1. Caddy version (caddy version
):
v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=
2. How I run Caddy:
a. System environment:
Linux hausberrypi 5.4.51-v7l+ #1333 SMP Mon Aug 10 16:51:40 BST 2020 armv7l GNU/Linux
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
pi@hausberrypi:~ $ cat /lib/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
grafana.haus.die-werners.de:443 {
reverse_proxy localhost:3000 {
header_up -Authorization
header_up +X-WEBAUTH-USER {username}
}
basicauth {
admin pass1
marc-philip pass2
}
# seems to be necessary to obtain certificate when port 80 is closed
tls {
issuer acme {
disable_http_challenge
}
}
}
3. The problem I’m having:
I want to pass the username of the user that has just successfully authenticated to caddy as a header X-WEBAUTH-USER to the backend (grafana). I think I’d need a placeholder, but I cannot find it in the documentation. As you can see in the Caddyfile, I tried {username}, but that does not work.
4. Error messages and/or full log output:
5. What I already tried:
When I hardcode e.g. “admin” in the header_up directive and logon to caddy as admin, it works fine. I just cannot figure out how to be flexible.
6. Links to relevant resources:
Thank you!
MP