Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can not create locally hosted minimal instance for debug/test/error reproduction #347

Open
MrChadMWood opened this issue Jun 18, 2024 · 1 comment
Open

Can not create locally hosted minimal instance for debug/test/error reproduction #347

MrChadMWood opened this issue Jun 18, 2024 · 1 comment
Assignees
@greenpau
Labels
breakfix need triage

Comments

@MrChadMWood
Copy link

Describe the issue

I am having issues creating a basic instance of Caddy that utilizes authentication / authorization via caddy-security locally. With the below configuration, authentication works fine. Authorization fails for an unknown reason, resulting in infinity redirects until the browser stops it.

Configuration

Caddyfile:

{
	order authenticate before respond
	order authorize before basicauth

	security {
		local identity store localdb {
			realm local
			path {$HOME}/.local/caddy/users.json
		}
	
		authentication portal myportal {
			crypto default token lifetime 3600
			crypto key sign-verify debugtoken54321
			enable identity store localdb
			transform user {
				match origin local
				action add role authp/user
			}
		}
  
		authorization policy mypolicy {
			set auth url https://auth.localhost/
			allow roles authp/user
			crypto key verify debugtoken54321
			inject header "X-User-Email" from "userinfo|email"
		}
	}
}

auth.localhost {
	route {
		authenticate with myportal
	}
}

caddy.localhost {
  authorize with mypolicy
  respond "Hello World"
}

Version Information

Provide output of caddy list-modules --versions | grep -E "(auth|security)" below:

http.authentication.hashes.bcrypt v2.7.6
http.authentication.hashes.scrypt v2.7.6
http.authentication.providers.http_basic v2.7.6
http.handlers.authentication v2.7.6
tls.client_auth.leaf v2.7.6
http.authentication.providers.authorizer v1.1.29
http.handlers.authenticator v1.1.29
security v1.1.29

Expected behavior

I expected login to work using the default webadmin users credentials. Authentication does work, but authorization causes infinite redirects. The caddy.localhost response is thus never received.

Additional context

I am using docker. See my docker.compose.yml;

services:
  caddy:
    build:
      context: .
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./config/:/config
      - ./data/:/data

with Dockerfile:

ARG CADDY_VERSION=2.7.6
FROM caddy:${CADDY_VERSION}-builder AS builder

RUN xcaddy build \
    --with github.com/greenpau/caddy-security \

FROM caddy:${CADDY_VERSION}-alpine

COPY --from=builder /usr/bin/caddy /usr/bin/caddy
@greenpau
Copy link
Owner

@MrChadMWood , see https://docs.authcrunch.com/docs/authenticate/auth-cookie#intra-domain-cookies

I suspect cookie insecure on is missing.

You might also need cookie domain localhost. You really should not, but people had that issue.

See this issue for config snippets: #337

If you still running into issue, feel free to reach out on Linkedin and we can get on Google Meet to troubleshoot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenpau greenpau

Labels
breakfix need triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@greenpau @MrChadMWood