Placeholder for username of basicauth user?

1. Caddy version (caddy version):

v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

2. How I run Caddy:

a. System environment:

Linux hausberrypi 5.4.51-v7l+ #1333 SMP Mon Aug 10 16:51:40 BST 2020 armv7l GNU/Linux

b. Command:

sudo systemctl start caddy

c. Service/unit/compose file:

pi@hausberrypi:~ $ cat /lib/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

grafana.haus.die-werners.de:443 {

    reverse_proxy localhost:3000 {
        header_up -Authorization
        header_up +X-WEBAUTH-USER {username}
    }

    basicauth {
        admin pass1
        marc-philip pass2
    }

# seems to be necessary to obtain certificate when port 80 is closed
    tls {
       issuer acme {
            disable_http_challenge
        }
    }
}

3. The problem I’m having:

I want to pass the username of the user that has just successfully authenticated to caddy as a header X-WEBAUTH-USER to the backend (grafana). I think I’d need a placeholder, but I cannot find it in the documentation. As you can see in the Caddyfile, I tried {username}, but that does not work.

4. Error messages and/or full log output:

5. What I already tried:

When I hardcode e.g. “admin” in the header_up directive and logon to caddy as admin, it works fine. I just cannot figure out how to be flexible.

6. Links to relevant resources:

Thank you!
MP

It’s {http.auth.user.id}, but you’re right it should be more prominently documented.

1 Like

Awesome, Francis. This works, thank you! Could you please share where this is documented? I pasted the variable name http.auth.user.id into the search box at Welcome — Caddy Documentation, and it tells me there’s no hit.

T&R
MP

Yeah unfortunately it just hasn’t been documented yet. It’s an oversight. I’ll make sure it’s added to the basicauth directive page for the next release.

1 Like

Opened a couple PRs to update the Caddyfile and JSON docs to mention it

https://github.com/caddyserver/website/pull/117

https://github.com/caddyserver/caddy/pull/3886

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.