1. Caddy version (caddy version):
caddy v2.4.0 h1:yHnnbawH2G3ZBP2mAJF4XBLnJanqhULLP/wu01Qi9Io=
2. How I run Caddy:
a. System environment:
Host - Ubuntu 20.04.2 LTS
Docker Desktop version - 20.10.6
Caddy container - caddy:latest
b. Command:
docker-compose up -d
c. Service/unit/compose file:
docker-compose
version: '3.8'
services:
caddy:
image: xcaddy:latest
container_name: caddy
ports:
- 80:80
- 443:443
- 8443:8443
networks:
- wg-pia
environment:
- TZ=America/Chicago
- PUID=1000
- PGID=1000
- CADDY_DOCKER_CADDYFILE_PATH=/data/CaddyFile
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "${docker}/caddy2/data:/data"
- "${docker}/caddy2/config:/config"
labels:
- com.centurylinklabs.watchtower.enable=false
Caddy Dockerfile
ARG CADDY_VERSION=2.4.0
FROM caddy:${CADDY_VERSION}-builder AS builder
RUN xcaddy build \
--with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2 \
--with github.com/greenpau/caddy-auth-portal \
--with github.com/greenpau/caddy-auth-jwt \
--with github.com/greenpau/caddy-trace \
--with github.com/porech/caddy-maxmind-geolocation
FROM caddy:${CADDY_VERSION}-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
CMD ["caddy", "docker-proxy"]
d. My complete Caddyfile or JSON config:
{
https_port 443
http_port 80
debug
email user@mydoamin.net
}
(geofilter) {
@mygeofilter {
maxmind_geolocation {
db_path /data/GeoLite2-Country.mmdb
allow_countries US
}
}
}
auth.mydoamin.net {
import geofilter
log {
output file /data/access.log
}
route /auth* {
auth_portal {
path /auth
backends {
local_backend {
method local
path /config/caddy/users.json
realm local
require mfa
}
}
jwt {
token_name access_token
token_secret <redacted>
token_lifetime 3600
}
registration {
dropbox /config/caddy/registrations_db.json
title "User Registration"
code <redacted>
require accept_terms
require domain_mx
}
ui {
links {
"My Identity" /auth/whoami icon "las la-star"
"My Settings" /auth/settings icon "las la-cog"
"My Versions" /version icon "las la-smile"
Test /test icon "las la-search"
Main /main icon "las la-search"
}
}
}
}
route /main* {
jwt {
primary yes
trusted_tokens {
static_secret {
token_name access_token
token_secret <redacted>
}
}
auth_url /auth
allow roles anonymous guest admin
allow roles superadmin
}
reverse_proxy @mygeofilter 192.168.1.157:80
}
route /version* {
respond * `caddy v2.4.0 h1:yHnnbawH2G3ZBP2mAJF4XBLnJanqhULLP/wu01Qi9Io=
http.authentication.hashes.bcrypt v2.4.0
http.authentication.hashes.scrypt v2.4.0
http.authentication.providers.http_basic v2.4.0
http.handlers.authentication v2.4.0
http.authentication.providers.jwt v1.2.7
http.handlers.auth_portal v1.4.6
http.matchers.maxmind_geolocation v0.0.0-20201011164607-088c2173a367` 200
}
route {
redir https://{hostport}/auth/ 302
}
route /test* {
uri strip_prefix /test
reverse_proxy @mygeofilter 192.168.1.104:8097
jwt
}
}
3. The problem I’m having:
I have implemented caddy-auth-portal. Not all of the services I have support adding a base url/prefix. I used uri strip_prefix so that when I go to https://auth.mydomain.net/main it is sent to http://192.168.1.157:80 on the backend (instead of http://192.168.1.157:80/main), but I get a 404 error and the page only partially loads. Clicking on any link in the page for the service takes me back to https://auth.mydomain.net. I have tired it with 2 different services that I host and both get the same behavior.
Prior to caddy-auth-portal My Caddyfile for a service would look like this:
main.mydomain.net {
reverse_proxy 192.168.1.157:80
tls user@mydomain.net
}
Not quite sure what I need to do in order to deal with the prefix and caddy-auth-portal.
4. Error messages and/or full log output:
Caddy Logs
https://pastebin.com/SLBpbdq
5. What I already tried:
I tried doing rewrite instead of uri strip_prefix, but I could not get the page to load. I also tried adding /main* as a match to the reverse_proxy directive.