Grant access in a LAN


(Federico Bruni) #1

Surprisingly I could not find anything in the documentation nor in the FAQ. Perhaps I used the wrong keywords.
I’m trying to allow computers in the same LAN (range of IPs 10.0.20.x) to access the Caddy server installed in one of them. By default the other computers get a 404 when trying to open the web root directory.

In Apache this is achieved through the Require directive, e.g. Require 10.0.20 granted (see Access Control in apache doc).

How can I do this in Caddy?


(Donatas) #2

Short answer:

  1. Make use you can see A (server) and B (client) in your router.
  2. Note down A (server) internal IP (like 192.168.xxx.xxx)
  3. In B (client) add entry to your hosts file like this
    192.168.xxx.xxx your-caddy-server-domain-for-external-access.your-tld
  4. Enjoy :slight_smile:

p.s. I do this when I want to commit to my local Git Server based on GOGS and hosted on RPi3 with Caddy in front. Event SSL from LE works. Just don’t forget to add # (hash) in hosts file when you work/try to access A (server) from outside of lan.

Cheers


(Matt Holt) #3

You may also like the http.ipfilter plugin. :wink:


(Toby Allen) #4

Can you post your Caddyfile?

Can you view the root directory from the machine the server is on?

On the face of it there is no (Caddy) reason that other clients on the network should not be able to see your website, however there are lots of network config issues that may be preventing this.


(Federico Bruni) #5

http.filter seems exactly what I need.
Unfortunately I cannot make it work. Caddy validates the config file, but I cannot access any content. I’ve tried IPv4 CIDR ranges and also single IP. No luck.

I’ve tried debugging by using a single allowed IP. I used in turn, my IP first and then the IP of another computer in the LAN.
In both cases, when I try to open the web root in a browser, I get a “403 forbidden” on my computer and a "404 Site x.x.x.x is not served on this interface. Which is weird… I should get the forbidden error when I try to access from an IP not allowed.


(Federico Bruni) #6

Ok, I’m starting to figure out what’s going on.

ipfilter is not needed: caddy will serve files to other computers in the LAN, if in the Caddyfile I replace localhost:80 with my IP x.x.x.x:80.

But of course I don’t want to “lose” localhost.
I need to understand how to let Caddy work at the same time on locahost in my computer and on x.x.x.x for the other computers in the LAN.


(Federico Bruni) #7

Ok, all I had to do was adding the IP (or any hostname I want to use as alias, if defined in other computers’ hosts file) after localhost:80 in my Caddyfile:

localhost:80 mycomputer:80 x.x.x.x:80

Problem solved.


(Matt Holt) #8

If your site address is just a port (:2015), it will serve on all interfaces. Otherwise you can use the bind directive to listen on a specific interface.


(Federico Bruni) #9

Uh, then using the port only is concise and definitely better :grinning:


(system) #10

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.