Caddy site password

I am always impressed on how powerful Caddy is. So first of all Thank you to the devleoper team.

I run several servers and utilise Caddy as a reverse proxy for many private self-hosted services, such as Editors, PDF managers, file servers, Log Analysers etc. Often those servers do not have a login functionality built in, so exposing them to the public is very risky. However, the latest feature I learned about Caddy is the simple password authentication in front of any web service I am exposing.

This works magic and is so easy to implement.

All I did is add a few words to my reverse proxy entry in Caddyfile and generate a password.

example.com {
	basic_auth {
		# Username "Bob", password "hiccup"
		Bob $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG
	}
	reverse_proxy http://your_backend
}

and for caddy you generate the

caddy hash-password --plaintext 'hiccup'

So thank you for making this so simple and intuitive.

2 Likes

Awesome! Thank you sharing what you learned and I’m sure others will find it helpful!

You maybe noticed that Caddy’s basic_auth is a bit different from other servers, because we require the passwords to be hashed. Most other servers, you just put the password in plaintext in your config. But as this essentially acts as a password database, we didn’t want to let your passwords be stored in plaintext in case of a lost/stolen config!

The hash makes the initial login slower, but after the first successful authentication, requests are fast again. And it is, in theory, more secure than what other servers do.

Thanks again for commenting!

1 Like