Git Product home page Git Product logo

Comments (8)

greenpau avatar greenpau commented on May 22, 2024

@abbekeff , please re-post your config after you ran formatting over it.

bin/caddy fmt -overwrite /path/to/Caddyfile

What is your current configuration for qbit.website.com?

Do you have order configured? (relevant explanation is #34 (comment))

order authenticate before respond
order authorize before basicauth

from caddy-security.

abbekeff avatar abbekeff commented on May 22, 2024 
{
	http_port 8282
	https_port 4443
	order authenticate before respond
	order authorize before basicauth
	email "email"
	dynamic_dns {
		provider cloudflare API
		domains {
			website.com
		}
		check_interval 30m
		ip_source simple_http https://icanhazip.com
		ip_source simple_http https://api64.ipify.org
	}
	security {
		authentication portal myportal {
			crypto default token lifetime 86400
			cookie lifetime 172800
			cookie domain website.com
			backend local /config/auth/local/users2.json local
			ui {
				links {
					"Flame" https://flame.website.com/ icon "las la-star"
				}
			}
			transform user {
				match email "email"
				action add role authp/admin
			}
		}
		authorization policy admins_policy {
			bypass uri prefix /api
			bypass uri prefix /command
			bypass uri prefix /query
			bypass uri prefix /login
			bypass uri prefix /sync
			allow roles authp/admin
			set auth url https://auth.website.com/
			acl rule {
				comment default deny
				match any
				deny log warn
			}
		}
	}
}
(tls) {
	tls {
		issuer zerossl API{
			dns cloudflare API
			resolvers 1.1.1.1
		}
	}
}
(headers) {
	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Frame-Options "SAMEORIGIN"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "strict-origin"
		Content-Security-Policy "upgrade-insecure-requests"
		X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
	}
}

auth.website.com {
	log {
		output file /config/logs/access.log
		level WARN
	}
	import tls
	import headers
	route {
		authenticate with myportal
	}
}

flame.website.com {
	import tls
	encode zstd gzip
	import headers
	route {
		authorize with admins_policy
		reverse_proxy flame:5005
	}
}

radarr.website.com {
	import tls
	encode zstd gzip
	import headers
	route {
		authorize with admins_policy
		reverse_proxy radarr:7878
	}
}

sonarr.website.com {
	import tls
	encode zstd gzip
	import headers
	route {
		authorize with admins_policy
		reverse_proxy sonarr:8989
	}
}

prowlarr.website.com {
	import tls
	encode zstd gzip
	import headers
	route {
		authorize with admins_policy
		reverse_proxy prowlarr:9696
	}
}

qbit.website.com {
	import tls
	encode zstd gzip
	import headers
	route {
		authorize with admins_policy
		reverse_proxy qbittorrent:8080
	}
}

jellyfin.website.com {
	import tls
	import headers
	reverse_proxy jellynightly:8096 {
		flush_interval -1
	}
}

from caddy-security.

greenpau avatar greenpau commented on May 22, 2024

@abbekeff , please enable debug in global config and try debugging. Please email me the logs.

Also, for troubleshooting, please configure static keys:

authentication portal myportal {
  crypto key sign-verify 39a7ed93-6341-4232-a4fe-c44d242eca7d
}

authorization policy admins_policy {
  crypto key verify 39a7ed93-6341-4232-a4fe-c44d242eca7d
}

from caddy-security.

greenpau avatar greenpau commented on May 22, 2024

@abbekeff , for troubleshooting, amend your ACL:

from:

			allow roles authp/admin
			acl rule {
				comment default deny
				match any
				deny log warn
			}

To:

      acl rule {
        match role authp/admin
        allow stop log debug
      }
      acl rule {
        comment default deny
        match any
        deny log warn
      }

from caddy-security.

greenpau avatar greenpau commented on May 22, 2024

Also, try without route:

flame.website.com {
	import tls
	encode zstd gzip
	import headers
        authorize with admins_policy
	reverse_proxy flame:5005
}

from caddy-security.

abbekeff avatar abbekeff commented on May 22, 2024

@greenpau
I tried all your suggestions, same issue still.
I have logs for you, I cant find your email. where do I send them? (I'm new to github)

from caddy-security.

greenpau avatar greenpau commented on May 22, 2024

[email protected]

from caddy-security.

greenpau avatar greenpau commented on May 22, 2024

Release fix in v1.0.13.

from caddy-security.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.