If you want to protect all your apps with HTTP basic auth on your reverse proxy, but also have an app that uses basic auth which you don’t want to disable (either for added security or because it uses a different username, etc), you run into a problem because the app and the reverse proxy both want to use the Authorization header. See this Jellyfin issue0.
It seems like a good standard solution to this would be the Proxy-Authorization header, but I haven’t managed to find documentation for any major reverse proxies on whether this is supported.
Does Caddy support this?
My understanding is that
Proxy-Authorization is for forward proxies, not for reverse proxies. The GitHub - caddyserver/forwardproxy: Forward proxy plugin for the Caddy web server project uses that header, because it’s a forward proxy plugin, but
reverse_proxy will not handle that.
I recommend using
forward_auth instead, I think. You can use an app like Authelia to manage authentication.
Ah gotcha, that would make sense. I agree forward auth is the correct solution to this problem. Unfortunately the Jellyfin backend doesn’t currently support it.
Could you not use https://authp.github.io/ Caddy Security?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.