You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using Caddy with Authelia, I have Authelia configured to only do 2FA with certain URIs & to completely bypass certain other URIs. For those URIs that completely bypass authentication Authelia cannot & does not set a Remote-User header.
Unfortunately Caddy doesn't like that very much. With a simple configuration snippet such as
what happens is that Caddy sets the Remove-User header correctly when Authelia sets the header, too. But when Authelia does not set the Remove-User header (or any of the others), what Caddy sends to the proxied server is actually the following:
Yes, it leaves the template code as-is in the headers it sends to the proxy server. Same for the any other header configured via copy_headers that isn't set by Authelia.
This means I'll have to include the bypassed URIs from Authelia's configuration in Caddy's configuration & only send requests for other URIs to Authelia, making this whole configuration much more complex & difficult to maintain.
The text was updated successfully, but these errors were encountered:
Thanks, but it's not that urgent. I've added the bypassed URIs as a negative matcher & used that with for forward_auth. That suffices until a new release fixes the issue. I'd just rather I don't have to keep both locations in sync indefinitely, which I won't have to. Yay!
Caddy 2.8.4
Using Caddy with Authelia, I have Authelia configured to only do 2FA with certain URIs & to completely bypass certain other URIs. For those URIs that completely bypass authentication Authelia cannot & does not set a
Remote-User
header.Unfortunately Caddy doesn't like that very much. With a simple configuration snippet such as
what happens is that Caddy sets the
Remove-User
header correctly when Authelia sets the header, too. But when Authelia does not set theRemove-User
header (or any of the others), what Caddy sends to the proxied server is actually the following:Yes, it leaves the template code as-is in the headers it sends to the proxy server. Same for the any other header configured via
copy_headers
that isn't set by Authelia.This means I'll have to include the bypassed URIs from Authelia's configuration in Caddy's configuration & only send requests for other URIs to Authelia, making this whole configuration much more complex & difficult to maintain.
The text was updated successfully, but these errors were encountered: