-
-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wildcard help needed #95
Comments
Did you mean to close the global options block there? |
Extra brace I left when I removed logging in that section before posting to shorten the config. My Caddyfile is a few hundred lines. Was trying to pare it down to just the essentials. Below is the logging piece I removed which had the dangling brace.
|
@samcro1967 , what happens when you browse to “https://auth.%7B$fqdn%7D.net/auth/“ |
Below are the full configs of Caddyfile (minus caddy-docker-proxy labels) before and after. If I understand #79 correctly, it does not have a /auth after the FQDN. I tried both in the browser (with and without /auth) and get a blank white screen for both. My test app (hammond) works fine in both the before and after configs. I suspect trying to remove the /auth subdirectory is where I am getting wrapped around the axle and have made a mistake. Working config before switching to wildcard Config after switching to wildcard |
@samcro1967 , the one thing I am noticing is the mix of Please try removing all Also, check why you have this redirect to login. It should go to
|
I removed all redir's for the osu.* sections and updated the route statement to the below. When say say a mix of handle and routes, does that mean they cannot be mixed? Will be quicker to convert the 2 handles I have to routes if that is the case rather than convert 50+ routes to handles. I could just comment out all routes for testing and then convert and enable them to handles once I have it working. Just want to make sure I understand before I go making a bunch of changes.
|
@samcro1967 , I don't know yet. However, I want to see whether then Additionally, I recommend adding
I am not sure whether
|
I got it working with the CaddyFile below. I removed all caddy labels and cut the config down until I can get this working. I do see the trace for hammond in both caddy.log and access.log. None of the other traces appear in either log. I did have to add I am able to get logged in now and can get to "My Identity" and "Portal Settings". None of the other UI links work. CaddyFile |
I figured out where I went wrong. I think I understand now how to convert routes to handles for both subdomains and subdirectories with wildcards and caddy-security. The only piece that does not seem to be working as I would expect is trace. |
@samcro1967 , I think I tested trace to work with routes. I never tested if with handles (i don’t use them). What is unexpected? |
Yes, trace does not seem to work with handles. Makes sense if they were not tested. Handles also do not seem to work reliably or consistently. I setup handles using the exact same syntax (copy and paste) for 4 subdirectories. It worked for one and not the other three. I switched the other 3 from handles to routes and they work fine. So I can say mixing handles and routes does work when you can get handles to work. I think I will stick with routes given the inconsistencies with handles. The only issue I still have not figured out is authentication directly to an app. If I logout of the portal and go to hammond.samcro1967.net, I get the hammond login page and not the portal login page. If I enter my hammond credentials, it fails. That is good. If I auth in a different browser tab to the portal, and then enter my hammond creds I get in. Also good. I thought though before I made all of these changes if I was not logged into the portal and went to hammond.samcro1967.net, I was redirected to auth.samcro1967.net and then once authenticated redirected back to hammond.samcro1967.net. But maybe, that was not the case. Caddyfile |
@samcro1967 , I think this is connected to another issue #92. Specifically, "I think it's common to have multiple domains and you want them projected using only one authentication portal.". Your thoughts? In short, there could some replacing of the
|
My case is a little different. #92 is about different root domains where as I am using the same root domain, but different subdomains. Is it still relevant to my use case? I do not see it as a big issue. I will direct folks to the portal always, not directly to an app on a subdomain. Snds like a future release may add some options to covert one or both of these use cases if I understand correctly? |
I got everything converted to wildcards as either subdomains or subdirectories (if the app supports running with a base url) using routes. The issue of not getting the login page when going directly to a subdomain seems to be a browser cache issue. If I logout of the portal, close the browser, relaunch the browser, and go directly to a subdomain I am always redirected to the portal login. Thank you for your help as always. Closing this as the original question has been answered. |
Hi @samcro1967
How did you convert handles to routes? Currently I'm getting this error. |
@bbrendon That only happens with Caddyfile. As with other handler plugins, you need to specify the handler order relative to another handler directive either by using it in a route block or specifying the order global option at the top. |
@samcro1967, I am looking to add testimonial sections to https://authcrunch.com. Could you please write one and send it to me at greenpau@outlook.com? |
Describe the issue
Trying to convert to wildcard certs. Used #79 to make changes to Caddyfile. Not getting any errors in the log, but only get a white screen when I go to the login page (https://auth.{$FQDN}.net). The wildcard with CloudFlare works fine for my test app that is not behind mypolicy so I feel good that caddy, CloudFlare, and the wildcard cert is working. Must have something now quite right in the security block, but now sure what it is.
Configuration
Paste full
Caddyfile
below:Version Information
Provide output of
caddy list-modules -versions | grep git
below:The text was updated successfully, but these errors were encountered: