Caddy v2 not directive not recognized

1. My Caddy version (caddy version):

v2.0.0-beta.15

2. How I run Caddy:

I run caddy from the command line.

a. System environment:

  • Ubuntu 18.04.3 LTS

b. Command:

caddy run --config /etc/caddy/Caddyfile --adapter caddyfile

d. My complete Caddyfile or JSON config:

@not_localnet {
      not {
               remote_ip 192.168.254.0/24
        }
   }

:8888
{
        reverse_proxy / 192.168.254.9:8082 
}

3. The problem I’m having:

I want to use basicauth only then requests are not originating in the local subnet. Therefor I tried to configure a matcher to achieve that.

Acording to this posting I think my syntax should be correct.

4. Error messages and/or full log output:

 caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
2020/03/11 16:40:32.877	INFO	using provided configuration	{"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
run: adapting config using caddyfile: /etc/caddy/Caddyfile:2: unrecognized directive: not

5. What I already tried:

I tried different versions beta13 tru beta15

6. Links to relevant resources:

Please take a look at Caddyfile Concepts — Caddy Documentation

Your Caddyfile has a few syntax issues. Primarily, matcher blocks must appear within a site block, and you need to reference the matcher on the directives you wish to apply them to.

I think this is closer to what you’re looking to do:

:8888 {
    @not_localnet {
        not {
            remote_ip 192.168.254.0/24
        }
    }
    reverse_proxy @not_localnet 192.168.254.9:8082 
}

I think even better would be:

:8888 {
    @localnet {
        remote_ip 192.168.254.0/24
    }
    respond @localnet "Access denied" 403 {
        close
    }

    reverse_proxy 192.168.254.9:8082
}

With this approach, it will return status 403 to the IPs you want to reject, and allow traffic through otherwise.

You may need to tweak this to work to your liking.

1 Like

Thank you for your hints. I had the impression I could define the matcher outside of a site block and reuse it for multiple sites. My intended use of the matcher is for a basicauth directive which I will try next.

BTW: Your config works just fine. Thanks a lot!

You can use snippets (see the docs) to define pieces of config and reuse them by importing the snippet into the site block.

Great!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.