1. The problem I’m having:
In Guacamole (Using Guacamole — Apache Guacamole Manual v1.5.3) we can directly copy paste content without using the clipboard field (CTRL+SHIFT+ALT) on the page using this method on Firefox (async clipboard) : Firefox copy and paste with Apache Guacamole - sudoedit.com! (I tried
enabling more clipboard functionnality but still won’t work)
- This method is working well with Guacamole behind Nginx Reverse Proxy Manager in Docker (latest no tweak install).
- However with Caddy (2.7.4) Reverse proxy in Docker this feature is not working anymore.
- I’m using Authentik (goauthentik.io) forward auth.
2. Error messages and/or full log output:
No error logs in log even in debug mode (both Guacamole and Caddy)
3. Caddy version:
docker pull caddy:2.7.4
4. How I installed and ran Caddy:
linux x86_64 CentOS Stream 8
Docker Standalone (23.0.2 - API: 1.42)
docker-compose.yml :
version: "3.4"
services:
caddy:
image: [Docker local registry]/caddy:2.7.4
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- /opt/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
- /opt/docker/caddy/ssl:/etc/caddy/ssl #SSL directory
- /opt/docker/caddy/caddyfile.conf.d:/etc/caddy/caddyfile.conf.d #Currently Not used
- caddy_data:/data
- caddy_config:/config
volumes:
caddy_data:
caddy_config:
b. Command:
docker compose up -d
c. Service/unit/compose file:
d. My complete Caddy config:
{
debug
}
(R-authentik) {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* https://10.0.0.5 {
#header_up Host 443
transport http {
tls_insecure_skip_verify
}
}
# forward authentication to outpost
forward_auth https://10.0.0.5 {
uri /outpost.goauthentik.io/auth/caddy
transport http {
tls_insecure_skip_verify
}
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version authorization
# optional, in this config trust all private ranges, should probably be set to the outposts IP
#trusted_proxies private_ranges
}
}
(ssl) {
tls /etc/caddy/ssl/caddy_pem.pem /etc/caddy/ssl/caddy_key.pem
}
https://guacamole.external.[].intra {
import ssl
import R-authentik
redir / /guacamole/ 308
reverse_proxy http://guacamole.internal.[].intra:8080 {
flush_interval -1
}
}
5. Links to relevant resources:
Thank you for your help !