http.permission Plugin
This feature does not come with Caddy by default. To get it, select the http.permission plugin when you download Caddy.
The permission directive adds an authentication and authorization middleware that uses HTTP Basic Auth, TLS client certificates and a simple API for granular access control.
Examples
HTTP Basic Auth
permission basic { user greg qwerty1 # This is greg, his password is qwerty1 rw /tmp/ # he may read and write to /tmp/! user george # This is george, he does not have a password, another backend will have to authenticate him rw /admin/ default # applies to all logged-in users rw /api/users/0 # public # applies to everyone, also anonymous users none /internal/ # deny internal space for everyone ro / # allow reading everything GET,HEAD /other }
Use HTTP Basic Auth for user authorization and access control using HTTP methods and path prefixes.
TLS Auth
permission tls
Activate authentication via TLS client certificates. You must configure a client CA in caddy for this to work. The CN attribute of the certificate is used as the username. Read more in the docs about combining backends.
API Auth
permission api { name MyWebsite # name of website user http://localhost:8080/caddyapi # main authentication api permit http://localhost:8080/caddyapi/{{username}} # refetch a permit of a user login http://localhost:8080/login?next={{resource}} # redirect here for logging in (resource is original URL) add_prefix /api/resource /files # add prefixes to returned paths add_without_prefix # if add_prefix is used, but you still want to also add the original paths cache 600 # how to long to cache authenticated users cleanup 3600 # when to clean out authenticated users }
Use the simple API that you can implement in your application to provide caddy with user authentication and access control settings for users. This will enable you to add an authentication and authorization layer to unsupported applications.
Related Links
Documentation
Access the full documentation for this plugin off-site:
Plugin Help
Get help from the maintainers of the http.permission plugin:
Plugin Website
Visit http.permission’s website for more information:
Plugin Author: dhaavi
Last Updated: 18 Jul 2019, 6:56 AM
This plugin is independent of the Caddy project and is not endorsed or maintained by Caddy developers. Use at your own risk. Do not file issues for this plugin on Caddy’s bug tracker.