Hello all,

I figured that a chunk of the selfhost community is using Caddy, so decided to post my query here. I am a novice in Caddy, so I might be saying some incorrect terms.

Some information

  • The router and the host running Caddy, are different machines
  • The router page is running HTTP, but I am accessing it via HTTPS through Caddy
  • Caddy is running via Docker.

I have a couple of services running on a host, so I access them via Caddy’s reverse proxy. Now I am also trying to access my router login via the same reverse proxy. This is what the router entry in the caddyfile looks like

.
.
{
    local_certs
}
login.router.lan {
	reverse_proxy 192.168.1.1:80
}
.
.

With this entry, I can access the login page. However, when I enter the password, I feel like it’s attempting to login but then it just comes back to the original login page. When I access it directly, the login is successful. I also have Pihole running and the Pihole login process works fine. So I suspect that the router login page is expecting some extra information from Caddy to forward it to the login page.

After some searching online and some LLM wrangling, I figured it’s some cookie issue or my login page is expecting a certain host.

What should I add to my Caddyfile so that the login redirect works?

Edit: Clarification! Everything is behind wireguard. Nothing is exposed to public (other than wireguard). I only access it within my home. The router login page cannot be accessed from outside.

    • xavier666@lemmy.umucat.dayOPEnglish
      1·
      8 hours ago

      I have tried this, but unfortunately, it did not work. I have tried this suite of commands

      login.router.lan {
    reverse_proxy 192.168.1.1:80 {
        # Preserve original host and scheme
        header_up Host {upstream_hostport}
        header_up X-Forwarded-Proto {http.request.scheme}
        header_up X-Forwarded-Host {http.request.host}
        header_up X-Forwarded-For {http.request.remote.host}

        # Keep cookies intact
        header_up Cookie {http.request.header.Cookie}
        header_down Set-Cookie {http.response.header.Set-Cookie}

        # Preserve Origin/Referer for CSRF tokens
        header_up Origin https://{http.request.host}
        header_up Referer https://{http.request.host}{http.request.uri.path}
    }
}

      Info: My caddy uses HTTPS but the router login page is HTTP. Not sure if this is relevant.

    • irmadlad@lemmy.worldEnglish
      2·
      23 hours ago

      Semi related, you can check the validity of Caddy entries into the caddyfile:

      • sudo caddy fmt --overwrite /etc/caddy/Caddyfile
      • caddy validate --config /etc/caddy/Caddyfile

      Where /etc/caddy/Caddyfile points to your caddyfile.