1. Caddy version (caddy version
):
v2.5.1
2. How I run Caddy:
Opnsense vm redirecting trafic from 80 and 443 to Caddy vm.
Proxmox Lxc container running caddy.
Caddy is run in a docker container and managed with docker-compose.
a. System environment:
|Distributor ID:|Debian|
|Description:|Debian GNU/Linux 11 (bullseye)|
|Release:|11|
|Codename:|bullseye|
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:03:17 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:23 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
b. Command:
No command is run because the docker container starts it.
c. Service/unit/compose file:
Docker-compose content:
caddy:
<<: *std-keys-sec-be
build:
context: $DOCKER_DIR/caddy
dockerfile: dockerfile
image: caddy:cloudflare
container_name: caddy
ports:
- 80:80
- 443:443
environment:
- CLOUDFLARE_API_TOKEN=$CF_TOKEN
volumes:
- $DOCKER_DIR/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- $DOCKER_DIR/caddy/data:/data
- $DOCKER_DIR/caddy/config:/config
- $LOG_DIR/caddy:/opt/logs/caddy
d. My complete Caddyfile or JSON config:
{
debug
email me@xs.me
}
(trusted_proxies_list) {
trusted_proxies 172.16.0.0/16 192.168.0.0/16 fc00::/7 100.64.0.0/10
}
auth.xs.me authelia.xs.me {
reverse_proxy authelia:9091 {
import trusted_proxies_list
}
}
*.xs.me {
log {
level INFO
output file /opt/logs/caddy/caddy.log {
roll_size 10MB
roll_keep 10
}
}
tls {
dns cloudflare {$CLOUDFLARE_API_TOKEN}
}
forward_auth authelia:9091 {
uri /api/verify?rd=https://auth.xs.me
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
encode gzip
@pmx-tfk-tc host tfk-tc.xs.me
#********************************************************************************************
reverse_proxy @pmx-tfk-tc cloudcmd:8000
3. The problem I’m having:
Running this configuration on a desktop works without any issues. The same configuration used with a mobile phone does not pass the authentication step.
Redirection to authelia is working fine. I get my authelia credentials request but the password is refused.
Getting error message “Incorrect Username or Password”.
This is the returned URL from Caddy:
https://auth.xs.me/?rd=https%3A%2F%2Ftfk-tc.xs.me%2F&rm=GET,%20https://auth.xs.me/?rd=https://tfk-tc.xs.me/,GET
I am not saying Caddy is the problem but coming from Traefik with the same config on Authelia side did not raised this error.
4. Error messages and/or full log output:
“Incorrect Username or Password” when entering credentials on the Authelia form.
5. What I already tried:
Checked Caddy forum
Checked Authelia forum
Disabled all ad-blocking addons
Reduced browser security
Tried different browser
Tried to authenticate directly to Authelia by typing auth.xs.me. Credentials are accepted and I can thereafter access the protected site!