How setup "Basic authentication" (for preprod only) but keep "/healthcheck" accessible?

Help
2

You can probably configure your CADDY_SERVER_EXTRA_DIRECTIVES variable for your PRE-PROD like this:

	@preprod_auth {
		not path /healthcheck
	}

	handle @preprod_auth {
		basic_auth {
			Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
		} 
	}

For PROD, just leave it empty.

Here’s a quick demo:

:80 {

	{$CADDY_SERVER_EXTRA_DIRECTIVES}

	respond "My PHP code"
}

PRE-PROD:

$ export CADDY_SERVER_EXTRA_DIRECTIVES="$(cat <<'EOF'
	@preprod_auth {
		not path /healthcheck
	}

	handle @preprod_auth {
		basic_auth {
			Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
		} 
	}
	EOF
)"

$ caddy run

$ curl http://localhost/healthcheck
My PHP code

$ curl http://localhost/ -I
HTTP/1.1 401 Unauthorized
Server: Caddy
Www-Authenticate: Basic realm="restricted"
Date: Thu, 18 Dec 2025 00:05:04 GMT

$ curl http://localhost/ -u Bob:hiccup
My PHP code

PROD:

$ export CADDY_SERVER_EXTRA_DIRECTIVES=""
$ caddy run

$ curl http://localhost/healthcheck
My PHP code

$ curl http://localhost/
My PHP code

This might help for setting the env variable value in a container deployment:

1 Like