Comments (8)
@mahq195 , you are using HTTP. Therefore you need the cookie insecure on
.
See: https://authp.github.io/docs/authenticate/auth-cookie
from caddy-security.
hi @greenpau, following you, now i can see password page in stead of unauthorized. But i still get the above error, also i dont see any password for webadmin user in the logs
from caddy-security.
following you, now i can see password page in stead of unauthorized. But i still get the above error, also i dont see any password for webadmin user in the logs
@mahq195 , please look in here on how to set your own user: authp/authp.github.io#20 (comment)
from caddy-security.
Thank a lot, now i can login, but still get some problems:
- after logging in, when i reload the page, i want to re-log in again, then get the error
- when route to my /app, i get
Cannot GET /app
. i dont know why
Sorry this is the first time i work with this server and this plugin
Also i provide you my current caddyfile:
{
order authenticate before respond
order authorize before basicauth
security {
local identity store localdb {
realm local
path {$HOME}/.local/caddy/users.json
user webadmin {
name webadmin
email [email protected]
password "Admin@123" overwrite
roles authp/admin authp/user
}
}
authentication portal myportal {
# crypto default token lifetime 3600
crypto key sign-verify {env.JWT_SHARED_KEY}
enable identity store localdb
cookie domain "http://10.20.1.19"
cookie insecure on
ui {
links {
"My Website" "http://10.20.1.19/app" icon "las la-star"
"Guests" "http://10.20.1.19/guests" icon "las la-star"
"Users" "http://10.20.1.19/users" icon "las la-star"
"Admins" "http://10.20.1.19/admins" icon "las la-star"
"My Identity" "/auth/whoami" icon "las la-user"
}
# password_recovery_enabled yes
}
transform user {
match origin local
action add role authp/user
ui link "Portal Settings" /settings icon "las la-cog"
}
}
authorization policy guests_policy {
set token sources cookie
validate bearer header
# disable auth redirect
set auth url "http://10.20.1.19/auth"
allow roles authp/admin authp/user
crypto key verify {env.JWT_SHARED_KEY}
acl rule {
comment allow guests only
match role guest authp/guest
allow stop log info
}
acl rule {
comment default deny
match any
deny log warn
}
}
authorization policy users_policy {
set token sources cookie
validate bearer header
set auth url "http://10.20.1.19/auth"
allow roles authp/admin authp/user
crypto key verify {env.JWT_SHARED_KEY}
acl rule {
comment allow users
match role authp/user
allow stop log info
}
acl rule {
comment default deny
match any
deny log warn
}
}
authorization policy admins_policy {
set token sources cookie
validate bearer header
set auth url "http://10.20.1.19/auth"
allow roles authp/admin authp/user
crypto key verify {env.JWT_SHARED_KEY}
acl rule {
comment allow users
match role authp/user
allow stop log info
}
acl rule {
comment default deny
match any
deny log warn
}
}
}
}
"http://10.20.1.19" {
route /auth* {
authenticate with myportal
}
route /app* {
authorize with users_policy
reverse_proxy 127.0.0.1:3000
}
route {
redir http://{hostport}/auth 302
}
}
from caddy-security.
rightnow i fixed those problems above, the only one i'm facing to is that when i click to "My website", i get like this
I think the problem lying at
route /app/* {
authorize with users_policy
reverse_proxy 127.0.0.1:3000
}
but i dont know to fix it yet :). If you want to see full my caddyfile, check the previous comment.
I am looking forward to get your opion, Mr.@greenpau
from caddy-security.
but i dont know to fix it yet :). If you want to see full my caddyfile, check the previous comment.
@mahq195 , my guess is that your request reached your reverse proxy (127.0.0.1:3000
), but you node.js router is not able to match it.
I would suggest
route /app* {
authorize with users_policy
uri strip_prefix /app
reverse_proxy 127.0.0.1:3000
}
from caddy-security.
hi sir, i already run the plugin, thankyou very much
from caddy-security.
@mahq195 , resolved?
from caddy-security.
Related Issues (20)
- Running caddy-security on Caddy Docker HOT 3
- Basic auth credentials validation using LDAP identity store instead of username / hashed_password HOT 1
- Trying to authenticate API calls with LDAP HOT 3
- Open the 'discussions' tab HOT 1
- question: No Token Found for Discord auth, confused about config HOT 5
- feature: Events HOT 3
- question: Help me configure this: one-off retro week event HOT 5
- breakfix: password_recovery_enabled HOT 5
- question: ACL in Caddy HOT 10
- question: Is there a way to match if a value is in an array? HOT 18
- question: How do I require authentication for a reverse proxy HOT 1
- feature: Simplify configuring multiple OAuth clients
- I'm using the recommended config but endpoints are always authorized
- question: Caddy is oauth proxy for grafana oauth identity forwarding HOT 1
- question: refresh_token not working in azure oAuth 2.0
- question: Preflight requests
- Apple Passkeys HOT 2
- Is caddy-security has cache?
- How to set a custom session timeout value? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caddy-security.