So I want it to work for all sub directories of the root.
I then goto say test.domain.com and it asks me to login via basicauth popup. I log in and it is accepted. The page I am going to then asks me for login to the service which I do. But then it asks me for the basic auth login again but no matter what I enter it isn’t accepted. It will be trying to open up Welcome dragndropbuilder.com - BlueHost.com
How do I specify it so anything at that domain will work and only ask for one login at the root? Do I actually need to specify every single possible folder? Will I then need to login to every folder? Or is this where I should use a realm?
Mixing multiple authentication methods usually introduces issues.
Basic authentication essentially stops any request that doesn’t have a proper Authorization: Basic <credentials> request header.
So, for example, it’s possible that your app’s authentication method relies on a different Authorization header, such as Bearer <token>, commonly used by JWT. Your browser will only send one Authorization header, so having two systems like this makes authentication effectively impossible.
Setting the Realm won’t change the fact that Caddy will stop any unauthorized request in the protected path, and there’s no way to set it on an exact path and exclude subpaths.
Some potential solutions:
Keep your web root available without authentication, and protect only the subdirectories that require it.
Keep different services with different authentication methods on separate subdomains.
Protect the root with basicauth, but put your service in a different path-scoped site, e.g. example.com/service in the Caddyfile.