1. The problem I’m having:
I have a caddy json file formatted for multiple routes and I need to apply basic authentication on the /api route
2. Error messages and/or full log output:
I can’t find a tutorial to explain how to do this inside a JSON Caddy file
3. Caddy version:
v2.7.6
4. How I installed and ran Caddy:
a. System environment:
Docker
b. Command:
caddy run --config /etc/caddy/caddy.json
c. Service/unit/compose file:
d. My complete Caddy config:
{
"admin": {
"listen": ":2019"
},
"logging": {
"logs": {
"default": {
"level": "INFO",
"encoder": {
"format": "console"
}
}
}
},
"apps": {
"tls": {
"automation": {
"policies": [{
"issuers": [{
"module": "acme",
"challenges": {
"dns": {
"provider": {
"name": "digitalocean",
"auth_token": "{env.DNS_PROVIDER_API_TOKEN}"
}
}
}
}]
}]
}
},
"http": {
"http_port": 5000,
"https_port": 443,
"servers": {
"main": {
"logs": {},
"listen": [":5000", ":443"],
"@id": "main_server",
"automatic_https": {
"disable": true,
"disable_redirects": true
},
"routes": [
{
"@id": "client_hosts",
"match": [{"host":["*.{env.CUSTOM_SUBDOMAIN}"]}],
"handle": [{
"@id": "clients",
"handler": "subroute",
"routes": [
{
"@id": "invalid_subdomain",
"match": [{"host":["*.{env.CUSTOM_SUBDOMAIN}"]}],
"handle": [{
"handler": "static_response",
"status_code": "404",
"body": "Invalid subdomain\n"
}]
}
]
}]
},
{
"@id": "root_host",
"match": [{"host":["{env.CUSTOM_SUBDOMAIN}"]}],
"handle": [{
"handler": "subroute",
"routes": [
{
"@id": "healthcheck",
"match": [{ "path": ["/healthcheck/"] }],
"handle": [{
"handler": "static_response",
"body": "OK\n"
}]
},
{
"@id": "api",
"match": [{
"path": ["/api/*"],
"remote_ip": {
"ranges": ["{env.API_CONSUMER_ORIGIN}"]
}
}],
"handle": [{
"handler": "subroute",
"routes": [
{
"@id": "api_strip_prefix",
"handle": [{
"handler": "rewrite",
"strip_path_prefix": "/api"
}]
},
{
"@id": "api_redirect",
"handle": [{
"handler": "reverse_proxy",
"upstreams": [{
"dial": "localhost:2019"
}]
}]
}
]
}]
}
]
}]
}
]
}
}
}
}
}
5. Links to relevant resources:
https://caddyserver.com/docs/caddyfile/directives/basicauth
https://caddy.community/t/how-do-i-use-basic-auth-to-secure-api-endpoints/10373