I’m sure that I just have something setup wrong, but can’t figure out what that may be. I am using http.reauth to allow access to subdirectories through organizr but it seems to not be recognizing the login state. I’ve been logged in as an admin for my tests. If I disable the path for the subdirectory it loads as expected.
Everything is running in Docker.
This is what I’m experiencing
here’s my Caddyfile
####################################################################################
# Snippets
####################################################################################
####### Snippet 1 #######
(mycommon) {
ext .html .htm .php
root /srv # Change path syntax for your OS or your preferred location!
gzip
header / {
X-Content-Type-Options nosniff
X-XSS-Protection "1; mode=block"
Strict-Transport-Security "max-age=31536000;"
}
}
####### Snippet 2 #######
(mylocations) {
# This code allows your browser/server to look at Organizr and verify if the currently logged in user's status is
# admin, user, or neither. This is based on assigned group in Organizer's "Manage users" tab
# Admin allows users to see Admin, User, and guest pages
# User allows a user to see User and Guest pages.
# Guest pages should not be assigned to either of these options.
# each page should only be present in ONE of the blocks if auth is required.
proxy /auth-admin https://domain.com/organizr/auth.php?admin
proxy /auth-user https://domain.com/organizr/auth.php?user
# this is where the protection happens. there is one call for users and one for admins
reauth {
path /sonarr
path /radarr
path /lidarr
path /mylar
path /lazy
path /nzbget
path /hydra2
path /pihole
# if someone is not authorized for a page, send them here instead of allowing them through to the intended page
failure redirect target=https://domain.com/organizr/
# The above listed directories with be pretected from anyone not listed in Organizr as an Admin
upstream url=https://domain.com/organizr/auth-admin,cookies=true
}
# This bracket does the same as the above annotated bracket but the minimum required group is User
reauth {
path /tautulli
failure redirect target=https://domain.com/organizr/
upstream url=https://domain.com/organizr/auth-user,cookies=true
}
proxy /organizr 172.10.0.12:80 { #https://organizr.us/
without /organizr
transparent
}
proxy /radarr 172.10.0.4:7878 { # https://radarr.video/
transparent
}
proxy /sonarr 172.10.0.5:8989 { # https://sonarr.tv/
transparent
}
proxy /lidarr 172.10.0.6:8686 { # https://github.com/lidarr/Lidarr
transparent
}
proxy /mylar 172.10.0.8:8090 { # https://github.com/evilhero/mylar
without /mylar
transparent
}
proxy /lazy 172.10.0.7:5299 { # https://github.com/DobyTang/LazyLibrarian
transparent
}
proxy /nzbget 172.10.0.3:6789 { # http://nzbget.net/
without /nzbget
transparent
}
proxy /hydra2 172.10.0.2:5076 { # https://github.com/theotherp/nzbhydra2
transparent
}
#rewrite /ombi /ombi/
proxy /ombi 172.10.0.10:3579 { # https://github.com/tidusjar/Ombi
transparent
}
proxy /tautulli 172.10.0.14:8181 { # http://tautulli.com/ PARTIALLY WORKING
without /tautulli
transparent
}
proxy /pihole 172.10.0.11:80 { # https://pi-hole.net/
without /pihole
transparent
header_downstream X-Frame-Options "SAMEORIGIN"
}
proxy /portainer 172.10.0.20:9000 { # https://portainer.io/
without /portainer
transparent
}
# The code below will proxy PHP requests
fastcgi / 127.0.0.1:9000 php # php variant only
}
####################################################################################
# web domain server block
####################################################################################
domain.com {
tls some@email.com
log /srv/logs/access.log {
rotate_size 1 # Rotate after 1 MB
rotate_age 7 # Keep log files for 7 days
rotate_keep 2 # Keep at most 2 log files
}
errors /srv/logs/errors.log {
rotate_size 1 # Rotate after 1 MB
rotate_age 7 # Keep log files for 7 days
rotate_keep 2 # Keep at most 2 log files
}
on startup php-fpm7 # php variant only
redir 301 {
if {path} is / # Only redirect if the request is for the webroot
/ https://domain.com/organizr/ # Replace with wherever you like
}
import mycommon # Import code snippet 1 defined above
import mylocations # Import code snippet 2 defined above
}
####################################################################################
# localhost or Machine server block
####################################################################################
http://localhost http://192.168.29.1 {
import mycommon # Import code snippet 1 defined above
import mylocations # Import code snippet 2 defined above
}
####################################################################################
# subdomains
####################################################################################
plex.domain.com {
tls some@email.com
gzip
timeouts none
# Separate log file for Plex server
log /srv/logs/plexaccess.log {
rotate_size 1 # Rotate after 1 MB
rotate_age 7 # Keep log files for 7 days
rotate_keep 2 # Keep at most 2 log files
}
errors /srv/logs/plexerror.log {
rotate_size 1 # Set max size 1 MB
rotate_age 7 # Keep log files for 7 days
rotate_keep 2 # Keep at most 2 log files
}
proxy / 192.168.29.10:32400 {
transparent
}
}
qnap.domain.com {
tls some@email.com
gzip
proxy / 192.168.29.2:8080 {
transparent
}
}
Log file showing the issue trying to load radarr
172.10.0.1 - - [24/Apr/2018:22:36:47 +0000] "GET /organizr/auth-admin HTTP/2.0" 404 132
172.10.0.1 - - [24/Apr/2018:22:36:47 +0000] "GET /radarr HTTP/2.0" 302 78
172.10.0.1 - - [24/Apr/2018:22:36:48 +0000] "GET /organizr/ HTTP/2.0" 200 13787
172.10.0.1 - - [24/Apr/2018:22:37:03 +0000] "GET /organizr/homepage.php HTTP/2.0" 200 14040
172.10.0.1 - - [24/Apr/2018:22:37:03 +0000] "GET /organizr/ajax.php?a=nzbget-update&list=listgroups HTTP/2.0" 200 84
172.10.0.1 - - [24/Apr/2018:22:37:04 +0000] "GET /organizr/ajax.php?a=get-calendar HTTP/2.0" 200 707
172.10.0.1 - - [24/Apr/2018:22:37:04 +0000] "GET /organizr/ajax.php?a=nzbget-update&list=listgroups HTTP/2.0" 200 84
172.10.0.1 - - [24/Apr/2018:22:37:04 +0000] "GET /organizr/ajax.php?a=nzbget-update&list=history HTTP/2.0" 200 2995