Secure apps under Zitadel with Caddy

Help
1

1. The problem I’m having:

I am using caddy in docker-compose for some years now to reverse proxy my services. I was using Authentik, with Caddy forward_auth, to secure apps that didn’t have any authentication, with Authentik integrated proxying (I wasn’t fully proxying the app through Authentik, only using forward_auth).

But I recently switched to Zitadel for multiple reasons. Zitadel doesn’t have an integrated proxy like Authentik, it only does openid / oauth2. I see 2 solutions to my problem:

  1. oauth2-proxy Welcome to OAuth2 Proxy | OAuth2 Proxy
  2. Caddy security

Both seem to support proxying an app and then redirecting to an oauth2 app like Zitadel. But I’m not familiar with them and I’m not sure which one would be the most appropriate.

I need the solution to work with forward_auth, I don’t want to proxy the entire traffic. I also want the solution to directly redirect to forward auth Zitadel, I don’t want to add another login screen with a button for oauth. It looks like oauth2-proxy is able to do that but I couldn’t find if caddy security was able to.

Oauth2-proxy seems pretty simple to install and can be configured entirely from docker-compose env variables, which is a real plus. But apparently I need to have a container per app I want to secure. It is not able to receive forward_auth from multiple apps. I couldn’t find if Caddy security can.

In both cases, I found very little to no examples of config to use forward_auth. So I have the following questions:

  1. What solution would be the best ?
  2. Is there other options ?
  3. Do you have example configs for oauth2-proxy or Caddy security (not required to be with Zitadel, can be with another oauth2 provider) ?

Thanks in advance for any answer.

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

4. How I installed and ran Caddy:

a. System environment:

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.