Hi guys, I have searched the forum, but it seems like no one is trying to run caddy+authentik+elasticsearch. Maybe this config is impossible to do, I have tried (and failed) with a couple of different configs and trying to use AI to help me. But all failed, so this is my last hope.
1. The problem I’m having:
I have elastic search behind caddy as a reversed proxy. It used to work great. The problem is that I have also included authentik in the mix, which partly works great.
@usergroup1 header X-Authentik-Groups *user_1*
handle @usergroup1 {
reverse_proxy 127.0.0.1:5601 {
# Add specific header for user requests
header_up Authorization "Basic XXXXXX"
}
}
@usergroup2 header X-Authentik-Groups *user_2*
handle @usergroup2 {
reverse_proxy 127.0.0.1:5601 {
# Add specific header for user requests
header_up Authorization "Basic XXXXX"
}
}
}
handle_path /elastic/* {
@usergroup1 header X-Authentik-Groups *user_1*
reverse_proxy @usergroup1 http://localhost:9200 {
header_up Authorization "Basic XXXXXXXX"
}
@usergroup2 header X-Authentik-Groups *user_2*
reverse_proxy @usergroup2 http://localhost:9200 {
header_up Authorization "Basic XXXXXXX"
}
reverse_proxy http://localhost:9200 {
}
}
The first part works fine, it sends the correct header and everything works in Kibana.
The second part doesnt work, it seems that the matching doesnt work and I end up with the fallback on the end.
Maybe there isnt supposed to work?
2. Error messages and/or full log output:
{"level":"info","ts":1740552290.0746903,"logger":"http.log.access.log2","msg":"handled request","request":{"remote_ip":"185.209.199.142","remote_port":"64434","client_ip":"185.209.199.142","proto":"HTTP/3.0","method":"GET","host":"app.carboncompute.com","uri":"/elastic/travels_alias*/_search","headers":{"Accept-Encoding":["gzip, deflate, br, zstd"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Not(A:Brand\";v=\"99\", \"Google Chrome\";v=\"133\", \"Chromium\";v=\"133\""],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Mode":["navigate"],"Priority":["u=0, i"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["sv-SE,sv;q=0.9"],"Cookie":["REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h3","server_name":"app.carboncompute.com"}},"bytes_read":0,"user_id":"","duration":0.00469852,"size":236,"status":403,"resp_headers":{"Server":["Caddy"],"Content-Type":["application/json"],"Content-Encoding":["gzip"],"Content-Length":["236"],"Date":["Wed, 26 Feb 2025 06:44:50 GMT"]}}
{"level":"info","ts":1740552290.1635275,"logger":"http.log.access.log2","msg":"handled request","request":{"remote_ip":"185.209.199.142","remote_port":"64434","client_ip":"185.209.199.142","proto":"HTTP/3.0","method":"GET","host":"app.carboncompute.com","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["same-origin"],"Cookie":["REDACTED"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Ch-Ua-Mobile":["?0"],"Referer":["https://app.carboncompute.com/elastic/travels_alias*/_search"],"Accept-Language":["sv-SE,sv;q=0.9"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Fetch-Dest":["image"],"Sec-Ch-Ua":["\"Not(A:Brand\";v=\"99\", \"Google Chrome\";v=\"133\", \"Chromium\";v=\"133\""],"Sec-Fetch-Mode":["no-cors"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Priority":["u=1, i"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h3","server_name":"app.carboncompute.com"}},"bytes_read":0,"user_id":"","duration":0.036097866,"size":25931,"status":200,"resp_headers":{"Content-Type":["image/x-icon"],"Server":["Caddy"],"Date":["Wed, 26 Feb 2025 06:44:50 GMT"],"Vary":["RSC, Next-Router-State-Tree, Next-Router-Prefetch"],"X-Nextjs-Cache":["HIT"],"Cache-Control":["public, max-age=0, must-revalidate"]}}
3. Caddy version: v2.8.4
4. How I installed and ran Caddy:
I installed Caddy as a ubuntu package. Packaged by Matthew Holt.
a. System environment:
Running Ubuntu 24.04.2 LTS
b. Command:
Running through systemd.