Caddy HTTP Basic Authentication (basicauth)

Self-Hosting Jan 14, 2021

What is HTTP Basic Authentication?

When visiting a website, protected with Basic Auth the browser will prompt the user to enter a username and password before any recourses are loaded.
private-example-com-basicauth

The client will then send an Authorization header with each request to the website, to maintain authentication.
This authentication must be over an HTTPS Connection to be secure.

More infomation on Basic Autentication can be found at Mozilla Docs and IBM Knowledge Center.

Setting up with Caddyfile

Generate a hash of your password. McAfee Explanation of Password Hash

Enter this into the terminal to generate a password hash:
caddy hash-password --algorithm bcrypt
You will be prompted to enter your password twice.
Output Example:
JDJhJDE0JElab2ZPM25zdU40bE5SSURlTHd3OHVBeVJvYTlMN3dMOEFMdFVCRzNYS1l5ODl6TlVyQllH

Caddyfile
Below is a template just replace the Username and Hash, then place it in your Caddyfile.

basicauth * {
	bob JDJhJDE0JElab2ZPM25zdU40bE5SSURlTHd3OHVBeVJvYTlMN3dMOEFMdFVCRzNYS1l5ODl6TlVyQllH
}

If you want to secure a certain path, the following syntax can be used:

basicauth /homework/* {
	bob JDJhJDE0JElab2ZPM25zdU40bE5SSURlTHd3OHVBeVJvYTlMN3dMOEFMdFVCRzNYS1l5ODl6TlVyQllH
}

Reload Caddy
caddy reload

Docs
Caddy Basic Authentication Docs
Caddy hash-password Docs


Cover Image Credit: https://unsplash.com/@markuswinkler

Tags

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.