Is Basic HTTP Auth valid for Upstreams?

The documentation is specific about request variables and paths in a http upstream not being valid (reverse_proxy (Caddyfile directive) — Caddy Documentation)
ie http://server/folder/?variable=X however is it possible to perform basic http auth as part of a reverse proxy call?

ie have an upstream that is http://user:pass@server/

I subscribe to a commercial service that has a number of endpoints for geographic resilience, but the means of working with them is via http basic authentication as part of the http get call and the credentials are different for each.

I would like to load balance calls to this commercial service using Caddy reverse proxying

That user:pass@ syntax is just sugar for setting the Authorization header.

It’ll look something like this:

reverse_proxy http://<server> {
	header_up Authorization "Basic: <base64-encoded(user:pass)>"

The value there needs to be the username, concatenated with : concatenated with the password, then all that base64 encoded.

thanks for your response, so something like this would be valid?

reverse_proxy http://server1 {header_up Authorization “Basic: <base64-encoded(user:pass)>”} http://server2 { header_up Authorization “Basic: <base64-encoded(user:pass)>”} http://server3 {header_up Authorization “Basic: <base64-encoded(user:pass)>”}

Not exactly, you’ll need to use request matchers to tell Caddy when to serve each proxy:

Please read through here if you haven’t already:

Also, the <base64-encoded(user:pass)> bit was left for you to replace with the actual base64 encoded text, as I described.

For example, if your username and password are foo and bar, then you would take foo:bar and base64 encode that, which would give you Zm9vOmJhcg==, which is what you’d use there.

This topic was automatically closed after 30 days. New replies are no longer allowed.