1. The problem I’m having:
I want to create VPN Server on AWS using EC2, that my plan is login with Microsoft Email and then I can SSH other EC2 with private IP,
so I use WireGuard with Caddy
How to Integrate it with WireGuard ?
3. Caddy version:
v2.8.4
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 24.04
d. My complete Caddy config:
{
debug
order authenticate before respond
order authorize before basicauth
security {
saml identity provider azure {
realm azure
driver azure
idp_metadata_location /etc/devvpn/auth/saml/idp/azure_ad_app_metadata.xml
idp_sign_cert_location /etc/devvpn/auth/saml/idp/azure_ad_app_signing_cert.pem
tenant_id "xxx"
application_id "xxx"
application_name "Dev VPN"
entity_id "urn:caddy:devvpn"
acs_url https://dev.vpn.example.com/auth/saml/azure
}
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify {env.JWT_SHARED_KEY}
enable identity provider azure
cookie domain dev.vpn.example.com
ui {
links {
"File Server" https://assetq.myfiosgateway.com/ icon "las la-star"
"My Identity" "/whoami" icon "las la-user"
}
}
transform user {
match realm azure
action add role authp/user
}
}
}
}
dev.vpn.example.com {
tls /home/ubuntu/caddy/server.crt /home/ubuntu/caddy/server.key
authenticate with myportal
}