Global caddyfile matcher

Help
1

1. Caddy version (caddy version):

v2.3.0

2. How I run Caddy:

Using debian’s systemctl re/start caddy

a. System environment:

debian stretch, systemd

b. Command:

systemctl start caddy

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

# Caddyfile
import ./gonic

# gonic
http://gonic.lan {
	@blocked {
		not {
			remote_ip fd9b:3f17:1e9::a89
		}
	}

	respond @blocked "no" 403
	reverse_proxy /* 127.0.0.1:8765
}

3. The problem I’m having:

Trying to have a global level ip filter but i’m unsure about how i can have a global matcher (@blocked) for all imported caddy files.

Moving from nginx, this could be done in something like this using nginx:

# allowedIps.conf
allow ip1;
allow ip2;
deny all;

# nginx server config
include allowedIPs.conf

I get this if i try moving the @blocked matcher to the Caddyfile and have it respond there. Can anyone help direct me to a way where i can specify the allowed IPs in one place and have it be inherited by the rest of the imported caddyfiles?
Thanks!

4. Error messages and/or full log output:

validate: adapting config using caddyfile: cannot define a matcher outside of a site block: ‘@blocked

5. What I already tried:

# caddyfile
@blocked {
	not {
		remote_ip fd9b:3f17:1e9::a89
	}
}

respond @blocked "no" 403

import ./gonic

# gonic
http://gonic.lan {
	reverse_proxy /* 127.0.0.1:8765
}

6. Links to relevant resources:

2

You can define a snippet with some common things, then import it into your various sites:

It would look something like this (I also cleaned up some of your syntax):

(blocking) {
	@blocked not remote_ip fd9b:3f17:1e9::a89
	respond @blocked "no" 403
}

http://gonic.lan {
	import blocking
	reverse_proxy 127.0.0.1:8765
}
1 Like
3

Thank you @francislavoie! That was exactly what i needed!

1 Like
4

This topic was automatically closed after 30 days. New replies are no longer allowed.