1. Caddy version (caddy version
):
2.0.0 docker builder with webdav plugin
2. How I run Caddy:
Running using docker/docker-compose, from a Caddy builder image.
a. System environment:
Debian 10, Docker 19.03.12, Docker-Compose 1.26.0
b. Command:
To build docker image: docker build --tag caddy:2.0.0-custom .
To run docker-compose: docker-compose up -d caddy
c. Service/unit/compose file:
Dockerfile to build image:
FROM caddy:2.0.0-builder AS builder
RUN caddy-builder \
github.com/mholt/caddy-webdav
FROM caddy:2.0.0
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
docker-compose.yml:
version: '3.4'
services:
# Caddy web server, doing reverse proxy
caddy:
image: "caddy:2.0.0-custom"
container_name: "caddy"
ports:
- "80:80"
- "443:443"
volumes:
- /srv/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- /srv/caddy/www:/usr/share/caddy:rw
- /srv/caddy/data:/data:rw
restart: always
d. My complete Caddyfile or JSON config:
{
order webdav last
}
# WebDAV
dav.rowland.pw {
root * /usr/share/caddy/webdav
log {
output file /data/logs/caddy_dav.log
}
basicauth {
secureguy JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
}
encode gzip zstd
header {
Access-Control-Allow-Origin *
Access-Control-Allow-Credentials true
Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND, MKCOL"
Access-Control-Allow-Headers "Authorization,DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Accept-Charset,X-Accept,origin,accept,if-match,destination,overwrite,X-CustomHeader"
Access-Control-Expose-Headers "ETag"
Access-Control-Max-Age 1728000
}
webdav
}
# KeeWeb/KeePass
kee.rowland.pw {
root * /usr/share/caddy/keeweb
file_server /*
log {
output file /data/logs/caddy_kee.log
}
encode gzip zstd
}
3. The problem I’m having:
I was using Caddy v1 for a long time, and as such I had moved my password manager to KeeWeb. This ran for a long time with not issues. Recently the drive died on my NUC, so I replaced it and I’m rebuilding from backup with Caddy v2. I posted before, listed below in Section 6, about BasicAuth issues and those got resolved. Now I’m trying to get 2x different sites to talk to each other. kee.domain.tld
is KeeWeb, dav.domain.tld
is the WebDAV.
4. Error messages and/or full log output:
In Firefox, when I try to connect to the WebDav from KeeWeb site, I see the error CORS Preflight Did Not Succeed
using the Web Dev Tools/Network console.
From my caddy log for the webdav site:
{
"level":"error",
"ts":1594411512.1438713,
"logger":"http.log.access.log1",
"msg":"handled request",
"request":{
"method":"OPTIONS",
"uri":"/keepass/drowland.kdbx",
"proto":"HTTP/1.1",
"remote_addr":"192.168.20.1:59915",
"host":"dav.rowland.pw",
"headers":{
"Referer":[
"https://kee.rowland.pw/"
],
"Connection":[
"keep-alive"
],
"Pragma":[
"no-cache"
],
"User-Agent":[
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
],
"Accept":[
"*/*"
],
"Accept-Language":[
"en-US,en;q=0.5"
],
"Accept-Encoding":[
"gzip, deflate, br"
],
"Access-Control-Request-Method":[
"HEAD"
],
"Access-Control-Request-Headers":[
"authorization,cache-control"
],
"Origin":[
"https://kee.rowland.pw"
],
"Dnt":[
"1"
],
"Cache-Control":[
"no-cache"
]
},
"tls":{
"resumed":false,
"version":771,
"ciphersuite":49196,
"proto":"http/1.1",
"proto_mutual":true,
"server_name":"dav.rowland.pw"
}
},
"common_log":"192.168.20.1 - - [10/Jul/2020:20:05:12 +0000] \"OPTIONS /keepass/drowland.kdbx HTTP/1.1\" 401 0",
"duration":0.000087038,
"size":0,
"status":401,
"resp_headers":{
"Access-Control-Allow-Origin":[
"*"
],
"Access-Control-Expose-Headers":[
"ETag"
],
"Access-Control-Max-Age":[
"1728000"
],
"Access-Control-Allow-Credentials":[
"true"
],
"Access-Control-Allow-Headers":[
"Authorization,DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Accept-Charset,X-Accept,origin,accept,if-match,destination,overwrite,X-CustomHeader"
],
"Access-Control-Allow-Methods":[
"GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND, MKCOL"
],
"Www-Authenticate":[
"Basic realm=\"restricted\""
],
"Server":[
"Caddy"
]
}
}
5. What I already tried:
If I use CyberDuck or Windows 10 Explorer, the WebDAV doesn’t have an issue authenticating and allowing transfers. So I don’t believe it’s a WebDAV plugin issue, I think I’m just missing a header or two.
I was missing a few headers from my v1 config in my v2 config of my previous post, so I’ve added them, but it’s still not connecting.
6. Links to relevant resources:
Original Post - [v2] BasicAuth not working with docker image or custom build