New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redirect Loop with caddy-security #131
Comments
Please change the above to:
Please delete the following. You are not using these policies. It will make the config smaller.
When you browse to |
Updated to remove the "guest" and "user" policies and removed the route in the authentication site as requested. Yes, I get a redirect to the login, and can invoke both good (redirect loop) and bad (sandbox) login credentials. I can also interact with the portal after login at this URL |
@jshessen , the token you get from auth portal is granted to you via HTTPS. The links below suggest you are using using HTTP. If that the case the token issued via HTTPS will not be passed to HTTP.
Option 1: Add the following
Option 2: (better) Proxy Prometheus, Alert Manager, and Grafana via 18443.
|
@jshessen , more on it here: |
@greenpau this was a perfect answer! (been banging around for 2 days now) I implemented Option 1 to get a quick response. I am looking to expand this across my environment (very subdomain heavy) however, I can look to modify the fully caddy sites (reverse proxies) to be HTTPS/TLS to maintain the cookie integrity to the non-TLS backends as I move forward |
I had tried setting up TLS on the subsites, but had attempted to reduce the configuration as an act of troubleshooting, I should be able to go back to expanding the config. Thank you for the prompt response. |
@jshessen , more specifically on Prom and Alert Manager:
The config file for Prometheus should contain
Same for AlertManager:
|
@jshessen , if you want, please connect with me on LinkedIn and I will help you with your setup. We could do Google Meet or Zoom. |
@greenpau, thank you again ... I will try to find a window here in the next few weeks to reach out. |
@jshessen , next time open an issue after 15 minutes! |
@greenpau gave me a chance to really dig through all the different combinations of templates and documents! |
@jshessen , actually, prom/alertmanager/grafana was my first use case for this plugin 😄 |
@jshessen , you might also be interested in #105 (comment) Basically, when you proxy traffic to Grafana, you could set auth level via Also, see |
@jshessen , I am looking to add testimonial sections to https://authcrunch.com. Could you please write one and send it to me at greenpau@outlook.com? |
Describe the issue
Appear to be in a redirect loop where the access_token is not being found
Configuration
Paste full
Caddyfile
below:Version Information
Provide output of
caddy list-modules -versions | grep git
below:Expected behavior
Describe expected behavior.
Expect that after initial token failure, the authentication portal will prompt, and then redirect to original requested URL
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: