Session expired when using basicauth

derrickr · March 18, 2021, 9:52am

1. Caddy version (`caddy version`):

v2.3.0

2. How I run Caddy:

a. System environment:

Ubuntu 20.04LTS on rPi 4

b. Command:

sudo systemctl start caddy.service

c. Service/unit/compose file:

n/a

d. My complete Caddyfile or JSON config:

my-domain.com {
  log {
    level INFO
    output file /home/ubuntu/caddy.log {
      roll_size 10MB
      roll_keep 10
    }
  }
  tls user@my-domain.com
  encode gzip
  reverse_proxy localhost:8080

  basicauth * {
    userName xQDBBfDxxxdxxxxxxxtswfhsfdhdfxxxxxxxxxxYYASDxxxxxxxdgfhjdfghsf
  }
}

3. The problem I’m having:

I’ve got my bitwardenrs instance running and thought it’d be good to provide some layers of protection. Especially after seeing this.

I tried setting basicauth in caddy, which is fine for my initial url, but as soon as I try to login (e.g. https://my-domain.com/vault/), it immediately logs me out. Actually, it very briefly (milliseconds) flashes the /vault/ but then logs out and errors.

I’ve used the * wildcard in the caddy basicauth directive, which I would’ve thought that would allow full access everywhere, but I guess that’s not quite right.

Any ideas?

Thanks

4. Error messages and/or full log output:

Logged out
Your login session has expired

5. What I already tried:

Duplicated the basicauth directive for the relevant areas within bitwarden e.g. /vault/ etc. but the ‘session expired’ problem persists.

francislavoie · March 18, 2021, 10:03am

Doesn’t your bitwarden instance have its own authentication? It doesn’t make sense to double up if that’s the case.

derrickr · March 18, 2021, 10:36am

True, but I just wanted to deter unwanted visitors.

However, if it can’t be done, then so be it.

system · April 17, 2021, 9:53am

This topic was automatically closed after 30 days. New replies are no longer allowed.