Does caddy support the Proxy-Authorization header for basic auth?

apitman · September 22, 2023, 7:50pm

If you want to protect all your apps with HTTP basic auth on your reverse proxy, but also have an app that uses basic auth which you don’t want to disable (either for added security or because it uses a different username, etc), you run into a problem because the app and the reverse proxy both want to use the Authorization header. See this Jellyfin issue0.

It seems like a good standard solution to this would be the Proxy-Authorization header, but I haven’t managed to find documentation for any major reverse proxies on whether this is supported.

Does Caddy support this?

francislavoie · September 22, 2023, 9:38pm

My understanding is that Proxy-Authorization is for forward proxies, not for reverse proxies. The GitHub - caddyserver/forwardproxy: Forward proxy plugin for the Caddy web server project uses that header, because it’s a forward proxy plugin, but reverse_proxy will not handle that.

I recommend using forward_auth instead, I think. You can use an app like Authelia to manage authentication.

apitman · September 25, 2023, 3:08pm

Ah gotcha, that would make sense. I agree forward auth is the correct solution to this problem. Unfortunately the Jellyfin backend doesn’t currently support it.

hangmanandhide · September 30, 2023, 6:05am

Could you not use https://authp.github.io/ Caddy Security?

system · October 30, 2023, 6:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.