Caddy Server Authentication
Utilizing Caddy's reauth

Using the Organizr authorization API

Using Caddy and the reauth plugin you can accomplish the same using the following block:
1
reauth {
2
path /sonarr # location that requires reauth
3
# path /glances # other directories can be listed
4
#
5
# if someone is not authorized for a page, send them here instead
6
failure redirect target=https://<your_domain>/
7
8
upstream url=https://<your_domain>/api/v2/auth/<group_id>,cookies=true
9
}
Copied!

Using OAuth / JWT tokens

Here is a sample Caddy directive to protect a path using the Organizr token:
1
jwt {
2
# Name of the path to protect
3
path /protected
4
5
# Allow / deny based on JWT claims
6
allow group Admin
7
allow group User
8
9
# Where to redirect in case the token is invalid or the claims are denied
10
redirect /
11
12
# Where to read the token from
13
token_source cookie organizr_token_62d9e46e-cdad-4726-9db7-e25b85397f57
14
15
# Path the the secret to validate the token
16
secret /etc/myprecious.txt
17
}
Copied!
The secret to use to validate the token needs to be passed to Caddy either as an environment variable named JWT_SECRET or in a file, specified with the secret configuration option.
Note that the http.jwt plugin is not installed in default Caddy builds. See https://caddyserver.com/docs/http.jwt for instructions on how to install it.
See https://github.com/BTBurke/caddy-jwt for more information on the jwt plugin and its configuration options.
You should not protect the / Organizr root path. Organizr handles it on its own.
Last modified 1mo ago