APIDemoOfficial SiteDiscord
Search…
Introduction
Want to help?
💾
Installation
Prerequisites
Installing Organizr
📌Getting started
First Time Setup
Tab Management
🤖
Features
Authentication Backend
Server Authentication
Nginx Server Authentication
Caddy Server Authentication
Traefik Server Authentication
SSO
Homepage
API Socks
Backup & Restore
Custom Error Pages
Fail2Ban Integration
🧪
Tweaks
Tweaks
Hide custom text from specific groups
Optimizing PHP-FPM
🆘
Help
Tutorials
FAQ
🌍 Development
Plugin Development
Powered By GitBook
Caddy Server Authentication
Utilizing Caddy's reauth

Using the Organizr authorization API

Using Caddy and the reauth plugin you can accomplish the same using the following block:
The reauth plugin doesn't seem to be fully working with Caddy v2, use the JWT method below
1
reauth {
2
path /sonarr # location that requires reauth
3
# path /glances # other directories can be listed
4
#
5
# if someone is not authorized for a page, send them here instead
6
failure redirect target=https://<your_domain>/
7
8
upstream url=https://<your_domain>/api/v2/auth/<group_id>,cookies=true
9
}
Copied!

Using OAuth / JWT tokens

Here is a sample Caddy directive to protect a path using the Organizr token:
1
jwt {
2
# Name of the path to protect
3
path /protected
4
5
# Allow / deny based on JWT claims
6
allow group Admin
7
allow group User
8
9
# Where to redirect in case the token is invalid or the claims are denied
10
redirect /
11
12
# Where to read the token from
13
token_source cookie organizr_token_62d9e46e-cdad-4726-9db7-e25b85397f57
14
15
# Path the the secret to validate the token
16
secret /etc/myprecious.txt
17
}
Copied!
The secret to use to validate the token needs to be passed to Caddy either as an environment variable named JWT_SECRET or in a file, specified with the secret configuration option.
Note that the http.jwt plugin is not installed in default Caddy builds. See https://caddyserver.com/docs/http.jwt for instructions on how to install it.
See https://github.com/BTBurke/caddy-jwt for more information on the jwt plugin and its configuration options.
You should not protect the / Organizr root path. Organizr handles it on its own.

Caddy v2

For Caddy v2, the caddy-security plugin seems to be the successor to caddy-jwt. The syntax has changed slightly to be something like this:
1
route /tautulli* {
2
authorize {
3
primary yes
4
set auth url https://mydomain.com
5
allow roles User Admin
6
crypto key token name organizr_token_uuid
7
crypto key verify organizrHash
8
}
9
reverse_proxy localhost:8181
10
}
11
12
route /sonarr* {
13
authorize
14
reverse_proxy localhost:8989
15
}
Copied!
Previous
Nginx Server Authentication
Next
Traefik Server Authentication
Last modified 3mo ago
Export as PDF
Copy link
Contents
Using the Organizr authorization API
Using OAuth / JWT tokens
Caddy v2