Caddy v2 support "auth-request" like mode that nginx has?

I would like to use Caddy instead of Nginx (mainly for the simpler configuration) in some places. In particular, I’m looking to setup an oauth2-proxy and it looks like I need nginx in front to allow it to do authorization “sub requests”. I can’t seem to find any documentation around whether or not Caddy supports “auth-request mode” like nginx does.

1. My Caddy version (caddy version):

v2

6. Links to relevant resources:

https://nginx.org/en/docs/http/ngx_http_auth_request_module.html

https://oauth2-proxy.github.io/oauth2-proxy/configuration#configuring-for-use-with-the-nginx-auth_request-directive

I think @greenpau can help here - he’s being doing a lot of work on authentication modules lately.

I’m pretty certain this isn’t something Caddy can do yet, but it’s very much possible with plugin modules.

@francislavoie thanks for the response. I had a hard time finding a list of plugins for Caddy2. No such list appears on the website.

Yeah – there’s no such list yet, Caddy v2 is still pretty new. This’ll be set up eventually, it’s not the top priority right now.

Best thing you could do is search github for packages related to Caddy that were updated recently. Something like this: Search · caddy · GitHub

@ghostsquad, this is not something I have in my pipeline at the moment, but I can certainly entertain it.

@ghostsquad, it is not that hard to do.

No rush. I’m looking at some other alternatives to nginx at the moment, and it looks like Traefik will work well I think for my use case of needing an authenticating ingress.

Oh, this looks kind of fun and easy to implement.

How long do we have to convince you to use Caddy?

I like simple. Traefik might be a good solution for other things, and possibly a long term solution as an ingress for us. I still try to look at Caddy first anytime I think I might need nginx. The V2 documentation is still a bit sparse right now. Regardless, I support the project

What specifically are you looking for?

We often get off-hand comments like these, but that doesn’t really tell us what we need to improve. Can you give any specifics?

@francislavoie ya happy to explain.

The examples here could get you in trouble if you aren’t aware that if you are running Caddy on a production server or in Docker, that you should bind to 0.0.0.0 instead. Is this Caddy’s fault for someone not knowing this? certainly not, but sometimes having good working examples helps. Or at least more examples with explanations of the situation in which to use them.

Redir shows some examples, one of which uses {uri}. But with no link to explain what {uri} is, or what other expression-like options might exist. In fact, I still don’t know where to find more information about `{uri}’

I did find some other variables though by chance by reading through “conventions” (Conventions — Caddy Documentation) then clicking on a link in there, which brings you to tome json http documentation (a bit confusing for those not writing config in json), and scroll down to find this: JSON Config Structure - Caddy Documentation

Some of the directives also list multiple option parameters, which is a bit confusing like this:

request_header [<matcher>] [[+|-]<field> [<value>|<find>] [<replace>]]

1. This assumes you are already familiar with request matchers, but if you are reading the documentation from top to bottom, the explanation of request matchers comes after the reference to directives.

2. If I only want to provide the list of fields, as is the second parameter, do I need to also provide a matcher? since these aren’t “named” parameters, there must be some convention or syntax that must be different in order to differentiate between the parameters. But this is a bit confusing, and not really explained. Additionally, there is only 1 example for this directive, and I definitely think there should be more.

I’d love to see more full examples of the Caddy configuration in both formats that show various use cases. To help people get up and running faster.

Would also be very interested in this feature! I use Nginx as a reverse proxy with webauthn to secure access to my internal apps and projects, having Caddy handle the HTTPS part would be a big plus in terms of maintenance.

@pierr3, @ghostsquad, if you are still interested in OAuth backend, please create a feature request in GitHub - greenpau/caddy-auth-portal: Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico. and I will add OAuth proxy as a backend.

@pierr3, I use Caddy as reverse proxy for Prometheus. see https://github.com/greenpau/gatekeeper/blob/master/assets/conf/Caddyfile_forms.json for an example.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.