3. The problem I’m having:
I’m setting code-server on a subdomain of a server I use for development, with the idea of being able to code also on an iPad. I want to password protect everything and I would like to use basicauth (or at least this is what I think is the best way).
On computers (various Windows and Macs) things seem to work, but on the iPad does not.
If I run the same configuration WITHOUT basicauth, on the iPad works as well.
With basicauth on the iPad I see a blank page after the password window.
I know that the iPad and code-server have this issue when using a self-signed certificate, so I guess https (which is necessary) has something to do with it.
4. Error messages and/or full log output:
5. What I already tried:
I’m new with Caddy, so at the beginning I thought I did something wrong on the configuration, but because it works on other devices I think that is correct, maybe something is missing, but I’m not sure what.
That’s not the right thing to do, you should be using caddy reload when making configuration changes (as long as Caddy is running with a valid config in the first place; can’t reload if it’s not running). Using caddy reload gets you zero-downtime config reloads.
The Caddyfile you posted doesn’t seem right, there’s lots of extra whitespace in there, and you have your closing } for basicauth tucked against the password. Whitespace is very important in the Caddyfile, Caddy might be reading the } as part of the password. Make sure the } is on its own line. You can also use the caddy fmt command to have it clean up the syntax for you automatically.
That said, if it worked on other devices, I don’t know why it doesn’t work on the iPad, that doesn’t seem like an issue with Caddy but rather an issue with Safari (and it’s known to have plenty of issues).
@francislavoie found the issue “I have recently found out (the hard way) that Safari (and in fact all browsers on iOS) will no longer ask for credentials when navigating from an HTTPS site to an HTTP site that requires authentication. Surprisingly it doesn’t give any security warnings (eg phishing warning), it just silently fails.”
@Olang, are you accessing the server via http or https?