Passing basic-auth user id to app behind reverse proxy

1. Output of caddy version:

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

Docker-compose

a. System environment:

Running through Docker-Compose

b. Command:

Paste command here.

c. Service/unit/compose file:

version: "3.9"
services:
  caddy:
    image: caddy:2-alpine
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    volumes:
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./caddy/data:/data
      - ./caddy/config:/config

  data_tools:
    build: data_tools/.
    restart: unless-stopped
    expose:
      - "8688"
    volumes:
      - ./data_tools:/project

d. My complete Caddy config:

(basic-auth) {
  basicauth / {
    brian-mullen ...
  }
}

internal.agricair.com {
  redir /data_tools /data_tools/
  handle_path /data_tools/* {
    import basic-auth
    reverse_proxy data_tools:8688 {
      header_up +X-WEBAUTH-USER {http.auth.user.id}
	}
  }
}

3. The problem I’m having:

I would like to pass the username from authorization to the CherryPy application at /data_tools/. With the current config, if I go to https://internal.agricair.com/data_tools/ and log in, using developer tools in the browser I can see the X-WEBAUTH-USER header and correct value.

However, I can’t seem to access this header using CherryPy. It doesn’t seem to be propagating. Also, if I go to https://internal.agricair.com/data_tools/index.html and check the headers using the developer tools, it shows the X-WEBAUTH-USER header with an empty value.

4. Error messages and/or full log output:

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

5. What I already tried:

See above.

6. Links to relevant resources:

https://caddy.community/t/placeholder-for-username-of-basicauth-user/10606

The / here makes it so that basicauth only applies to requests to exactly / and nothing else. Remove that to make it match all requests.

2 Likes

That works!

For anyone else seeing this, the header doesn’t show in the developer tools for the page, but I can see it on the backend with CherryPy. I can definitely make that work for what I need.

1 Like

Correct. The request header is manipulated by Caddy after the browser sent the request. It would be impossible for the browser to see it because it happens entirely on the server.

1 Like