caddy-security icon indicating copy to clipboard operation
caddy-security copied to clipboard
verified publisher icon greenpau

breakfix: local storage not working?

Open sagz opened this issue 3 years ago โ€ข 2 comments

Describe the issue

Trying to set up Caddy to do reverse proxy in a Windows environment.

  1. bcrypt-cli is deprecated. How to create bcrypt hashes that work in local storage? PyPl's bcrypt hashes don't seem to work.
  2. Where is users.json on a Windows environment? No file is auto-created across the Appdata/Roaming/caddy folder
  3. What are the other hash algorithms available? bcrypt is no longer recommended, and scrypt is encouraged instead...
  4. Is my token lifetime set right? Couldn't figure it out from your documentation if i'm doing it right

Configuration

Paste full Caddyfile below:

{
        
        security {
                local identity store localdb {
                        realm local
                        path {$HOME}/.local/caddy/users.json
                }

                authentication portal myportal {
                        crypto default token lifetime 36000
                        enable identity store localdb       
                }
        }
}


domain.example.com {
        route {
                authenticate with myportal
        }
        reverse_proxy localhost:8989

}

Version Information

Provide output of caddy list-modules -versions | grep git below:

PS C:\Users\username\Documents\caddy> .\caddy_windows_amd64_custom.exe list-modules --versions
admin.api.load v2.6.2
admin.api.metrics v2.6.2
admin.api.pki v2.6.2
admin.api.reverse_proxy v2.6.2
caddy.adapters.caddyfile v2.6.2
caddy.config_loaders.http v2.6.2
caddy.listeners.http_redirect v2.6.2
caddy.listeners.tls v2.6.2
caddy.logging.encoders.console v2.6.2
caddy.logging.encoders.filter v2.6.2
caddy.logging.encoders.filter.cookie v2.6.2
caddy.logging.encoders.filter.delete v2.6.2
caddy.logging.encoders.filter.hash v2.6.2
caddy.logging.encoders.filter.ip_mask v2.6.2
caddy.logging.encoders.filter.query v2.6.2
caddy.logging.encoders.filter.regexp v2.6.2
caddy.logging.encoders.filter.rename v2.6.2
caddy.logging.encoders.filter.replace v2.6.2
caddy.logging.encoders.json v2.6.2
caddy.logging.writers.discard v2.6.2
caddy.logging.writers.file v2.6.2
caddy.logging.writers.net v2.6.2
caddy.logging.writers.stderr v2.6.2
caddy.logging.writers.stdout v2.6.2
caddy.storage.file_system v2.6.2
events v2.6.2
http v2.6.2
http.authentication.hashes.bcrypt v2.6.2
http.authentication.hashes.scrypt v2.6.2
http.authentication.providers.http_basic v2.6.2
http.encoders.gzip v2.6.2
http.encoders.zstd v2.6.2
http.handlers.acme_server v2.6.2
http.handlers.authentication v2.6.2
http.handlers.copy_response v2.6.2
http.handlers.copy_response_headers v2.6.2
http.handlers.encode v2.6.2
http.handlers.error v2.6.2
http.handlers.file_server v2.6.2
http.handlers.headers v2.6.2
http.handlers.map v2.6.2
http.handlers.metrics v2.6.2
http.handlers.push v2.6.2
http.handlers.request_body v2.6.2
http.handlers.reverse_proxy v2.6.2
http.handlers.rewrite v2.6.2
http.handlers.static_response v2.6.2
http.handlers.subroute v2.6.2
http.handlers.templates v2.6.2
http.handlers.tracing v2.6.2
http.handlers.vars v2.6.2
http.matchers.expression v2.6.2
http.matchers.file v2.6.2
http.matchers.header v2.6.2
http.matchers.header_regexp v2.6.2
http.matchers.host v2.6.2
http.matchers.method v2.6.2
http.matchers.not v2.6.2
http.matchers.path v2.6.2
http.matchers.path_regexp v2.6.2
http.matchers.protocol v2.6.2
http.matchers.query v2.6.2
http.matchers.remote_ip v2.6.2
http.matchers.vars v2.6.2
http.matchers.vars_regexp v2.6.2
http.precompressed.br v2.6.2
http.precompressed.gzip v2.6.2
http.precompressed.zstd v2.6.2
http.reverse_proxy.selection_policies.cookie v2.6.2
http.reverse_proxy.selection_policies.first v2.6.2
http.reverse_proxy.selection_policies.header v2.6.2
http.reverse_proxy.selection_policies.ip_hash v2.6.2
http.reverse_proxy.selection_policies.least_conn v2.6.2
http.reverse_proxy.selection_policies.random v2.6.2
http.reverse_proxy.selection_policies.random_choose v2.6.2
http.reverse_proxy.selection_policies.round_robin v2.6.2
http.reverse_proxy.selection_policies.uri_hash v2.6.2
http.reverse_proxy.transport.fastcgi v2.6.2
http.reverse_proxy.transport.http v2.6.2
http.reverse_proxy.upstreams.a v2.6.2
http.reverse_proxy.upstreams.multi v2.6.2
http.reverse_proxy.upstreams.srv v2.6.2
pki v2.6.2
tls v2.6.2
tls.certificates.automate v2.6.2
tls.certificates.load_files v2.6.2
tls.certificates.load_folders v2.6.2
tls.certificates.load_pem v2.6.2
tls.certificates.load_storage v2.6.2
tls.client_auth.leaf v2.6.2
tls.get_certificate.http v2.6.2
tls.get_certificate.tailscale v2.6.2
tls.handshake_match.remote_ip v2.6.2
tls.handshake_match.sni v2.6.2
tls.issuance.acme v2.6.2
tls.issuance.internal v2.6.2
tls.issuance.zerossl v2.6.2
tls.stek.distributed v2.6.2
tls.stek.standard v2.6.2

  Standard modules: 99

dns.providers.cloudflare v0.0.0-20220916142955-815abbf88b27
dynamic_dns v0.0.0-20220916142711-87eacc5e2482
dynamic_dns.ip_sources.simple_http v0.0.0-20220916142711-87eacc5e2482
dynamic_dns.ip_sources.upnp v0.0.0-20220916142711-87eacc5e2482
http.authentication.providers.authorizer v1.1.15
http.handlers.authenticator v1.1.15
security v1.1.15

  Non-standard modules: 7

  Unknown modules: 0
PS C:\Users\username\Documents\caddy>

Expected behavior

A simple config file that shows this working

sagz avatar Nov 07 '22 06:11 sagz

@sagz , try providing windows path instead of โ€œpath {$HOME}/.local/caddy/users.jsonโ€

i.e, โ€œpath C:\Users\username\Documents\users.jsonโ€

let me know if you see the file being created.

greenpau avatar Nov 07 '22 09:11 greenpau

@sagz , your config misses authorization completely. Please review configs here: https://github.com/authp/authp.github.io/tree/main/assets/conf

greenpau avatar Nov 07 '22 09:11 greenpau