1. Caddy version (caddy version
):
v2.2.0
2. How I run Caddy:
Installed via the CentOS tutorials and changing the /etc/caddy/Caddyfile
a. System environment:
OS: CentOS stream
b. Command:
systemctl reload caddy
c. Service/unit/compose file:
N/A
d. My complete Caddyfile or JSON config:
## Caddyfile
snipe-it {
root * /var/www/snipe-it/public
encode gzip zstd
file_server
php_fastcgi unix//run/php-fpm/www.sock {
env HTTP_AUTHORIZATION {>Authorization}
}
}
3. The problem I’m having:
I have tried to adapt the information from this post on php-fpm authorization header, but I could not get it to authorize. The errors I get are 401: Unauthorized
from the webconsole from a request like:
https://snipe-it/api/v1/groups?search=&sort=name&order=asc&offset=0&limit=20&searchable%5B%5D=id&searchable%5B%5D=name&searchable%5B%5D=users_count&searchable%5B%5D=created_at
The provided .htaccess
for snipe-it
is:
## .htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Uncomment these two lines to force SSL redirect in Apache
# RewriteCond %{HTTPS} off
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Security Headers
# Header set Strict-Transport-Security "max-age=2592000" env=HTTPS
# Header set X-XSS-Protection "1; mode=block"
# Header set X-Content-Type-Options nosniff
# Header set X-Permitted-Cross-Domain-Policies "master-only"
</IfModule>
Options -Indexes
I would also want to confirm whether: the first and second rules are already included in the default php_fastcgi
. With the current Caddyfile it navigates without a problem so I assume it is set automatically. The third rule however seems to not be working with the present file, and I don’t have the webdev expertise to understand what and how that rule should be set in caddy.
Any hints are appreciated. I have also tried to use Caddy as a reverse-proxy to an apache server, however I have a problem with mixed http/https redirection (other webapps have the same problem for me), which I also don’t know how to properly solve, which is why I am trying to move completely to caddy as a webserver.
4. Error messages and/or full log output:
https://snipe-it/api/v1/groups?search=&sort=name&order=asc&offset=0&limit=20&searchable%5B%5D=id&searchable%5B%5D=name&searchable%5B%5D=users_count&searchable%5B%5D=created_at
401: Unauthorized
5. What I already tried:
Using the Caddyfile above and redirecting to apache server.