From e8bbf3800c9add9138c278f728f828a7231fddc3 Mon Sep 17 00:00:00 2001 From: Andreas <43118918+eulores@users.noreply.github.com> Date: Wed, 21 Aug 2024 17:32:30 +0200 Subject: [PATCH] Correct the forward authentication configuration template for Caddy The directives were not executed in the given order, but instead, using the implicit sequence defined in https://caddyserver.com/docs/caddyfile/directives#directive-order. Surrounding the directives with route {} fixes this. Signed-off-by: Andreas <43118918+eulores@users.noreply.github.com> --- .../docs/providers/proxy/_caddy_standalone.md | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/website/docs/providers/proxy/_caddy_standalone.md b/website/docs/providers/proxy/_caddy_standalone.md index 09e857a6ceae..2ee6b700cc7a 100644 --- a/website/docs/providers/proxy/_caddy_standalone.md +++ b/website/docs/providers/proxy/_caddy_standalone.md @@ -2,22 +2,25 @@ Use the following configuration: ``` app.company { - # always forward outpost path to actual outpost - reverse_proxy /outpost.goauthentik.io/* http://outpost.company:9000 + # directive execution order is only as stated if enclosed with route. + route { + # always forward outpost path to actual outpost + reverse_proxy /outpost.goauthentik.io/* http://outpost.company:9000 - # forward authentication to outpost - forward_auth http://outpost.company:9000 { - uri /outpost.goauthentik.io/auth/caddy + # forward authentication to outpost + forward_auth http://outpost.company:9000 { + uri /outpost.goauthentik.io/auth/caddy - # capitalization of the headers is important, otherwise they will be empty - copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version + # capitalization of the headers is important, otherwise they will be empty + copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version - # optional, in this config trust all private ranges, should probably be set to the outposts IP - trusted_proxies private_ranges - } + # optional, in this config trust all private ranges, should probably be set to the outposts IP + trusted_proxies private_ranges + } - # actual site configuration below, for example - reverse_proxy localhost:1234 + # actual site configuration below, for example + reverse_proxy localhost:1234 + } } ```