1. Caddy version (caddy version
): Latest
2. How I run Caddy:
a. System environment:
Ubuntu 20.04
b. Command:
sudo service caddy start
c. Service/unit/compose file:
N/A
d. My complete Caddyfile or JSON config:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
recording.bpsdassist.org.au {
# Set this path to your site's directory.
#root * /usr/share/caddy
root * /var/www/html
# Enable the static file server, and browsing of a folder.
file_server browse
# New password hashes are made with caddy hash-password.
basicauth /tasks/* {
Bob <CREDENTIALS> # Admin, can browse all folders
Brett <CREDENTIALS> # Normal person, can browse subfolders
}
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
#
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /404.html
file_server
}
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
3. The problem I’m having:
What I would like to try and do, is to have two levels of access.
The file structure is from the root:
- /tasks
- /tasks/task1/file.txt (there could be many variations of task1 names)
For 1. I can do, using basicauth for /tasks/* , and the entry in the config you can see is file_server browse.
What I’m not sure though, is how I could do 2. I don’t know the foldernames that have been generated in advance, but they would look like:
In other words, an admin can browse the tasks folder with their login.
Otherwise, a normal person that knows to navigate to /tasks/task1 can access that subfolder to browse. I would prefer if that is with it’s own basicauth password, but it’s okay if not.
4. Error messages and/or full log output:
5. What I already tried:
Adding this below the first basicauth entry
basicauth /tasks/*/* { Brett <Hash> }
I can’t do this because of having two basicauth entries. It then overwrites the first entry, and doesn’t work anyway I don’t think.
I’m thinking the file server basics resources may help below, perhaps I could have the admins use /tasks/ which is a redirect, and normal users access it with the base of /task/ externally.