this post was submitted on 23 Jul 2025
23 points (96.0% liked)

Selfhosted

49847 readers
851 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
23
How to enhance Caddy's basic_auth? (lemmy.kde.social)
submitted 3 days ago by tubbadu@lemmy.kde.social to c/selfhosted@lemmy.world
13 comments fedilink hide all child comments
 

Hello fellow selfhoster! on my debian server I use Caddy as reverse proxy, and would like to protect some services and files with a password. I would like, however, to be able to access some protected files programmatically, from a script. using Caddy's built-in basic_auth works as intended, but I'd like to be able to use a login form instead of just a browser prompt. This is AFAIK not possible, so I'm looking for alternatives. Any idea?

you are viewing a single comment's thread
view the rest of the comments
[–] notquitenothing@sh.itjust.works 12 points 3 days ago* (last edited 3 days ago) (2 children)

Developer of VoidAuth here, you could give that a try! If you have any issues or questions I can help :) VoidAuth

It does support basic_auth to ProxyAuth protected domains, so you can set up a user for that purpose. Docs for that are here: ProxyAuth

[–] tubbadu@lemmy.kde.social 2 points 3 days ago (1 children)

This looks very interesting! I see that it supports users groups, would it be possible to create "named access policies" (like "admin_only_policy", "group_XXX_policy" ecc) and then assign them to the various services directly in the Caddyfile? thank you very much!

[–] notquitenothing@sh.itjust.works 2 points 2 days ago* (last edited 2 days ago)

I don’t think you could do that directly in the Caddyfile, but you can create those groups/policies inside VoidAuth and assign them to users there.

The steps would be to (in VoidAuth) create the access group/policy, create the ProxyAuth Domain (protected.example.com/*) with the allowed group(s), make sure the user(s) have that group, then in Caddy add the forward_auth directive to the same route you want to protect.

Then when you go to access that route in a browser it will redirect you to VoidAuth login, or if you pass an Authentication header with Basic Auth (like when using an API) it will use that.