caddy-security icon indicating copy to clipboard operation
caddy-security copied to clipboard

Published 20 hours ago β€’ verified publisher icon greenpau

Running portal on path rather than subdomain

Open darox opened this issue 2 years ago β€’ 1 comments

Hi

I wonder whether it is possible to run the portal on the same subdomain but using a path like /auth and protect a path /documents?

Thank you.

darox avatar Aug 25 '22 12:08 darox

@darox , yes. It is done with β€œroute” directive. what is the config you are currently using?

greenpau avatar Aug 25 '22 14:08 greenpau

i have the some problem, i have this working config:

{
	http_port 8080
    https_port 8443
	# debug

	order authenticate before respond
	order authorize before basicauth

	security {
		local identity store localdb {
			realm local
			path users.json
		}


		authentication portal myportal {
			crypto default token lifetime 3600
			crypto key sign-verify 12345678901234567890123456789012
			enable identity store localdb
			cookie domain 127.0.0.1
			ui {
                theme basic
				links {
					"My Website" / icon "las la-star"
				}

    		}
			transform user {
				match origin local
				action add role authp/user
				ui link "Portal Settings" /settings icon "las la-cog"
			}
		}

		authorization policy users_policy {
			set auth url /auth
			allow roles authp/admin authp/user
			crypto key verify 12345678901234567890123456789012
			acl rule {
				comment allow users
				match role authp/user
				allow stop log info
			}
			acl rule {
				comment default deny
				match any
				deny log warn
			}
		}

	}
}

http://127.0.0.1:8080 {
	route /auth* {
		authenticate with myportal
	}

	route {
		authorize with users_policy
		respond * "assetq - admins" 200

	}
}

once i change to this config i get 404 for the login portal

{
	http_port 8080
    https_port 8443
	# debug

	order authenticate before respond
	order authorize before basicauth

	security {
		local identity store localdb {
			realm local
			path users.json
		}


		authentication portal myportal {
			crypto default token lifetime 3600
			crypto key sign-verify 12345678901234567890123456789012
			enable identity store localdb
			cookie domain 127.0.0.1
			ui {
                theme basic
				links {
					"My Website" / icon "las la-star"
				}

    		}
			transform user {
				match origin local
				action add role authp/user
				ui link "Portal Settings" /settings icon "las la-cog"
			}
		}

		authorization policy users_policy {
			set auth url /secure-auth
			allow roles authp/admin authp/user
			crypto key verify 12345678901234567890123456789012
			acl rule {
				comment allow users
				match role authp/user
				allow stop log info
			}
			acl rule {
				comment default deny
				match any
				deny log warn
			}
		}

	}
}

http://127.0.0.1:8080 {
	route /secure-auth* {
		authenticate with myportal
	}

	route {
		authorize with users_policy
		respond * "assetq - admins" 200

	}
}

terefang avatar Nov 08 '22 12:11 terefang

@terefang , try this and report the outcome

	route /secure-auth* {
		authenticate /secure-auth* with myportal
	}

greenpau avatar Nov 08 '22 13:11 greenpau

@terefang , try this and report the outcome

	route /secure-auth* {
		authenticate /secure-auth* with myportal
	}

still

image

terefang avatar Nov 09 '22 14:11 terefang

This worked great for me. It should be a config example!

j0dan avatar Apr 11 '23 03:04 j0dan

@darox , @j0dan @terefang , I am looking to add testimonial sections to https://authcrunch.com. Could you please write one and send it to me at [email protected]?

greenpau avatar Mar 11 '24 11:03 greenpau