1. Caddy version (caddy version
):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
a. System environment:
ubuntu 16.04
b. Command:
systemctl start caddy
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
http://192.168.37.153, http://hostname.example.com
{
route /auth {
authp {
backend local /opt/caddy/assets/conf/local/auth/user_db.json local
transform user {
match origin local
require mfa
}
registration {
dropbox /opt/caddy/assets/conf/local/auth/registrations_db.json
title "User Registration"
}
crypto default token lifetime 21600
crypto key sign-verify AnExampleSecretKey123
crypto key token name access_token
ui {
theme basic
template login "/opt/caddy/templates/em20-tmpl/login.template"
template generic "/opt/caddy/templates/em20-tmpl/generic.template"
template portal "/opt/caddy/templates/em20-tmpl/portal.template"
template register "/opt/caddy/templates/em20-tmpl/register.template"
template whoami "/opt/caddy/templates/em20-tmpl/whoami.template"
template settings "/opt/caddy/templates/em20-tmpl/settings.template"
custom css path "/opt/caddy/css/custom.css"
static_asset "assets/logo.png" "image/png" "/opt/caddy/templates/em20-tmpl/logo.png"
logo url "assets/logo.png"
logo description "Elite Manager"
links {
"Elite Manager" /
"My Auth Portal Settings" /auth/settings icon "las la-cog" target_blank
"who am i check" /auth/whoami target_blank icon "las la-star"
"Add MFA Authentication App" /auth/settings/mfa/add/app
"Manage Users" /user-mgr/ target_blank icon "las la-users"
}
}
}
}
route /gr/ {
jwt {
allow roles user manager superadmin
inject headers with claims
}
reverse_proxy http://localhost:3000
}
route /version {
respond * "2.0.0-a" 200
}
route /ui/ {
jwt {
allow roles user manager superadmin
inject headers with claims
}
reverse_proxy http://localhost:1880
}
route /user-mgr/ {
jwt {
allow roles superadmin manager
inject headers with claims
}
reverse_proxy http://localhost:5555
}
route / {
jwt {
allow roles user manager superadmin
set auth url /auth?redirect_url=/
primary yes
crypto key token name access_token
crypto key verify AnExampleSecretKey1234!
inject headers with claims
}
reverse_proxy http://localhost:1081
}
}
3. The problem I’m having:
I am attempting to learn & start setting caddy configuration for local HTTPS, TLS and PKI settings via the API.
First effort is to be able to setup a set of static host FQDN’s and IP’s that need to be supported over the same config (users connecting from outside firewall as well as inside firewall with diff FQDN’s and IP’s but to the same set of routes in a reverse proxy configuration)
I’m running into issues being able to GET the specific routes/match/host set already.
4. Error messages and/or full log output:
5. What I already tried:
I’m trying to make sure I can “GET” before I try to start doing “POST” or “PUT” or "PATCH. I
curl -X GET -H 'Content-Type: application/json' localhost:2019/config/apps/http/servers/ | jq
(which returns the following)
{
"srv0": {
"listen": [
":443"
],
"logs": {
"logger_names": {
"192.168.37.122": "log0",
"agrajag-virtualbox.tor.lab": "log0"
}
},
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"body": "2.0.0-a",
"handler": "static_response",
"status_code": 200
}
]
}
]
}
],
"match": [
{
"path": [
"/version*"
]
}
]
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "localhost:3000"
}
]
}
]
}
]
}
],
"match": [
{
"path": [
"/gr/*"
]
}
]
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "localhost:1880"
}
]
}
]
}
]
}
],
"match": [
{
"path": [
"/ui/*"
]
}
]
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "localhost:1081"
}
]
}
]
}
]
}
],
"match": [
{
"path": [
"/*"
]
}
]
}
]
}
],
"match": [
{
"host": [
"agrajag-virtualbox.tor.lab",
"192.168.37.122"
]
}
],
"terminal": true
}
]
}
}
I am trying to GET (and later PUT or PATCH) an updated set of “host”: values, but cant figure out if there is a GET URI that will target this properly. I cant get much father into the URI path beyond that example above (going int srv0 is a dead end). Specifically I’m trying to GET and then be able to set this portion of that output above:
"match": [
{
"host": [
"agrajag-virtualbox.tor.lab",
"192.168.37.122"
]
}
]
6. Links to relevant resources:
I’ve been going back and forth in the caddy API documentation as well as caddy API tutorial, iterating over what I think is the path structure, but I’m doing it wrong.