Closed ptman closed 7 months ago
@ptman , you might have an issue with connectivity. This is unrelated to the plugin
It's not connectivity, but the other service being down. But yes, connectivity would cause the same issue.
My problem is that I don't have a single site on caddy. I have tens. But only some use caddy-security. Still this causes all of them to be unavailable because caddy cannot be restarted.
So caddy should be able to start even if well-known cannot be fetched. And it should be retried periodically.
Related #282, which is a special case of this: when the OIDC provider is behind caddy itself, it can't start because the openid-configuration
is not reachable
https://authp.github.io/docs/authenticate/oauth/backend-oauth2-endpoint documents a workaround.
Describe the issue
{"level":"error","ts":1690988301.849259,"logger":"security","msg":"failed provisioning app server instance","app":"security","error":"server initialization failed: failed configuring identity provider: failed to fetch metadata for OAuth 2.0 authorization server: Get \"https://DOMAIN/realms/master/.well-known/openid-configuration\": dial tcp IPADDR:443: connect: connection refused"}
Expected behavior
I'd expect caddy to start and continue trying in the background since this isn't a problem with the configuration but with another service being unreachable.