serverproxycaddycaddyfile

How to protect direct ip access in caddy


I've a subdomain: api.example.com

And I've a caddyfile that use a reverse proxy to redirect to my api backend:

api.example.com {
  basicauth {
    user my_hashed_password
  }
  reverse_proxy localhost:8000
}

As you can see I protect the access of this api with a simple basicauth. It work as expected. But I can still access the api without authentication if use my_ip:8000 (for example 1.1.1.1:8000). How can I also apply the basic auth for the ip direct access ?

I've tried something like:

:8000 {
  basicauth {
    user my_hashed_password
  }
  handle api.example.com {
    reverse_proxy localhost:8000
  }
}

But caddy is angry because I use a reverse_proxy on the same port as the one declared above.


Solution

  • If port 8000 is not configured in Caddy, you cannot add basicauth in Caddy. You need to configure it in the application that is listening on port 8000.