How secure a redirect for only on reverse proxy site

1. The problem I’m having:

I have a site that need to secure or block the reverse proxy only part of - allow all access - admin site to protect

The issue is that the two URLS are two different ports.
I want to protect the admin site.

From what I can see there is no way to use a matcher or basic auth for just one reverse proxy site under a domain. It seems to be all or None

Caddy is working normally with everything else. The only issue is the need to lock down that admin site. I think I need to pipe this caddy into another caddy instance. so I can lock that site one down . Thx for your input

2. Error messages and/or full log output:


3. Caddy version: 2.7.6

4. How I installed and ran Caddy:

I used Docker to create my caddy service

a. System environment:


b. Command:

sudo docker run -d \
-p 443:443 \
-p 80:80 \
-v /etc/caddy/data:/data \
-v /etc/caddy/Caddyfile:/etc/caddy/Caddyfile \
--restart unless-stopped \
--name caddydec2023 \

c. Service/unit/compose file:

FROM caddy:2.7.6-builder-alpine AS builder
RUN xcaddy build \

FROM caddy:2.7.6-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

d. My complete Caddy config: {

	reverse_proxy /web* { #admin site that needs to be protected
		transport http {
    reverse_proxy #allow remote unprotected access 

5. Links to relevant resources:

You can wrap whole segments in route or handle with the reverse_proxy inside them. For example, {
     handle /web* {
        basicauth {
            <user> <hashed_pass>

        reverse_proxy /web* { 
		transport http {

    handle {
        reverse_proxy #allow remote unprotected access 

What handle does is enforce mutually-exclusive routing to ensure only one of the 2 handler chains is executed, not both, and to enable conditional chain of handlers as in your case.

1 Like

wow I works!
thanks so much! you saved me a bunch of time!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.