Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard subdomain portal auth - best practices question #79

Closed
zw7u9tru opened this issue Mar 26, 2022 · 1 comment
Closed

Wildcard subdomain portal auth - best practices question #79

zw7u9tru opened this issue Mar 26, 2022 · 1 comment
Assignees
@greenpau
Labels
caddy handlers local auth question Further information is requested

Comments

@zw7u9tru
Copy link

zw7u9tru commented Mar 26, 2022
edited
Loading

Hello,
My goal is to use a wildcard certificate and subdomains to protect some services. I got something working, but I just wanted to post here for other people to reference and to make sure it is correct.

This would be for a home server that hosts simple things.

cheers and thank you for the great open source project!


{
        # debug
        order log first
        order authenticate before respond
        order authorize before basicauth

        security {
                authentication portal myportal {
                        crypto default token lifetime 3600
                        backend local /etc/caddy/auth/local/users.json local
                        cookie domain blah.org

                        transform user {
                                match origin local
                                action add role authp/user
                        }
                }
                authorization policy sillypolicy {
                        set auth url https://auth.blah.org
                        allow roles authp/user authp/admin
                        acl rule {
                                comment allow users
                                match role authp/user
                                allow stop log info
                        }
                        acl rule {
                                comment default deny
                                match any
                                deny log warn
                        }
                }
        }
}
*.blah.org {
        tls {
                {redacted}
        }

        @auth host auth.blah.org
        handle @auth {
                authenticate with myportal
        }

        @tmoney host tmoney.blah.org
        handle @tmoney {
                authorize with sillypolicy
                reverse_proxy tmoney:8888
        }

        @r3 host r3.blah.org
        handle @r3 {
                authorize with sillypolicy
                reverse_proxy r3:7888
        }
        @unprotected host unprotected.blah.org
        handle @unproc {
                reverse_proxy unprotected:7889
        }
        log {
                format formatted "{request>host} {common_log} endcl {request>headers>Origin} {request>tls>server_name}"
                output file /var/log/caddy/access.log
        }
}
@zw7u9tru zw7u9tru added need triage question Further information is requested labels Mar 26, 2022
@greenpau
Copy link
Owner

@zw7u9tru , the handlers look good! 👍

Please consider helping with https://github.com/greenpau/caddy-security/issues/14#issue-1111599735

@samcro1967 samcro1967 mentioned this issue May 4, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenpau greenpau

Labels
caddy handlers local auth question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@greenpau @zw7u9tru