Hi everyone, I'm encountering an issue with my self-hosted setup using Caddy 2

submitted by

Hi everyone,

I'm encountering an issue with my self-hosted setup using Caddy 2.9.1 and Authelia 4.38.19. All domains except auth.laniecarmelo.tech return a 401 Unauthorized error. Journald logs suggest issues with insecure schemes ('') instead of https or wss.

Details:

  • Setup: Caddy as reverse proxy, Authelia for authentication
  • Domains: AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer
  • Logs:
    Authelia:
    Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"Caddy:
    Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}

Configurations:

Curl Output:

HTTP Request:

$ curl home.laniecarmelo.tech -v
< HTTP/1.1 308 Permanent Redirect
< Location: https://home.laniecarmelo.tech/

HTTPS Request:

$ curl https://home.laniecarmelo.tech -v
< HTTP/2 401 
< content-type: text/plain; charset=utf-8
< server: Caddy
401 Unauthorized

Does anyone know what might be causing this? I suspect it could be related to forward_auth or trusted proxies.

Thanks in advance! 🙏

#SelfHosting #CaddyServer #Authelia #ReverseProxy #TechHelp #Linux #HomeLab
@selfhost @selfhosting @selfhosted

2
9

Log in to comment

Hot Top New Old

Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported

Have you tried using a supported scheme in the target URL?

 reply
3
OP

@selfhost @selfhosting @selfhosted Got help on #IRC. Trick was to move trusted_proxies out of site blocks and into a global servers block and use uri /api/authz/forward-auth
instead of uri /api/verify.

 reply
1
Insert image