1. The problem I’m having:
I’m trying to delegate authentication to Tailscale using the example found in the docs:
forward_auth unix//run/tailscale.nginx-auth.sock {
uri /auth
header_up Remote-Addr {remote_host}
header_up Remote-Port {remote_port}
header_up Original-URI {uri}
copy_headers {
Tailscale-User>X-Webauth-User
Tailscale-Name>X-Webauth-Name
Tailscale-Login>X-Webauth-Login
Tailscale-Tailnet>X-Webauth-Tailnet
Tailscale-Profile-Picture>X-Webauth-Profile-Picture
}
}
However, I keep getting the same kind of error. The example shown may not work anymore. Could anyone care to double-check?
2. Error messages
Here’s an extract from the tailscale.nginx-auth.service log:
Dec 05 12:51:25 vps-82c3232a tailscale.nginx-auth[2353]: 2024/12/05 12:51:25 can't look up 57.129.78.172:42306: 404 Not Found: no match for IP:port
Dec 05 12:52:33 vps-82c3232a tailscale.nginx-auth[2353]: 2024/12/05 12:52:33 can't look up 57.129.78.172:58304: 404 Not Found: no match for IP:port
Dec 05 12:55:22 vps-82c3232a tailscale.nginx-auth[2353]: 2024/12/05 12:55:22 can't look up 57.129.78.172:57454: 404 Not Found: no match for IP:port
3. Caddy version:
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
My complete Caddy config:
{
acme_dns ovh {
endpoint {$CREDENTIALS_DIRECTORY/ovh_endpoint}
application_key {$CREDENTIALS_DIRECTORY/ovh_app_key}
application_secret {$CREDENTIALS_DIRECTORY/ovh_app_secret}
consumer_key {$CREDENTIALS_DIRECTORY/ovh_consumer_key}
}
}
raud.ovh {
reverse_proxy localhost:8080
}
www.raud.ovh {
forward_auth unix//run/tailscale.nginx-auth.sock {
uri /auth
header_up Remote-Addr {remote_host}
header_up Remote-Port {remote_port}
header_up Original-URI {uri}
copy_headers {
Tailscale-User>X-Webauth-User
Tailscale-Name>X-Webauth-Name
Tailscale-Login>X-Webauth-Login
Tailscale-Tailnet>X-Webauth-Tailnet
Tailscale-Profile-Picture>X-Webauth-Profile-Picture
}
}
# redir https://raud.ovh{uri}
root * /usr/share/caddy
file_server
}