Caddy basic auth only from wan

Started by at3, December 07, 2024, 11:34:07 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 07, 2024, 11:34:07 AM
I don't know if anyone is able to help me.

I'm using caddy as reverse proxy. This works fine.
Only 1 issue I have is: I can enable basic auth. But this is for all ip's

I want to do basic auth only from wan and not from local ip's
I know this is possible but I can't figure out how to implement this in caddy in Opnsense.
It's not possible in the gui and I don't want to edit the Caddyfile because of upgrade persistence.

I can use extra imported .conf files but I don't understand any of that. I tried to use a .conf file and it just adds it to the bottom of the caddyfile so I cannot edit(?) a host entry already in the Caddyfile.
December 07, 2024, 12:10:09 PM #1 Last Edit: December 07, 2024, 12:12:50 PM by Monviech (Cedrik)
It would probably make more sense to use forward auth if you need to realize complex authentication scenarios, its offered for exactly that reason.

Another solution is that the reverse proxied app itself handles authentication.

A third solution is using two domains, one has the access list for only internal requests, the other basuc auth for external requests. Both have a handler pointing to the same internal upstream. External users would then use the external domain name.

The GUI can only do simple access lists and basic auth for all requests.

Making it more complex is not the goal of the plugin.
Hardware:
DEC740
December 07, 2024, 08:57:23 PM #2
Thanks for your help.
I went with the Authelia forward auth and this works like a charm.

This topic can be closed
Print
Go Up Pages1
User actions