caddy-security icon indicating copy to clipboard operation
caddy-security copied to clipboard
verified publisher icon greenpau

question: Help with Pocket-ID

Open dancgn opened this issue 11 months ago • 5 comments

Hi everyone, I've been trying for days to get caddy-security with Pocket-ID integration up and running. The modules I'm using in caddy:

github.com/caddyserver/caddy/v2/cmd
github.com/fabriziosalmi/caddy-waf
github.com/greenpau/caddy-security
github.com/hslatman/caddy-crowdsec-bouncer
github.com/caddy-dns/cloudflare

Everything is built with xcaddy and compiled without errors. Basically, my Caddy is running fine, but as soon as I add a security block, it complains on restart that the module isn't available. However, according to:

Standard modules: 124
caddy.listeners.layer4
crowdsec
dns.providers.cloudflare
http.authentication.providers.authorizer
http.handlers.appsec
http.handlers.authenticator
http.handlers.crowdsec
http.handlers.waf
layer4
layer4.matchers.crowdsec
layer4.matchers.ip
layer4.matchers.local_ip
security
Non-standard modules: 13

it is. So far, ChatGPT and Deepseek have been quite helpful, but somehow, I can't get it to work. According to https://pocket-id.org/docs/guides/proxy-services, all entries are protected. However, I only want to secure specific sections or individual domains. Here's a block from my Caddyfile:

jelly.xxx.de {
    import common-settings
    reverse_proxy 192.168.178.21:8096
    log {
        output file /var/log/caddy/jelly.access.log
        format json
    }
}

In common-settings, I manage Cloudflare, secure headers, and gzip encoding. To be honest, I'm a bit overwhelmed with the callback URL (wildcard) and the correct integration. I practically need to put sub.meinedomain.de on Pocket-ID, which is fine so far. I created an app in Pocket-ID and received a Client ID and Secret ID. But integrating everything into the individual block is too complicated for me. I'd appreciate any help in German or English of course. Thanks! Dan

dancgn avatar Feb 10 '25 08:02 dancgn

@dancgn , please reach out to me over LinkedIn. I think I might need Google Meet with you to understand the use case better.

greenpau avatar Feb 10 '25 18:02 greenpau

LinkedIn? Never used it. Other ways? Discord? Reddit? Telegram? Signal?

dancgn avatar Feb 10 '25 19:02 dancgn

@dancgn , whatsup?

greenpau avatar Feb 10 '25 21:02 greenpau

@dancgn, telegram @greenpau_git

greenpau avatar Feb 10 '25 21:02 greenpau

@dancgn Just in case the request is still open: The instructions and example provided in the Pocket-ID documentation were very helpful for my setup: Pocket-ID Proxy Services Guide.

By following the example, I was able to add authentication for some services, but not all.

einschmidt avatar Feb 15 '25 12:02 einschmidt