Closed notramo closed 2 weeks ago
Are you sure '
is valid syntax for your env vars? Most env var styles allow spaces, so you don't need quotes around the value, i.e. the text you have to the right of the =
is the literal value, so you don't need quotes to escape any spaces.
I tried it with docker-compose
, which don't allow spaces, but I tried with both three versions: no quote, single- and double quote.
Also, as I mentioned, the autosave.json
config contains the correct hash/username combination, so the env is probably correctly parsed.
I'm not able to reproduce it. Here are the logs:
~ $ cat Caddyfile
{
debug
}
http://localhost:80 {
log
basic_auth {
{$CADDY_BASICAUTH}
}
respond "Hello!"
}
~ $ CADDY_BASICAUTH='mohammed $2a$14$eVp4P1lnF1JBosShPkdIUexrh0NaV4S/d3kIqzHu7PSlhW4.aDinK' caddy run
2024/06/16 21:33:39.587 INFO using adjacent Caddyfile
2024/06/16 21:33:39.588 INFO adapted config to JSON {"adapter": "caddyfile"}
2024/06/16 21:33:39.590 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/06/16 21:33:39.590 WARN http.auto_https server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv0", "http_port": 80}
2024/06/16 21:33:39.590 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000412f80"}
2024/06/16 21:33:39.590 DEBUG http.auto_https adjusted config {"tls": {"automation":{"policies":[{}]}}, "http": {"servers":{"srv0":{"listen":[":80"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"authentication","providers":{"http_basic":{"accounts":[{"password":"$2a$14$eVp4P1lnF1JBosShPkdIUexrh0NaV4S/d3kIqzHu7PSlhW4.aDinK","username":"mohammed"}],"hash":{"algorithm":"bcrypt"},"hash_cache":{}}}},{"body":"Hello!","handler":"static_response"}]}]}],"terminal":true}],"automatic_https":{"disable":true},"logs":{"logger_names":{"localhost":[""]}}}}}}
2024/06/16 21:33:39.591 DEBUG http starting server loop {"address": "[::]:80", "tls": false, "http3": false}
2024/06/16 21:33:39.591 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/06/16 21:33:39.591 INFO autosaved config (load with --resume flag) {"file": "/Users/mohammed/Library/Application Support/Caddy/autosave.json"}
2024/06/16 21:33:39.591 INFO serving initial configuration
2024/06/16 21:33:39.641 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/Users/mohammed/Library/Application Support/Caddy", "instance": "5db98ed9-fbc1-43a9-a23e-d5886eb6cf2c", "try_again": "2024/06/17 21:33:39.641", "try_again_in": 86399.999999413}
2024/06/16 21:33:39.641 INFO tls finished cleaning storage units
2024/06/16 21:33:50.832 DEBUG http.log.error not authenticated {"request": {"remote_ip": "::1", "remote_port": "53295", "client_ip": "::1", "proto": "HTTP/1.1", "method": "GET", "host": "localhost", "uri": "/", "headers": {"User-Agent": ["curl/8.8.0"], "Accept": ["*/*"]}}, "duration": 0.00006838, "status": 401, "err_id": "2sz9uuk1j", "err_trace": "caddyauth.Authentication.ServeHTTP (caddyauth.go:89)"}
2024/06/16 21:33:50.833 INFO http.log.access handled request {"request": {"remote_ip": "::1", "remote_port": "53295", "client_ip": "::1", "proto": "HTTP/1.1", "method": "GET", "host": "localhost", "uri": "/", "headers": {"User-Agent": ["curl/8.8.0"], "Accept": ["*/*"]}}, "bytes_read": 0, "user_id": "", "duration": 0.00006838, "size": 0, "status": 401, "resp_headers": {"Server": ["Caddy"], "Www-Authenticate": ["Basic realm=\"restricted\""]}}
2024/06/16 21:34:06.423 INFO http.log.access handled request {"request": {"remote_ip": "::1", "remote_port": "53296", "client_ip": "::1", "proto": "HTTP/1.1", "method": "GET", "host": "localhost", "uri": "/", "headers": {"Authorization": ["REDACTED"], "User-Agent": ["curl/8.8.0"], "Accept": ["*/*"]}}, "bytes_read": 0, "user_id": "mohammed", "duration": 0.994081125, "size": 6, "status": 200, "resp_headers": {"Server": ["Caddy"], "Content-Type": ["text/plain; charset=utf-8"]}}
^C2024/06/16 21:34:14.456 INFO shutting down {"signal": "SIGINT"}
2024/06/16 21:34:14.456 WARN exiting; byeee!! 👋 {"signal": "SIGINT"}
2024/06/16 21:34:14.456 INFO http servers shutting down with eternal grace period
2024/06/16 21:34:14.456 INFO admin stopped previous server {"address": "localhost:2019"}
2024/06/16 21:34:14.456 INFO shutdown complete {"signal": "SIGINT", "exit_code": 0}
~ $ curl -vvvv localhost
* Host localhost:80 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:80...
* Connected to localhost (::1) port 80
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/8.8.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< Server: Caddy
< Www-Authenticate: Basic realm="restricted"
< Date: Sun, 16 Jun 2024 21:33:50 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
~ $ curl -vv -u mohammed:password localhost
* Host localhost:80 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:80...
* Connected to localhost (::1) port 80
* Server auth using Basic with user 'mohammed'
> GET / HTTP/1.1
> Host: localhost
> Authorization: Basic bW9oYW1tZWQ6cGFzc3dvcmQ=
> User-Agent: curl/8.8.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Content-Type: text/plain; charset=utf-8
< Server: Caddy
< Date: Sun, 16 Jun 2024 21:34:06 GMT
< Content-Length: 6
<
* Connection #0 to host localhost left intact
Hello!%
How are you running your system? How are you testing it? What do you see in the logs of both ends? Provide as much details as possible.
Ultimately this doesn't seem like a bug with Caddy, but rather a problem with however you're defining the env vars. As long as the env vars don't contain any quotes and is literally just <username> <password>
with no extra syntactical elements, then it should work just fine, and the Caddyfile parser will split those into two tokens and recognize it as separate things.
I'll close this because I don't think there's anything actionable for us here (other than answering your questions - but we don't need the issue open to do that).
It turns out the config was indeed wrong. Sorry for wasting your time.
Environment:
Caddyfile
It neither works if the env only contains the hashed password:
Checked
autosave.json
, and both the username and the hash are correct in the parsed JSON config.