Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



3 Commits

Repository files navigation


Caddy v2 middleware for validating a GitHub webhook request


xcaddy build \


This middleware functions as a gatekeeper for any succeeding directives in a route. The request is only passed on to the next directive if its signature is valid. Otherwise, the client receives a 403 status code.


validate_github <secret>
  • secret - shared secret between you and GitHub

You could use something like this bash command to generate a secure secret:

LC_ALL=C tr -dc '[:alnum:]' < /dev/urandom | head -c32; echo

Copy and paste the results into your Caddyfile.


validate_github is middleware meant to precede other directives.

An example of this directive in context looks like this:

route /update {
    validate_github KcuP9N0iEqYHFBRUda6oHLP4UUub6EMz
    exec * /path/to/bin/

Here, you're using validate_github to validate the request before passing it along to caddy-exec, runs the /path/to/bin/ script. Since caddy-exec does not support chaining commands at this time, it's necessary to perform multiple commands in a script or Go binary and invoke it from the exec directive.


The validate_github JSON look like this, minus succeeding middleware:

  "routes": [
      "handle": [
          "handler": "validate_github",
          "secret": "KcuP9N0iEqYHFBRUda6oHLP4UUub6EMz"
      "match": [
          "path": [