Caddy to skip basic auth if the request is coming from an internal network

Help
1

1. The problem I’m having:

I have a caddy config that proxies requests from both my internal network and requests over the internet. So for each service on my machine, one will point to stream.home and stream.exampledomain.com. To make things simple, I created a homepage that has links to all my exampledomain.com links, however, it uses basic auth. Is there a way for caddy to only serve the basic auth page if the request is coming from outside the local network?

2. Error messages and/or full log output:

No error messages

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

Running via a docker container on a NAS.

a. System environment:

Unraid and docker.

b. Command:

Should run automatically with the container, but if not I run this:

caddy run -c /config/Caddyfile

d. My complete Caddy config:

www.exampledomain {
	reverse_proxy 192.168.1.50:3000
	basicauth {
		myname hashedpw
	}
}
watch.exampledomain {
	reverse_proxy 192.168.1.50:8096
	#basicauth {
	#myname hashedpw
	#}
}

download.exampledomain{
	reverse_proxy 192.168.1.50:8091
	basicauth {
		myname hashedpw
	}
}

jackett.exampledomain {
	reverse_proxy 192.168.1.50:9117
	basicauth {
		myname hashedpw
	}
}

tv.exampledomain {
	reverse_proxy 192.168.1.50:8989
	basicauth {
		myname hashedpw
		friend3 hashedpw
	}
}

movies.exampledomain {
	reverse_proxy 192.168.1.50:7878
	basicauth {
		myname hashedpw
		friend3 hashedpw
	}
}

books.exampledomain {
	reverse_proxy 192.168.1.50:8787
	basicauth {
		myname hashedpw
		friend3 hashedpw
	}
}

library.exampledomain {
	reverse_proxy 192.168.1.50:8083 {
		header_up X-Scheme https
	}
}

library-server.exampledomain {
	reverse_proxy 192.168.1.50:8084
	basicauth {
		myname hashedpw
		#friend1 hashedpw
		#friend2 hashedpw
	}
}

request.exampledomain {
	reverse_proxy 192.168.1.50:5055
	#basicauth {
	#myname hashedpw
	#}
}

home:80 {
	reverse_proxy 192.168.1.50:3000
}

watch.home:80 {
	reverse_proxy 192.168.1.50:8096
}

download.home:80 {
	reverse_proxy 192.168.1.50:8091
}

jackett.home:80 {
	reverse_proxy 192.168.1.50:9117
}

tv.home:80 {
	reverse_proxy 192.168.1.50:8989
}

movies.home:80 {
	reverse_proxy 192.168.1.50:7878
}

books.home:80 {
	reverse_proxy 192.168.1.50:8787
}

manage.home:80 {
	reverse_proxy 192.168.1.50/Main
}

library.home:80 {
	reverse_proxy 192.168.1.50:8083 {
		header_up X-Scheme https
	}
}

library-server.home {
	reverse_proxy 192.168.1.50:8084
}

request.home:80 {
	reverse_proxy 192.168.1.50:5055
}

5. Links to relevant resources:

2

Use request matchers. Request matchers (Caddyfile) — Caddy Documentation

You’ll need to define a named matcher not remote_ip private_ranges and apply it to basicauth.

3

Thank you! I didn’t really know what to do from this comment but I found your other post here and took this example:

stream.example.com {
	@not-local not remote_ip 192.168.1.0/24
	basicauth @not-local {
		user pw_hash
	}
	reverse_proxy 192.168.178.111:8080
}
1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.