Small problem with basicauth and handle_error

Help
1

hello all,
I immediately apologize if I am asking a stupid question, i’m a newbie caddy’s user but I couldn’t find this example…
so…

1. Caddy version (caddy version):

2.4.6

2. How I run Caddy:

docker on raspberry 4

d. My complete Caddyfile or JSON config:

(https_header) {
  encode gzip
  header {
    Strict-Transport-Security "max-age=31536000; includeSubdomains"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "SAMEORIGIN"
    Referrer-Policy "same-origin"
  }
}
https://domain.duckdns.org { 
    import https_header
    redir /jellyjelly /jellyjelly/
    redir /nextcloud /nextcloud/    
    basicauth  {
      foo (hashed here)
    }
    handle {
        import https_header
        reverse_proxy  http://192.168.1.1:8142
        reverse_proxy  /jellyjelly/* http://192.168.1.1:8424
    }
    handle_path /nextcloud/* {
        import https_header
        rewrite /.well-known/carddav /remote.php/dav
        rewrite /.well-known/caldav /remote.php/dav
        reverse_proxy  http://192.168.1.1:8111 
    }  
    handle_errors {
       @nope expression `{http.error.status_code} == 401`
           handle @nope {
             respond {http.error.status_code}
             redir https://http.cat/401
           }
     }
}

3. The problem I’m having:

Caddy automatically show me the website https://http.cat/401, without any credential request…
if i commented handle_errors lines, ask me credential…

i don’t understand why…

5. What I already tried:

handle_errors {
	rewrite * /{http.error.status_code}
	reverse_proxy https://http.cat {
		header_up Host http.cat
	}
}

same situation

thank you for your support

2

Caddy will respond with a 401 when it wants to tell the client “hey I need you to authenticate”, so if you redirect or proxy when that happens, then the browser will never get asked to authenticate.

3

mm I don’t undestand… why browser doesn’t ask me to authenticate before error 401?

    handle_errors {
      respond "{http.error.status_code} {http.error.status_text}"
    }

this simple line works, so if I use respond works… rewrite doesn’t ask authenticate…

4

Because the 401 is what actually triggers the browser to ask. That’s how Basic Auth works, and has always worked. That’s not a Caddy thing, it’s just how it works.

I’m not really clear on what your goal is here. What are you trying to do with handle_errors exactly?

5

sorry for my english, maybe I was not clear…
I’m trying to customize the 401 error page, so I put a basicauth for authenticate, and if I put wrong credential, it give me 401 (custom) error page.
the thing is that if my line has rewrite... the error page appear before that Caddy ask me credential.
If my line has respond works correctly, the error page appear only if I put wrong credential.

in this case the browser doens’t prompt me for a username and password:

handle_errors {
	rewrite * /{http.error.status_code}
	reverse_proxy https://http.cat {
		header_up Host http.cat
	}
}

In this case works well:

    handle_errors {
      respond "{http.error.status_code} {http.error.status_text}"
    }

I hope I explained better

6

Oh I think what’s going on is reverse_proxy changes the written status code, whereas respond keeps the same status code, I think. (I don’t have time to test right now to confirm though).

To make reverse_proxy keep the status code, you can do this (you’ll need v2.5.0-rc.1 though cause we made a slight syntax change):

handle_errors {
	rewrite * /{http.error.status_code}
	reverse_proxy https://http.cat {
		header_up Host {upstream_hostport}
		replace_status {http.error.status_code}
	}
}
7

mm ok so is it a bug??
anyway I wait the 2.5 official release

8

It’s not a bug, that’s just how it works.

9

hello, 2.5 installed…
I tried this

handle_errors {
	rewrite * /{http.error.status_code}
	reverse_proxy https://http.cat {
		header_up Host {upstream_hostport}
		replace_status {http.error.status_code}
	}
}

but give me:

run: adapting config using caddyfile: parsing caddyfile tokens for 'handle_errors': /etc/caddy/Caddyfile:41 - Error during parsing: parsing caddyfile tokens for 'reverse_proxy': /etc/caddy/Caddyfile:39 - Error during parsing: must have two arguments: a response matcher and a status code

Do I already have 2 args?

10

Ah, my bad, the parser is expecting a response matcher.

handle_errors {
	rewrite * /{http.error.status_code}
	reverse_proxy https://http.cat {
		header_up Host {upstream_hostport}

		@statuses status 2xx 3xx 4xx 5xx
		replace_status @statuses {http.error.status_code}
	}
}
11

mm it doesn’t like '{http.error.status_code}'

run: adapting config using caddyfile: parsing caddyfile tokens for 'handle_errors': /etc/caddy/Caddyfile:43 - Error during parsing: parsing caddyfile tokens for 'reverse_proxy': /etc/caddy/Caddyfile:41 - Error during parsing: bad integer value '{http.error.status_code}': strconv.Atoi: parsing "{http.error.status_code}": invalid syntax
12

Whoops. Well, I have a PR to fix both issues. Sorry about that!

1 Like
13

great, thank you guys

14

This topic was automatically closed after 30 days. New replies are no longer allowed.