1. Caddy version (caddy version):
v2.4.0-beta.1 h1:Ed/tIaN3p6z8M3pEiXWJL/T8JmCqV62FrSJCHKquW/I=
2. How I run Caddy:
I’m using caddy to make an authorization server, with a login and signup page, as well as an admin dashboard to oversee operations. The authorizations is based on JWT using a plugin.
a. System environment:
Operating System: Ubuntu 20.10
Kernel: Linux 5.8.0-53-generic
Architecture: x86-64
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# caddy run command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
test.palmiotto.duckdns.org {
tls {
issuer acme {
disable_http_challenge
}
issuer zerossl {
disable_http_challenge
}
}
encode gzip
route {
jwt {
trusted_tokens {
static_secret {
token_name xxxxxxxxxxxxxxxxxxxxxx
token_secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
}
}
auth_url https://auth.palmiotto.duckdns.org/api/token
}
reverse_proxy localhost:3000
}
#reverse_proxy /jellyfin/* 192.168.1.199:8096
#route /planes/* {
# uri strip_prefix /planes
# reverse_proxy 192.168.1.134:8754
#}
handle_errors {
rewrite * /{http.error.status_code}
reverse_proxy https://http.cat {
header_up Host http.cat
}
}
}
auth.palmiotto.duckdns.org {
tls {
issuer acme {
disable_http_challenge
}
issuer zerossl {
disable_http_challenge
}
}
encode gzip
reverse_proxy 192.168.1.199:6060
route /admin* {
jwt {
primary yes
trusted_tokens {
static_secret {
token_name xxxxxxxxxxx
token_secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
}
}
option validate_bearer_header
auth_url https://auth.palmiotto.duckdns.org/api/token
allow roles admin
}
reverse_proxy 192.168.1.199:6060
}
route /dashboard/* {
jwt
root * /home/server/admin-svelte/public
handle_path /dashboard/* {
file_server
}
}
}
dashboard.auth.palmiotto.duckdns.org {
route {
jwt
root * /home/server/admin-svelte/public
file_server
}
}
3. The problem I’m having:
The problem is in the /dashboard/ route. I need to use routes in order to pass the request through the JWT plugin. However if I try to connect to /dashboard/ instead of being shown the index.html file i get redirected at the root of the website. If I connect to /dashboard/index.html I can see the page and everything seems to work fine. If I just use the handle_path directive then on /dashboard/ i get the index. How can I see the index without specifiyng index.html?
4. Error messages and/or full log output:
5. What I already tried:
I tried using the JWT directive inside handle_path but I get
reload: adapting config using caddyfile: parsing caddyfile tokens for 'handle_path': directive 'jwt' is not ordered, so it cannot be used here
I created successfully another subdomain with the file_server and a route directive without a request matcher. However I would like to serve the site from a subdirectory so it is not of much help.
I thought that maybe I could issue a rewrite of some sort buth honestly I don’t think it would solve the problem.
Thank you very much for your help.