From 43b8658bfdc2cbf5ee7ca471601f9274d975ee2d Mon Sep 17 00:00:00 2001 From: tbodt Date: Thu, 27 Nov 2025 06:04:28 -0800 Subject: [PATCH] Show how to use subrequest auth with Caddy (#1312) Signed-off-by: tbodt --- .../admin/configuration/subrequest-auth.mdx | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/docs/docs/admin/configuration/subrequest-auth.mdx b/docs/docs/admin/configuration/subrequest-auth.mdx index 3685d5a..3b6a91e 100644 --- a/docs/docs/admin/configuration/subrequest-auth.mdx +++ b/docs/docs/admin/configuration/subrequest-auth.mdx @@ -156,3 +156,68 @@ server { ``` + +## Caddy + +Anubis can be used with the [`forward_auth`](https://caddyserver.com/docs/caddyfile/directives/forward_auth) directive in Caddy. + +First, the `TARGET` environment variable in Anubis must be set to a space, eg: + + + + +```shell +# anubis.env + +TARGET=" " +# ... +``` + + + + +```yaml +services: + anubis-caddy: + image: ghcr.io/techarohq/anubis:latest + environment: + TARGET: " " + # ... +``` + + + + +Inside your Deployment, StatefulSet, or Pod: + +```yaml +- name: anubis + image: ghcr.io/techarohq/anubis:latest + env: + - name: TARGET + value: " " + # ... +``` + + + + +Then configure the necessary directives in your site block: + +```caddy +route { + # Assumption: Anubis is running in the same network namespace as + # caddy on localhost TCP port 8923 + reverse_proxy /.within.website/* 127.0.0.1:8923 + forward_auth 127.0.0.1:8923 { + uri /.within.website/x/cmd/anubis/api/check + trusted_proxies private_ranges + @unauthorized status 401 + handle_response @unauthorized { + redir * /.within.website/?redir={uri} 307 + } + } +} +``` + +If you want to use this for multiple sites, you can create a [snippet](https://caddyserver.com/docs/caddyfile/concepts#snippets) and import it in multiple site blocks.