
}

@francislavoie, what comes to mind is whether Caddy sends WWW-Authenticate to a user? See WWW-Authenticate - HTTP | MDN

If it does not, then it explains the blank page.

… checked … it does send that header

@francislavoie found the issue “I have recently found out (the hard way) that Safari (and in fact all browsers on iOS) will no longer ask for credentials when navigating from an HTTPS site to an HTTP site that requires authentication. Surprisingly it doesn’t give any security warnings (eg phishing warning), it just silently fails.”

@Olang, are you accessing the server via http or https?

Blockquote @Olang, if you want a simple authentication portal, you could use:

Thanks I will try it, I’m new to Caddy, so this solution will require a little more time for me to implement it.

Blockquote @Olang, regarding your specific config, please try to refactor it as follows:

I tried it, unfortunately did not work.

@Olang, are you accessing the server via http or https?

I’m accessing it via https, as it is necessary for code-server.

This topic was automatically closed after 30 days. New replies are no longer allowed.