Caddyfile set password securely

(xoron) #1

i have only started to use caddy and i am trying to figure out how to create an endpoint with a secure basicauth configured.

given a configuration like this: {
    basicauth / testuser testpassword
    proxy /

i want to know how i can make it so that the password is secured and not in plain text.

i have created a docker secret called TEST_PASSWORD which is imported to a file at the location /run/secrets/TEST_PASSWORD. the content of this file is the password.

according to the documentation, the import directive will read content of the file and replace the line. {
    basicauth / testuser import /run/secrets/TEST_PASSWORD
    proxy /

but this does not work. i have also tried with the line:

  • basicauth / testuser {import /run/secrets/TEST_PASSWORD}
  • basicauth / testuser {%import /run/secrets/TEST_PASSWORD%}

does anyone know what i am doing wrong here?

(Matthew Fay) #2

While import is special in that it can be outside of a site definition block, it remains like all other directives in that it must be top-level (it can’t be part of another directive).

Here’s one idea for a workaround: while you can’t use import to read a file’s contents into an arbitrary directive value, you can read environmental variables in this way:

You could try using on startup to export the contents of the file to some environmental variable and immediately read it back into your basicauth configuration.

Alternately, you might consider http.login, which - among other sources - can optionally read from a htpasswd file.