Comments (8)
@abbekeff , please re-post your config after you ran formatting over it.
bin/caddy fmt -overwrite /path/to/Caddyfile
What is your current configuration for qbit.website.com
?
Do you have order
configured? (relevant explanation is #34 (comment))
order authenticate before respond
order authorize before basicauth
from caddy-security.
{
http_port 8282
https_port 4443
order authenticate before respond
order authorize before basicauth
email "email"
dynamic_dns {
provider cloudflare API
domains {
website.com
}
check_interval 30m
ip_source simple_http https://icanhazip.com
ip_source simple_http https://api64.ipify.org
}
security {
authentication portal myportal {
crypto default token lifetime 86400
cookie lifetime 172800
cookie domain website.com
backend local /config/auth/local/users2.json local
ui {
links {
"Flame" https://flame.website.com/ icon "las la-star"
}
}
transform user {
match email "email"
action add role authp/admin
}
}
authorization policy admins_policy {
bypass uri prefix /api
bypass uri prefix /command
bypass uri prefix /query
bypass uri prefix /login
bypass uri prefix /sync
allow roles authp/admin
set auth url https://auth.website.com/
acl rule {
comment default deny
match any
deny log warn
}
}
}
}
(tls) {
tls {
issuer zerossl API{
dns cloudflare API
resolvers 1.1.1.1
}
}
}
(headers) {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin"
Content-Security-Policy "upgrade-insecure-requests"
X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
}
}
auth.website.com {
log {
output file /config/logs/access.log
level WARN
}
import tls
import headers
route {
authenticate with myportal
}
}
flame.website.com {
import tls
encode zstd gzip
import headers
route {
authorize with admins_policy
reverse_proxy flame:5005
}
}
radarr.website.com {
import tls
encode zstd gzip
import headers
route {
authorize with admins_policy
reverse_proxy radarr:7878
}
}
sonarr.website.com {
import tls
encode zstd gzip
import headers
route {
authorize with admins_policy
reverse_proxy sonarr:8989
}
}
prowlarr.website.com {
import tls
encode zstd gzip
import headers
route {
authorize with admins_policy
reverse_proxy prowlarr:9696
}
}
qbit.website.com {
import tls
encode zstd gzip
import headers
route {
authorize with admins_policy
reverse_proxy qbittorrent:8080
}
}
jellyfin.website.com {
import tls
import headers
reverse_proxy jellynightly:8096 {
flush_interval -1
}
}
from caddy-security.
@abbekeff , please enable debug
in global config and try debugging. Please email me the logs.
Also, for troubleshooting, please configure static keys:
authentication portal myportal {
crypto key sign-verify 39a7ed93-6341-4232-a4fe-c44d242eca7d
}
authorization policy admins_policy {
crypto key verify 39a7ed93-6341-4232-a4fe-c44d242eca7d
}
from caddy-security.
@abbekeff , for troubleshooting, amend your ACL:
from:
allow roles authp/admin
acl rule {
comment default deny
match any
deny log warn
}
To:
acl rule {
match role authp/admin
allow stop log debug
}
acl rule {
comment default deny
match any
deny log warn
}
from caddy-security.
Also, try without route
:
flame.website.com {
import tls
encode zstd gzip
import headers
authorize with admins_policy
reverse_proxy flame:5005
}
from caddy-security.
@greenpau
I tried all your suggestions, same issue still.
I have logs for you, I cant find your email. where do I send them? (I'm new to github)
from caddy-security.
from caddy-security.
Release fix in v1.0.13.
from caddy-security.
Related Issues (20)
- Is caddy-security has cache?
- How to set a custom session timeout value? HOT 1
- breakfix: Azure OAuth2 config not working HOT 3
- Incredibly bad question HOT 2
- question: Is it possible only to verify KeyCloak access token
- question: API Key in Authorization: Bearer header HOT 1
- Use OIDC/SAML backwards to pass valid jwt token/roles/user to other Oauth/SAML compatible apps protected by Caddy reverse proxy HOT 1
- question: Passkey support HOT 10
- question: inject headers not presented HOT 15
- announcement: Profile UI Release HOT 1
- help needed: Support The Project
- breakfix: ACL path/method rules always seem to result in a miss HOT 2
- Integrate SSO with Google SAML HOT 2
- Integration with Oauth provider LemonLDAP is not working HOT 3
- feature: LDAP assumes memberof is available which is deprecated in OpenLDAP HOT 1
- breakfix: GitHub oauth2 flow always redirects back to /login even after successful login HOT 5
- feature: PKCE challange
- Is it possible to postpone the access_token expiration with every call? HOT 8
- question: Where can we get configuration details for the AWS Cognito IdP? HOT 1
- Settings Page Returns Page Not Found HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caddy-security.