caddy-security icon indicating copy to clipboard operation
caddy-security copied to clipboard
verified publisher icon greenpau

unrecognized directive: security

Open rzabel66 opened this issue 9 months ago • 5 comments

Describe the issue

C:\Program Files\Python 3.10\caddy>caddy adapt 2025/04/11 03:13:30.764 ←[34mINFO←[0m using adjacent Caddyfile Error: Caddyfile:10: unrecognized directive: security

C:\Program Files\Python 3.10\caddy>xcaddy build --with github.com/greenpau/caddy-security@latest 2025/04/10 22:01:41 [INFO] absolute output file path: C:\Program Files\Python 3.10\caddy\caddy.exe 2025/04/10 22:01:42 [INFO] Temporary folder: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2201.3489231662 2025/04/10 22:01:42 [INFO] Writing main module: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2201.3489231662\main.go package main

import ( caddycmd "github.com/caddyserver/caddy/v2/cmd"

    // plug in Caddy modules here
    _ "github.com/caddyserver/caddy/v2/modules/standard"
    _ "github.com/greenpau/caddy-security"

)

func main() { caddycmd.Main() } 2025/04/10 22:01:42 [INFO] Initializing Go module 2025/04/10 22:01:42 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe mod init caddy go: creating new go.mod: module caddy go: to add module requirements and sums: go mod tidy 2025/04/10 22:01:43 [INFO] Pinning versions 2025/04/10 22:01:43 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -v github.com/caddyserver/caddy/v2 go: added github.com/beorn7/perks v1.0.1 go: added github.com/caddyserver/caddy/v2 v2.9.1 go: added github.com/caddyserver/certmagic v0.21.6 go: added github.com/caddyserver/zerossl v0.1.3 go: added github.com/cespare/xxhash/v2 v2.3.0 go: added github.com/francoispqt/gojay v1.2.13 go: added github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 go: added github.com/google/pprof v0.0.0-20231212022811-ec68065c825e go: added github.com/google/uuid v1.6.0 go: added github.com/klauspost/cpuid/v2 v2.2.9 go: added github.com/libdns/libdns v0.2.2 go: added github.com/mholt/acmez/v3 v3.0.0 go: added github.com/miekg/dns v1.1.62 go: added github.com/onsi/ginkgo/v2 v2.13.2 go: added github.com/prometheus/client_golang v1.19.1 go: added github.com/prometheus/client_model v0.5.0 go: added github.com/prometheus/common v0.48.0 go: added github.com/prometheus/procfs v0.12.0 go: added github.com/quic-go/qpack v0.5.1 go: added github.com/quic-go/quic-go v0.48.2 go: added github.com/zeebo/blake3 v0.2.4 go: added go.uber.org/mock v0.4.0 go: added go.uber.org/multierr v1.11.0 go: added go.uber.org/zap v1.27.0 go: added go.uber.org/zap/exp v0.3.0 go: added golang.org/x/crypto v0.31.0 go: added golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 go: added golang.org/x/mod v0.18.0 go: added golang.org/x/net v0.33.0 go: added golang.org/x/sync v0.10.0 go: added golang.org/x/sys v0.28.0 go: added golang.org/x/term v0.27.0 go: added golang.org/x/text v0.21.0 go: added golang.org/x/time v0.7.0 go: added golang.org/x/tools v0.22.0 go: added google.golang.org/protobuf v1.35.1 2025/04/10 22:02:02 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -v github.com/greenpau/caddy-security@latest github.com/caddyserver/caddy/v2 go: accepting indirect upgrade from github.com/caddyserver/[email protected] to v0.22.2 go: accepting indirect upgrade from github.com/google/[email protected] to v0.0.0-20250317173921-a4b03ec1a45e go: accepting indirect upgrade from github.com/klauspost/cpuid/[email protected] to v2.2.10 go: accepting indirect upgrade from github.com/libdns/[email protected] to v0.2.3 go: accepting indirect upgrade from github.com/mholt/acmez/[email protected] to v3.1.1 go: accepting indirect upgrade from github.com/miekg/[email protected] to v1.1.64 go: accepting indirect upgrade from github.com/onsi/ginkgo/[email protected] to v2.23.3 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v1.21.1 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v0.6.1 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v0.63.0 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v0.16.0 go: accepting indirect upgrade from github.com/quic-go/[email protected] to v0.50.1 go: accepting indirect upgrade from go.uber.org/[email protected] to v0.5.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.36.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.0.0-20250305212735-054e65f0b394 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.24.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.37.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.12.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.31.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.30.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.23.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.11.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.31.0 go: accepting indirect upgrade from google.golang.org/[email protected] to v1.36.6 go: added cel.dev/expr v0.22.1 go: added github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 go: upgraded github.com/Masterminds/semver/v3 v3.3.0 => v3.3.1 go: upgraded github.com/Microsoft/go-winio v0.6.0 => v0.6.2 go: upgraded github.com/antlr4-go/antlr/v4 v4.13.0 => v4.13.1 go: added github.com/beevik/etree v1.5.0 go: upgraded github.com/caddyserver/certmagic v0.21.6 => v0.22.2 go: added github.com/ccoveille/go-safecast v1.6.1 go: added github.com/coreos/go-oidc/v3 v3.13.0 go: upgraded github.com/cpuguy83/go-md2man/v2 v2.0.4 => v2.0.6 go: added github.com/crewjam/httperr v0.2.0 go: added github.com/crewjam/saml v0.4.14 go: upgraded github.com/dgraph-io/ristretto v0.1.0 => v0.2.0 go: upgraded github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 => v0.0.0-20240924180020-3414d57e47da go: added github.com/emersion/go-sasl v0.0.0-20241020182733-b788ff22d5a6 go: added github.com/emersion/go-smtp v0.21.3 go: added github.com/go-asn1-ber/asn1-ber v1.5.7 go: upgraded github.com/go-jose/go-jose/v3 v3.0.3 => v3.0.4 go: added github.com/go-jose/go-jose/v4 v4.0.5 go: added github.com/go-ldap/ldap/v3 v3.4.10 go: upgraded github.com/go-sql-driver/mysql v1.7.1 => v1.9.1 go: added github.com/go-task/slim-sprig/v3 v3.0.0 go: added github.com/golang-jwt/jwt/v4 v4.5.2 go: upgraded github.com/golang/snappy v0.0.4 => v1.0.0 go: upgraded github.com/google/cel-go v0.21.0 => v0.24.1 go: upgraded github.com/google/pprof v0.0.0-20231212022811-ec68065c825e => v0.0.0-20250317173921-a4b03ec1a45e go: added github.com/greenpau/caddy-security v1.1.31 go: added github.com/greenpau/go-authcrunch v1.1.7 go: added github.com/greenpau/versioned v1.0.30 go: upgraded github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a => v0.0.0-20240606120523-5a60cdf6a761 go: added github.com/jackc/pgx/v5 v5.7.4 go: added github.com/jackc/puddle/v2 v2.2.2 go: added github.com/jonboulle/clockwork v0.5.0 go: upgraded github.com/klauspost/compress v1.17.11 => v1.18.0 go: upgraded github.com/klauspost/cpuid/v2 v2.2.9 => v2.2.10 go: upgraded github.com/libdns/libdns v0.2.2 => v0.2.3 go: added github.com/mattermost/xml-roundtrip-validator v0.1.0 go: upgraded github.com/mattn/go-colorable v0.1.13 => v0.1.14 go: upgraded github.com/mholt/acmez/v3 v3.0.0 => v3.1.1 go: upgraded github.com/miekg/dns v1.1.62 => v1.1.64 go: added github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go: upgraded github.com/onsi/ginkgo/v2 v2.13.2 => v2.23.3 go: upgraded github.com/prometheus/client_golang v1.19.1 => v1.21.1 go: upgraded github.com/prometheus/client_model v0.5.0 => v0.6.1 go: upgraded github.com/prometheus/common v0.48.0 => v0.63.0 go: upgraded github.com/prometheus/procfs v0.12.0 => v0.16.0 go: upgraded github.com/quic-go/quic-go v0.48.2 => v0.50.1 go: upgraded github.com/rs/xid v1.5.0 => v1.6.0 go: added github.com/russellhaering/goxmldsig v1.5.0 go: added github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e go: upgraded github.com/slackhq/nebula v1.6.1 => v1.9.5 go: upgraded github.com/smallstep/certificates v0.26.1 => v0.28.3 go: added github.com/smallstep/cli-utils v0.12.1 go: added github.com/smallstep/linkedca v0.23.0 go: upgraded github.com/smallstep/nosql v0.6.1 => v0.7.0 go: upgraded github.com/smallstep/pkcs7 v0.0.0-20231024181729-3b98ecc1ca81 => v0.2.1 go: upgraded github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d => v0.0.0-20250318231241-a25cabb69492 go: upgraded github.com/spf13/cast v1.7.0 => v1.7.1 go: upgraded github.com/spf13/cobra v1.8.1 => v1.9.1 go: upgraded github.com/spf13/pflag v1.0.5 => v1.0.6 go: upgraded github.com/stoewer/go-strcase v1.2.0 => v1.3.0 go: upgraded github.com/urfave/cli v1.22.14 => v1.22.16 go: upgraded go.etcd.io/bbolt v1.3.9 => v1.4.0 go: upgraded go.step.sm/crypto v0.45.0 => v0.59.2 go: upgraded go.uber.org/mock v0.4.0 => v0.5.0 go: upgraded golang.org/x/crypto v0.31.0 => v0.36.0 go: upgraded golang.org/x/crypto/x509roots/fallback v0.0.0-20241104001025-71ed71b4faf9 => v0.0.0-20250317152234-d0a798f77473 go: upgraded golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 => v0.0.0-20250305212735-054e65f0b394 go: upgraded golang.org/x/mod v0.18.0 => v0.24.0 go: upgraded golang.org/x/net v0.33.0 => v0.37.0 go: upgraded golang.org/x/oauth2 v0.16.0 => v0.28.0 go: upgraded golang.org/x/sync v0.10.0 => v0.12.0 go: upgraded golang.org/x/sys v0.28.0 => v0.31.0 go: upgraded golang.org/x/term v0.27.0 => v0.30.0 go: upgraded golang.org/x/text v0.21.0 => v0.23.0 go: upgraded golang.org/x/time v0.7.0 => v0.11.0 go: upgraded golang.org/x/tools v0.22.0 => v0.31.0 go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 => v0.0.0-20250324211829-b45e905df463 go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 => v0.0.0-20250324211829-b45e905df463 go: upgraded google.golang.org/grpc v1.67.1 => v1.71.0 go: added google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 go: upgraded google.golang.org/protobuf v1.35.1 => v1.36.6 go: upgraded howett.net/plist v1.0.0 => v1.0.1 2025/04/10 22:02:36 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -v 2025/04/10 22:02:47 [INFO] Build environment ready 2025/04/10 22:02:47 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe list -m github.com/caddyserver/caddy/v2 2025/04/10 22:02:48 [INFO] Building Caddy 2025/04/10 22:02:48 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe mod tidy -e 2025/04/10 22:02:59 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe build -o C:\Program Files\Python 3.10\caddy\caddy.exe -ldflags -w -s -trimpath -tags nobadger,nomysql,nopgx 2025/04/10 22:05:00 [INFO] Build complete: .\caddy.exe 2025/04/10 22:05:00 [INFO] Cleaning up temporary folder: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2201.3489231662

..\caddy.exe version v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

C:\Program Files\Python 3.10\caddy> C:\Program Files\Python 3.10\caddy>caddy run --config Caddyfile 2025/04/11 03:07:35.800 ←[34mINFO←[0m using config from file {"file": "Caddyfile"} Error: adapting config using caddyfile: Caddyfile:10: unrecognized directive: security

C:\Program Files\Python 3.10\caddy>caddy validate --config Caddyfile 2025/04/11 03:07:48.763 ←[34mINFO←[0m using config from file {"file": "Caddyfile"} Error: adapting config using caddyfile: Caddyfile:10: unrecognized directive: security

C:\Program Files\Python 3.10\caddy>where caddy C:\Program Files\Python 3.10\caddy\caddy.exe

C:\Program Files\Python 3.10\caddy>caddy --version v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

C:\Program Files\Python 3.10\caddy>caddy --listmodules Error: unknown flag: --listmodules

C:\Program Files\Python 3.10\caddy>caddy --list modules Error: unknown flag: --list

C:\Program Files\Python 3.10\caddy>caddy listmodules Error: unknown command "listmodules" for "caddy"

Did you mean this? list-modules

Run 'caddy --help' for usage.

C:\Program Files\Python 3.10\caddy>caddy list-modules admin.api.load admin.api.metrics admin.api.pki admin.api.reverse_proxy caddy.adapters.caddyfile caddy.config_loaders.http caddy.filesystems caddy.listeners.http_redirect caddy.listeners.proxy_protocol caddy.listeners.tls caddy.logging.cores.mock caddy.logging.encoders.append caddy.logging.encoders.console caddy.logging.encoders.filter caddy.logging.encoders.filter.cookie caddy.logging.encoders.filter.delete caddy.logging.encoders.filter.hash caddy.logging.encoders.filter.ip_mask caddy.logging.encoders.filter.query caddy.logging.encoders.filter.regexp caddy.logging.encoders.filter.rename caddy.logging.encoders.filter.replace caddy.logging.encoders.json caddy.logging.writers.discard caddy.logging.writers.file caddy.logging.writers.net caddy.logging.writers.stderr caddy.logging.writers.stdout caddy.storage.file_system events http http.authentication.hashes.bcrypt http.authentication.providers.http_basic http.encoders.gzip http.encoders.zstd http.handlers.acme_server http.handlers.authentication http.handlers.copy_response http.handlers.copy_response_headers http.handlers.encode http.handlers.error http.handlers.file_server http.handlers.headers http.handlers.intercept http.handlers.invoke http.handlers.log_append http.handlers.map http.handlers.metrics http.handlers.push http.handlers.request_body http.handlers.reverse_proxy http.handlers.rewrite http.handlers.static_response http.handlers.subroute http.handlers.templates http.handlers.tracing http.handlers.vars http.ip_sources.static http.matchers.client_ip http.matchers.expression http.matchers.file http.matchers.header http.matchers.header_regexp http.matchers.host http.matchers.method http.matchers.not http.matchers.path http.matchers.path_regexp http.matchers.protocol http.matchers.query http.matchers.remote_ip http.matchers.tls http.matchers.vars http.matchers.vars_regexp http.precompressed.br http.precompressed.gzip http.precompressed.zstd http.reverse_proxy.selection_policies.client_ip_hash http.reverse_proxy.selection_policies.cookie http.reverse_proxy.selection_policies.first http.reverse_proxy.selection_policies.header http.reverse_proxy.selection_policies.ip_hash http.reverse_proxy.selection_policies.least_conn http.reverse_proxy.selection_policies.query http.reverse_proxy.selection_policies.random http.reverse_proxy.selection_policies.random_choose http.reverse_proxy.selection_policies.round_robin http.reverse_proxy.selection_policies.uri_hash http.reverse_proxy.selection_policies.weighted_round_robin http.reverse_proxy.transport.fastcgi http.reverse_proxy.transport.http http.reverse_proxy.upstreams.a http.reverse_proxy.upstreams.multi http.reverse_proxy.upstreams.srv pki tls tls.ca_pool.source.file tls.ca_pool.source.http tls.ca_pool.source.inline tls.ca_pool.source.pki_intermediate tls.ca_pool.source.pki_root tls.ca_pool.source.storage tls.certificates.automate tls.certificates.load_files tls.certificates.load_folders tls.certificates.load_pem tls.certificates.load_storage tls.client_auth.verifier.leaf tls.get_certificate.http tls.get_certificate.tailscale tls.handshake_match.local_ip tls.handshake_match.remote_ip tls.handshake_match.sni tls.handshake_match.sni_regexp tls.issuance.acme tls.issuance.internal tls.issuance.zerossl tls.leaf_cert_loader.file tls.leaf_cert_loader.folder tls.leaf_cert_loader.pem tls.leaf_cert_loader.storage tls.permission.http tls.stek.distributed tls.stek.standard

Standard modules: 124

http.authentication.providers.authorizer http.handlers.authenticator security

Non-standard modules: 3

Unknown modules: 0

C:\Program Files\Python 3.10\caddy>xcaddy build
2025/04/10 22:10:21 [INFO] absolute output file path: C:\Program Files\Python 3.10\caddy\caddy.exe 2025/04/10 22:10:21 [INFO] Temporary folder: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2210.538042036 2025/04/10 22:10:22 [INFO] Writing main module: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2210.538042036\main.go package main

import ( caddycmd "github.com/caddyserver/caddy/v2/cmd"

    // plug in Caddy modules here
    _ "github.com/caddyserver/caddy/v2/modules/standard"

)

func main() { caddycmd.Main() } 2025/04/10 22:10:22 [INFO] Initializing Go module 2025/04/10 22:10:22 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe mod init caddy go: creating new go.mod: module caddy go: to add module requirements and sums: go mod tidy 2025/04/10 22:10:23 [INFO] Pinning versions 2025/04/10 22:10:24 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -v github.com/caddyserver/caddy/v2@
go: github.com/caddyserver/caddy/v2@: invalid version: version "\" invalid: disallowed version string 2025/04/10 22:10:25 [FATAL] exit status 1

C:\Program Files\Python 3.10\caddy>xcaddy build --with github.com/greenpau/caddy-security 2025/04/10 22:10:50 [INFO] absolute output file path: C:\Program Files\Python 3.10\caddy\caddy.exe 2025/04/10 22:10:50 [INFO] Temporary folder: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2210.891429033 2025/04/10 22:10:50 [INFO] Writing main module: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2210.891429033\main.go package main

import ( caddycmd "github.com/caddyserver/caddy/v2/cmd"

    // plug in Caddy modules here
    _ "github.com/caddyserver/caddy/v2/modules/standard"
    _ "github.com/greenpau/caddy-security"

)

func main() { caddycmd.Main() } 2025/04/10 22:10:50 [INFO] Initializing Go module 2025/04/10 22:10:51 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe mod init caddy go: creating new go.mod: module caddy go: to add module requirements and sums: go mod tidy 2025/04/10 22:10:52 [INFO] Pinning versions 2025/04/10 22:10:52 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -v github.com/caddyserver/caddy/v2 go: added github.com/beorn7/perks v1.0.1 go: added github.com/caddyserver/caddy/v2 v2.9.1 go: added github.com/caddyserver/certmagic v0.21.6 go: added github.com/caddyserver/zerossl v0.1.3 go: added github.com/cespare/xxhash/v2 v2.3.0 go: added github.com/francoispqt/gojay v1.2.13 go: added github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 go: added github.com/google/pprof v0.0.0-20231212022811-ec68065c825e go: added github.com/google/uuid v1.6.0 go: added github.com/klauspost/cpuid/v2 v2.2.9 go: added github.com/libdns/libdns v0.2.2 go: added github.com/mholt/acmez/v3 v3.0.0 go: added github.com/miekg/dns v1.1.62 go: added github.com/onsi/ginkgo/v2 v2.13.2 go: added github.com/prometheus/client_golang v1.19.1 go: added github.com/prometheus/client_model v0.5.0 go: added github.com/prometheus/common v0.48.0 go: added github.com/prometheus/procfs v0.12.0 go: added github.com/quic-go/qpack v0.5.1 go: added github.com/quic-go/quic-go v0.48.2 go: added github.com/zeebo/blake3 v0.2.4 go: added go.uber.org/mock v0.4.0 go: added go.uber.org/multierr v1.11.0 go: added go.uber.org/zap v1.27.0 go: added go.uber.org/zap/exp v0.3.0 go: added golang.org/x/crypto v0.31.0 go: added golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 go: added golang.org/x/mod v0.18.0 go: added golang.org/x/net v0.33.0 go: added golang.org/x/sync v0.10.0 go: added golang.org/x/sys v0.28.0 go: added golang.org/x/term v0.27.0 go: added golang.org/x/text v0.21.0 go: added golang.org/x/time v0.7.0 go: added golang.org/x/tools v0.22.0 go: added google.golang.org/protobuf v1.35.1 2025/04/10 22:11:04 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -v github.com/greenpau/caddy-security github.com/caddyserver/caddy/v2 go: accepting indirect upgrade from github.com/caddyserver/[email protected] to v0.22.2 go: accepting indirect upgrade from github.com/google/[email protected] to v0.0.0-20250317173921-a4b03ec1a45e go: accepting indirect upgrade from github.com/klauspost/cpuid/[email protected] to v2.2.10 go: accepting indirect upgrade from github.com/libdns/[email protected] to v0.2.3 go: accepting indirect upgrade from github.com/mholt/acmez/[email protected] to v3.1.1 go: accepting indirect upgrade from github.com/miekg/[email protected] to v1.1.64 go: accepting indirect upgrade from github.com/onsi/ginkgo/[email protected] to v2.23.3 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v1.21.1 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v0.6.1 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v0.63.0 go: accepting indirect upgrade from github.com/prometheus/[email protected] to v0.16.0 go: accepting indirect upgrade from github.com/quic-go/[email protected] to v0.50.1 go: accepting indirect upgrade from go.uber.org/[email protected] to v0.5.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.36.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.0.0-20250305212735-054e65f0b394 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.24.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.37.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.12.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.31.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.30.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.23.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.11.0 go: accepting indirect upgrade from golang.org/x/[email protected] to v0.31.0 go: accepting indirect upgrade from google.golang.org/[email protected] to v1.36.6 go: added cel.dev/expr v0.22.1 go: added github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 go: upgraded github.com/Masterminds/semver/v3 v3.3.0 => v3.3.1 go: upgraded github.com/Microsoft/go-winio v0.6.0 => v0.6.2 go: upgraded github.com/antlr4-go/antlr/v4 v4.13.0 => v4.13.1 go: added github.com/beevik/etree v1.5.0 go: upgraded github.com/caddyserver/certmagic v0.21.6 => v0.22.2 go: added github.com/ccoveille/go-safecast v1.6.1 go: added github.com/coreos/go-oidc/v3 v3.13.0 go: upgraded github.com/cpuguy83/go-md2man/v2 v2.0.4 => v2.0.6 go: added github.com/crewjam/httperr v0.2.0 go: added github.com/crewjam/saml v0.4.14 go: upgraded github.com/dgraph-io/ristretto v0.1.0 => v0.2.0 go: upgraded github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 => v0.0.0-20240924180020-3414d57e47da go: added github.com/emersion/go-sasl v0.0.0-20241020182733-b788ff22d5a6 go: added github.com/emersion/go-smtp v0.21.3 go: added github.com/go-asn1-ber/asn1-ber v1.5.7 go: upgraded github.com/go-jose/go-jose/v3 v3.0.3 => v3.0.4 go: added github.com/go-jose/go-jose/v4 v4.0.5 go: added github.com/go-ldap/ldap/v3 v3.4.10 go: upgraded github.com/go-sql-driver/mysql v1.7.1 => v1.9.1 go: added github.com/go-task/slim-sprig/v3 v3.0.0 go: added github.com/golang-jwt/jwt/v4 v4.5.2 go: upgraded github.com/golang/snappy v0.0.4 => v1.0.0 go: upgraded github.com/google/cel-go v0.21.0 => v0.24.1 go: upgraded github.com/google/pprof v0.0.0-20231212022811-ec68065c825e => v0.0.0-20250317173921-a4b03ec1a45e go: added github.com/greenpau/caddy-security v1.1.31 go: added github.com/greenpau/go-authcrunch v1.1.7 go: added github.com/greenpau/versioned v1.0.30 go: upgraded github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a => v0.0.0-20240606120523-5a60cdf6a761 go: added github.com/jackc/pgx/v5 v5.7.4 go: added github.com/jackc/puddle/v2 v2.2.2 go: added github.com/jonboulle/clockwork v0.5.0 go: upgraded github.com/klauspost/compress v1.17.11 => v1.18.0 go: upgraded github.com/klauspost/cpuid/v2 v2.2.9 => v2.2.10 go: upgraded github.com/libdns/libdns v0.2.2 => v0.2.3 go: added github.com/mattermost/xml-roundtrip-validator v0.1.0 go: upgraded github.com/mattn/go-colorable v0.1.13 => v0.1.14 go: upgraded github.com/mholt/acmez/v3 v3.0.0 => v3.1.1 go: upgraded github.com/miekg/dns v1.1.62 => v1.1.64 go: added github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go: upgraded github.com/onsi/ginkgo/v2 v2.13.2 => v2.23.3 go: upgraded github.com/prometheus/client_golang v1.19.1 => v1.21.1 go: upgraded github.com/prometheus/client_model v0.5.0 => v0.6.1 go: upgraded github.com/prometheus/common v0.48.0 => v0.63.0 go: upgraded github.com/prometheus/procfs v0.12.0 => v0.16.0 go: upgraded github.com/quic-go/quic-go v0.48.2 => v0.50.1 go: upgraded github.com/rs/xid v1.5.0 => v1.6.0 go: added github.com/russellhaering/goxmldsig v1.5.0 go: added github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e go: upgraded github.com/slackhq/nebula v1.6.1 => v1.9.5 go: upgraded github.com/smallstep/certificates v0.26.1 => v0.28.3 go: added github.com/smallstep/cli-utils v0.12.1 go: added github.com/smallstep/linkedca v0.23.0 go: upgraded github.com/smallstep/nosql v0.6.1 => v0.7.0 go: upgraded github.com/smallstep/pkcs7 v0.0.0-20231024181729-3b98ecc1ca81 => v0.2.1 go: upgraded github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d => v0.0.0-20250318231241-a25cabb69492 go: upgraded github.com/spf13/cast v1.7.0 => v1.7.1 go: upgraded github.com/spf13/cobra v1.8.1 => v1.9.1 go: upgraded github.com/spf13/pflag v1.0.5 => v1.0.6 go: upgraded github.com/stoewer/go-strcase v1.2.0 => v1.3.0 go: upgraded github.com/urfave/cli v1.22.14 => v1.22.16 go: upgraded go.etcd.io/bbolt v1.3.9 => v1.4.0 go: upgraded go.step.sm/crypto v0.45.0 => v0.59.2 go: upgraded go.uber.org/mock v0.4.0 => v0.5.0 go: upgraded golang.org/x/crypto v0.31.0 => v0.36.0 go: upgraded golang.org/x/crypto/x509roots/fallback v0.0.0-20241104001025-71ed71b4faf9 => v0.0.0-20250317152234-d0a798f77473 go: upgraded golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 => v0.0.0-20250305212735-054e65f0b394 go: upgraded golang.org/x/mod v0.18.0 => v0.24.0 go: upgraded golang.org/x/net v0.33.0 => v0.37.0 go: upgraded golang.org/x/oauth2 v0.16.0 => v0.28.0 go: upgraded golang.org/x/sync v0.10.0 => v0.12.0 go: upgraded golang.org/x/sys v0.28.0 => v0.31.0 go: upgraded golang.org/x/term v0.27.0 => v0.30.0 go: upgraded golang.org/x/text v0.21.0 => v0.23.0 go: upgraded golang.org/x/time v0.7.0 => v0.11.0 go: upgraded golang.org/x/tools v0.22.0 => v0.31.0 go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 => v0.0.0-20250324211829-b45e905df463 go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 => v0.0.0-20250324211829-b45e905df463 go: upgraded google.golang.org/grpc v1.67.1 => v1.71.0 go: added google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 go: upgraded google.golang.org/protobuf v1.35.1 => v1.36.6 go: upgraded howett.net/plist v1.0.0 => v1.0.1 2025/04/10 22:11:32 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe get -v 2025/04/10 22:11:42 [INFO] Build environment ready 2025/04/10 22:11:42 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe list -m github.com/caddyserver/caddy/v2 2025/04/10 22:11:43 [INFO] Building Caddy 2025/04/10 22:11:43 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe mod tidy -e 2025/04/10 22:11:53 [INFO] exec (timeout=0s): C:\Program Files\Go\bin\go.exe build -o C:\Program Files\Python 3.10\caddy\caddy.exe -ldflags -w -s -trimpath -tags nobadger,nomysql,nopgx 2025/04/10 22:12:44 [INFO] Build complete: .\caddy.exe 2025/04/10 22:12:44 [INFO] Cleaning up temporary folder: C:\Users\rzabel\AppData\Local\Temp\buildenv_2025-04-10-2210.891429033

..\caddy.exe version v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

Configuration

Paste full Caddyfile below: { # Optional global options # debug }

:8443 { tls internal

# 1) Define caddy-security configuration
security {
    # SAML Identity Provider config named "azuread"
    saml identity-provider azuread {
        remote_metadata_url https://login.microsoftonline.com/******/federationmetadata/2007-06/federationmetadata.xml?appid=f396bddd-2cb2-4d5a-b271-f583e1016e53
        entity_id https://******/saml/sp/metadata

        # Optional overrides if not auto-detected from metadata:
        # idp_signin_url https://login.microsoftonline.com/******
        # idp_signout_url https://login.microsoftonline.com/******
        # idp_issuer https://sts.windows.net/******
        # acs_url https://******/saml/sp/acs
        # logout_url https://******/saml/sp/logout
    }

    # Create an authentication portal referencing the IdP "azuread"
    authentication portal myportal {
        saml single_sign_on azuread {
            idp_metadata azuread
        }
        ui {
            theme basic
        }
    }
}

# 2) Protect routes behind SAML
route {
    # This uses the "myportal" authentication from above
    authenticate with myportal

    # Distinguish calls to the SAML endpoints vs. normal traffic
    @samlRoutes path_regexp saml ^/saml
    handle @samlRoutes {
        respond "SAML endpoint called" 200
    }

    # Any other path is "normal" content
    handle {
        respond "You are authenticated via Azure AD SAML!" 200
    }
}

}

Paste configuration here ...


**Version Information**

Provide output of `caddy list-modules --versions | grep -E "(auth|security)"` below:

Paste output here ...


**Expected behavior**

Describe expected behavior.

**Additional context**

Add any other context about the problem here.

rzabel66 avatar Apr 11 '25 03:04 rzabel66

@rzabel66 , this sounds like the module was not compiled or it is using an old version of it. The “security” directive should work if the module is loaded.

greenpau avatar Apr 11 '25 18:04 greenpau

The xcaddy should be invoked in the following way https://github.com/greenpau/caddy-security/issues/385#issuecomment-2791072372

greenpau avatar Apr 11 '25 18:04 greenpau

The xcaddy should be invoked in the following way https://github.com/greenpau/caddy-security/issues/385#issuecomment-2791072372 ... I'm not actually seeing what WAY is the correct way in that thread ..xcaddy build xcaddy build --with github.com/greenpau/[email protected] resulting in ,.. Standard modules: 124

http.authentication.providers.authorizer http.handlers.authenticator security

Non-standard modules: 3

is how i've done it with no luck

rzabel66 avatar Apr 11 '25 19:04 rzabel66

The xcaddy should be invoked in the following way https://github.com/greenpau/caddy-security/issues/385#issuecomment-2791072372 ... I'm not actually seeing what WAY is the correct way in that thread ..xcaddy build xcaddy build --with github.com/greenpau/[email protected] resulting in ,.. Standard modules: 124

http.authentication.providers.authorizer http.handlers.authenticator security

Non-standard modules: 3

is how i've done it with no luck

He probably meant this comment.

Anyway, you should probably do a custom build of caddy using a Dockerfile, and then build it manually using the command docker build --file <Dockerfile>.

This is how a Dockerfile could look like:

FROM caddy:builder AS builder

RUN GOTOOLCHAIN=go1.24.1 xcaddy build \
    --with github.com/greenpau/caddy-security

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

denisgabriel5 avatar Apr 11 '25 21:04 denisgabriel5

@denisgabriel5 thats exactly what I did, still no luck:

ARG IMAGE
FROM ${IMAGE}-builder AS builder

RUN xcaddy build \
  --with github.com/greenpau/caddy-security \
  --output /usr/bin/caddy

FROM $IMAGE AS base

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

alias doco=docker compose

doco run --remove-orphans --build caddy caddy list-modules | grep security
#8 [builder 2/2] RUN xcaddy build   --with github.com/greenpau/caddy-security   --output /usr/bin/caddy
security

doco run --build caddy
WARN[0000] Found orphan containers ([iot-stack-caddy-run-9a5b6a1a3f2c iot-stack-caddy-run-74f7a9ebdb7a iot-stack-caddy-run-2226bc880207]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
#1 [internal] load local bake definitions
#1 reading from stdin 575B done
#1 DONE 0.0s
...
#12 resolving provenance for metadata file
#12 DONE 0.0s
2025/11/16 16:59:00.557 INFO    maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined
2025/11/16 16:59:00.558 INFO    GOMEMLIMIT is updated   {"package": "github.com/KimMachineGun/automemlimit/memlimit", "GOMEMLIMIT": 14988810240, "previous": 9223372036854775807}
2025/11/16 16:59:00.558 INFO    using config from file  {"file": "/etc/caddy/Caddyfile"}
2025/11/16 16:59:00.563 INFO    maxprocs: No GOMAXPROCS change to reset
Error: adapting config using caddyfile: /etc/caddy/Caddyfile:16: unrecognized directive: security

services:
  caddy:
    container_name: caddy
    image: caddy:rolling
    build:
      context: .
      args:
        - IMAGE=caddy:2
    healthcheck:
      test:
        - CMD-SHELL
        - pgrep caddy
      interval: 1m30s
      timeout: 10s
      retries: 3
    restart: always
    ports:
      - "80:8080"
      - "443:8443"
    volumes:
      - ../../volumes/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
      - ../../volumes/caddy/www:/srv/www/host:ro

      - ../../certs/:/certs/:ro

any other recommendations?

milkpirate avatar Nov 16 '25 17:11 milkpirate