Setting up caddy-docker-proxy for basic-auth SSO

arminus · April 15, 2022, 3:13pm

1. Caddy version (`caddy version`):

v2.4.5 h1:P1mRs6V2cMcagSPn+NWpD+OEYUYLIf6ecOa48cFGeUg=

2. How I run Caddy:

a. System environment:

Linux/Docker

b. Command:

docker-compose

c. Service/unit/compose file:

version: "3.7"
services:
  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    container_name: caddy
    ports:
      - 80:80
      - 443:443
    environment:
      - CADDY_INGRESS_NETWORKS=caddy-network
    networks:
      - caddy-network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/caddy:/data
  frontend:
    image: frontend
    container_name: frontend
    labels:
      caddy_0: ${SERVER_DOMAIN}
      caddy_0.redir: "https://www.${SERVER_DOMAIN}"
      caddy_1: www.${SERVER_DOMAIN}
      caddy_1.reverse_proxy: "{{upstreams 8080}}"
      caddy_1.basicauth: "/*"
      caddy_1.basicauth.admin: "${SERVER_PASSWORD}"
    networks:
      - caddy-network
  docs:
    image: docs
    container_name: docs
    labels:
      caddy: docs.${SERVER_DOMAIN}
      caddy.reverse_proxy: "{{upstreams 8090}}"
      caddy.basicauth: "/*"
      caddy.basicauth.admin: "${SERVER_PASSWORD}"
    networks:
      - caddy-network
networks:
  caddy-network:

d. My complete Caddyfile or JSON config:

Generated by caddy-docker-proxy from the above labels

3. The problem I’m having:

I basically repeated the basicauth labels for all the proxied containers in my setup, which is both redundant and a pain for users to login to every subdomain/service.

Now I discovered this approach and was wondering how to best translate that into the required caddy-docker-proxy labels.

Couple of questions:

can I mix and match a caddy config coming from the docker-labels and from a block which would define the snippets and the auth pseudo site (which is not a container so putting it into docker-compose seems strange)
does anyone know a caddy-docker-proxy sample config which would accomplish something similar to this - just as a guideline?
and I guess there’s no reverse translation of caddy config syntax into caddy-docker-proxy labels…

4. Error messages and/or full log output:

N/A

5. What I already tried:

Trying to reverse the caddy-docker-proxy labels to caddy config translation in my head, to see if I could define this setup with docker labels, expecting a lot of trial&error

6. Links to relevant resources:

https://josheli.com/knob/2021/02/24/single-sign-on-in-caddy-server-using-only-the-caddyfile-and-basic-authentication/
maybe also

but that seems more complex than I need

francislavoie · April 17, 2022, 8:28pm

The labels syntax is a 1:1 mapping to Caddyfile config. See the README on the CDP project to understand how it works:

You can use a base Caddyfile which labels add config to, see the CDP docs.

Or you can define snippets as labels on the CDP container itself, which you can import from other container’s labels.

arminus · April 22, 2022, 10:14am

Thanks, that does indeed work.

system · May 15, 2022, 3:14pm

This topic was automatically closed after 30 days. New replies are no longer allowed.