Caddy Change Breaks OIDC (Easily Fixed)

Started by Al Muckart, April 16, 2026, 08:15:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 16, 2026, 08:15:23 AM
Mostly posting this for the search. The explanation and solution is in https://forum.opnsense.org/index.php?topic=51150

If you have a setup where you use OIDC and your web GUI is behind Caddy reverse proxy, the upstream change to Caddy will break OIDC because the OIDC provider will see the redirect_uri as being https://localhost:8443/api/oidc/rp/finalize/Keycloak which is obviously invalid.

Adding the {host} header fixes it.

Services: Caddy: Reverse Proxy -> 'Headers' tab and add the header per the linked post.
Services: Caddy: Reverse Proxy -> 'Handlers' tab, edit your reverse proxy handler, go to Transport > HTTP Headers and select your custom header from the dropdown.
Print
Go Up Pages1
User actions