1. Output of caddy version:
v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=
2. How I run Caddy:
I run caddy installed through the apt repo with xcaddy and the github.com/greenpau/caddy-security and github.com/caddy-dns/cloudflare modules installed.
a. System environment:
OS: Ubuntu 22.04.1 LTS x86_64
Host: X9DRi-LN4+/X9DR3-LN4+ 0123456789
Kernel: 5.15.0-47-generic
Packages: 1226 (dpkg), 6 (snap)
Shell: bash 5.1.16
CPU: Intel Xeon E5-2690 v2 (40) @ 3.600GHz
GPU: 08:01.0 Matrox Electronics Systems Ltd. MGA G200eW WPCM450
Memory: 12736MiB / 84527MiB
b. Command:
sudo systemctl start caddy.service
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
(cloudflare) {
tls {
dns cloudflare X36XzkCjmhFUyAKfafMooYZ6Zm8x1k1JwgoXh675
}
}
:80 {
# Set this path to your site's directory.
root * /usr/share/caddy
# Enable the static file server.
file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
}
#security {
# authorization policy admin {
#
# set auth url https://xanderland.tv/auth
# crypto key token name organizr_token_uuid
# crypto key verify organizrHash
# set token sources cookie
# validate bearer header
#
# # Log any admin
# acl rule {
# match iss Organizr
# match role Admin
# allow stop log info
# }
#
# # Log any denied
# acl rule {
# match iss any
# deny log warn
# }
# }
#
# authorization policy user {
#
# set auth url https://xanderland.tv/auth
# crypto key token name organizr_token_uuid
# crypto key verify organizrHash
# set token sources cookie
# validate bearer header
#
# # Log any admin/user
# acl rule {
# match iss Organizr
# match role Admin User
# allow stop log info
# }
#
# # Log any denied
# acl rule {
# match iss any
# deny log warn
# }
# }
#}
xanderland.tv {
#10.0.0.10:80 {
root * /var/www/websites/organizr
php_fastcgi unix//run/php/php8.1-fpm.sock
rewrite /api/v2/* /api/v2/index.php?{query}
file_server
# Subdirectory
#route /requests/* {
# uri strip_prefix /requests
# reverse_proxy http://127.0.0.1:5055
# #import cloudflare
#}
}
# Subdomain
#tautulli.xanderland.tv {
# route /tautulli* {
# #authorize with admin
# reverse_proxy localhost:8181
# }
#}
#xanderland.tv {
#requests.xanderland.tv {
# #route /ombi* {
# #reverse_proxy http://127.0.0.1:5000
# #redir / /ombi
# route /overseerr*
# #redir / /requests
# reverse_proxy http://127.0.0.1:5055
# import cloudflare
#}
requests.xanderland.tv {
route /overseerr*
#redir / /requests
reverse_proxy http://127.0.0.1:5055
import cloudflare
}
comics.xanderland.tv {
reverse_proxy http://127.0.0.1:8616
import cloudflare
redir / /comics
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
3. The problem I’m having:
I am trying to get the security and authorization to work on my organizr setup. No matter what I do I cannot get it to run. I get the same ‘authorization not recognized’ error every time. I am starting to think there’s something wrong with organizr’s code. I unfortunately do not know how to code well so I pretty much just copy + pasted it
4. Error messages and/or full log output:
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: caddy.HomeDir=/var/lib/caddy
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: caddy.Version=v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: runtime.GOOS=linux
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: runtime.GOARCH=amd64
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: runtime.Compiler=gc
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: runtime.NumCPU=40
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: runtime.GOMAXPROCS=40
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: runtime.Version=go1.18.1
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: os.Getwd=/
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: LANG=en_US.UTF-8
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: NOTIFY_SOCKET=/run/systemd/notify
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: HOME=/var/lib/caddy
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: LOGNAME=caddy
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: USER=caddy
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: INVOCATION_ID=d42a617e1ec241e78ed8af57e912d088
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: JOURNAL_STREAM=8:176557
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: SYSTEMD_EXEC_PID=106813
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: {"level":"info","ts":1662698236.5191967,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Sep 09 04:37:16 xeon.xanderland.tv caddy[106813]: run: adapting config using caddyfile: /etc/caddy/Caddyfile:34: unrecognized directive: authorization
Sep 09 04:37:16 xeon.xanderland.tv systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
5. What I already tried:
Honestly I probably haven’t tried much. I’m dyslexic and it took me literally all day to realized I hadn’t install the security module correctly. I’m still not 100% sure I did. The documentation on organizr is terrible. All I want to do is get this working so I can control my server when I leave the house. My guess is I missed something obvious, but at this point I really don’t know where to go. I am very new to this