Forward_auth with strip_prefix

1. The problem I’m having:

Hi!

I’m trying to setup Syncthing behind Authelia on my home server.
Both Authelia and Syncthing are listening on subpaths like so:

my.domain {
    @authelia path /authelia /authelia/*
    handle @authelia {
        reverse_proxy 127.0.0.1:29091
    }

    redir /syncthing /syncthing/
    handle /syncthing/* {
        forward_auth 127.0.0.1:29091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
        }

        uri strip_prefix /syncthing
        reverse_proxy 127.0.0.1:8384
    }
}

Authorization works fine, but after it I get redirected to / instead of /syncthing/. It looks like X-Forwarded-URI header is filled with already stripped path (/) instead of the original one (/syncthing/).

Is there a way one can specify that prefix stripping must happen after forward_auth? I know that I can simply do header_up X-ForwardedURI /syncthing/ inside of forward_auth but this feels a little hacky. I also experimented with rewrite inside of reverse_proxy but it seems to only support prepending, not stripping.

2. Error messages and/or full log output:

3. Caddy version:

v2.9.1

4. How I installed and ran Caddy:

Built with xcaddy and running with systemd. This hardly seems relevant, though.

So the directive order list is here. uri works before forward_auth. You can use the route directive to evaluate the directives as a single unit, and in that order. You could also use the global option order, but I would only do that if you plan on always having to do this.

Is there a more efficient way of configuring your Caddyfile? No idea, I’m not that great at it.

route directive works fine. Thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.