Reverse Proxy subdomains and authentication

Hi, I’m new to Caddy but so far it’s been ridiculously easy to get up and running on my HTPC! I’m having an issue with authentication and reverse proxy subdomains and regular protected subdirectories. Basically I’d like to be able to login to one of the subdomains/subdirectory and be authenticated when I visit the other subbomains/directories so I don’t have to enter credentials every time.

I’m using http.jwt and http.login. When I tested with multiple subdirectories, I was able to login once and access the other directories without having to login again, but when accessing the different subdomains, each one prompted for credentials.

Here’s a code snippet from one of my subdomains:

sonarr.domain.com {
  
  proxy / 127.0.0.1:8989 {
    transparent
  }
  
  jwt {
    path /
    redirect /login
    allow sub username
  }

  login {
        success_url /
        htpasswd file=init/passwd
		jwt_expiry 24h
        cookie_expiry 2400h
  }
  
}

@vopefulhitamins had the same question here, but never replied if he got it working. Worst case I can always reverse proxy each service to a subdirectory which isn’t a big deal.

Anyone have any insights? Thanks!

Subfolders often “just work” in terms of SSO with simple authentication methods - because Basic Authorization and cookies are scoped to the hostname, different URIs on the same hostname remain authenticated.

Once you wander to a new subdomain, though, Basic Auth and cookies which are set on the previous subdomain are not carried over, requiring you to log in again.

There is the parameter -cookie-domain in loginsrv for that.

See: GitHub - tarent/loginsrv: JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..

Ref: http - Share cookie between subdomain and domain - Stack Overflow

You probably want it set to: domain.com

That worked! Thank you, much appreciated

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.