1. My Caddy version (caddy version
):
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8
2. How I run Caddy:
a. System environment:
Ubuntu 16.04.6 LTS, systemd
b. Command:
via systemd
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
email webmaster@***.***
}
(headers) {
header {
-Server
X-Robots-Tag "none"
Referrer-Policy "same-origin"
X-Frame-Options "SAMEORIGIN"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
}
https://a***.b***.c** {
root * /var/www/html
encode gzip
import headers
basicauth {
user_1 hashed_pwd_1
}
basicauth /projectA/* {
user_1 hashed_pwd_1
user_2 hashed_pwd_2
}
basicauth /projectB/* {
user_1 hashed_pwd_1
user_3 hashed_pwd_3
}
respond /conf/* 403 {
close
}
respond /projectA/goodies/* 403 {
close
}
file_server {
index index.html index.php
}
php_fastcgi unix//run/php/php7.0-fpm.sock
}
3. The problem I’m having:
I am having issues with what seems to the the precedence of multiple basicauth directives. I have a file server with a root directory, and two subdirectories - /projectA and /projectB. I would like to have a master user/pwd combination that protects the entire site (root directory down), and then create separate user/pwd combinations which will grant access to each subdirectory. With the current configuration, the user_2 and user_3 credentials don’t work. The user_1 credentials work as they should.
4. Error messages and/or full log output:
The user_2 and user_3 login credentials don’t grant access
5. What I already tried:
Changing the order of the 3 basicauth directives had no effect, nor did wrapping them in a route block to try and force a certain order. When I comment out the first (global) basicauth directive, the user_2 and user_3 credentials work in the subdirectories as they should, but now the root directory is unprotected.