1. Caddy version (caddy version
):
docker image caddy:2.3.0
2. How I run Caddy:
docker-compose.yml
caddy:
image: caddy:2.3.0
container_name: caddy
ports:
- "80:80"
- "443:443"
- "3000:3000"
- "9090:9090"
- "9093:9093"
- "9091:9091"
volumes:
- ./caddy:/etc/caddy
- caddy_data:/data
env_file:
./.env
environment:
- ADMIN_USER=${ADMIN_USER:-admin}
- ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin}
- ADMIN_PASSWORD_HASH=${ADMIN_PASSWORD_HASH:-JDJhJDE0JE91S1FrN0Z0VEsyWmhrQVpON1VzdHVLSDkyWHdsN0xNbEZYdnNIZm1pb2d1blg4Y09mL0ZP}
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
a. System environment:
$ docker-compose --version
docker-compose version 1.25.5, build unknown
$ uname -a
Linux <mydomain>.com 4.15.0-143-generic #147-Ubuntu SMP Wed Apr 14 16:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
b. Command:
sudo docker restart caddy
c. Service/unit/compose file:
caddy:
image: caddy:2.3.0
container_name: caddy
ports:
- "80:80"
- "443:443"
- "3000:3000"
- "9090:9090"
- "9093:9093"
- "9091:9091"
volumes:
- ./caddy:/etc/caddy
- caddy_data:/data
env_file:
./.env
environment:
- ADMIN_USER=${ADMIN_USER:-admin}
- ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin}
- ADMIN_PASSWORD_HASH=${ADMIN_PASSWORD_HASH:-JDJhJDE0JE91S1FrN0Z0VEsyWmhrQVpON1VzdHVLSDkyWHdsN0xNbEZYdnNIZm1pb2d1blg4Y09mL0ZP}
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
prometheus:
image: prom/prometheus:v2.26.0
container_name: prometheus
volumes:
- ./prometheus:/etc/prometheus
- prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
- '--web.external-url=http://<mydomain>:9090/'
restart: unless-stopped
expose:
- 9090
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
d. My complete Caddyfile or JSON config:
current:
{
# email to use on Let's Encrypt
email email@domain.com
# Uncomment for debug
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
#debug
}
(basic-auth) {
basicauth {
{$ADMIN_USER} {$ADMIN_PASSWORD_HASH}
}
}
prometheus.jump.<domain>.com {
import basic-auth
reverse_proxy prometheus:9090
}
alertmanager.jump.<domain>.com {
import basic-auth
reverse_proxy alertmanager:9093
}
pushgateway.jump.<domain>.com {
import basic-auth
reverse_proxy pushgateway:9091
}
grafana.jump.<domain>.com {
reverse_proxy grafana:3000
}
jump.<domain>.com
3. The problem I’m having:
Gitlab provides me with the following information when I set up an “application” to provide OAuth parameters, in order to use them in external applications :
- Application ID : generated by gitlab
- Secret : generated by gitlab
- Callback URL : https://grafana.jump..com/login/gitlab
For instance, I configured this in grafana by adding the following environment variables :
- GF_AUTH_GITLAB_ENABLED=true
- GF_AUTH_GITLAB_ALLOW_SIGNUP=true
- GF_AUTH_GITLAB_CLIENT_ID=<redacted>
- GF_AUTH_GITLAB_CLIENT_SECRET=<redacted>
- GF_AUTH_GITLAB_SCOPES=read_user,read_api
- GF_AUTH_GITLAB_ALLOWED_GROUPS=<redacted>
I am trying to understand how to modify my Caddyfile in order to make use of the HTTP.Login provider published as supporting Gitlab OAuth here : Http.login v1.3.0: adds Gitlab OAuth provider, updates Google OAuth Endpoints
but I can’t even find the documentation of this http.login plugin.
I stumbled upon GitHub - greenpau/caddy-authorize: Authorization Plugin for Caddy v2 (JWT/PASETO) too, but I can’t make sens of how the few parameters gitlab provides me matches what is required with this plugin.
I found Docker Caddy v2 and Google oAuth - #9 by francislavoie (btw, would be useful in a general documentation on how to use plugins), but the OAuth part is even more blurry with this other plugin.
Any help or pointers would be appreciated !
Thanks in advance !
4. Error messages and/or full log output:
N/A
5. What I already tried:
N/A