https://github.com/proofrock/caddy_knockknock
https://github.com/proofrock/caddy_knockknock
Last synced: 8 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/proofrock/caddy_knockknock
- Owner: proofrock
- License: apache-2.0
- Created: 2024-11-22T15:15:32.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-10T16:21:46.000Z (over 1 year ago)
- Last Synced: 2025-03-22T13:42:32.168Z (about 1 year ago)
- Language: Go
- Size: 41 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Caddy Knock Knock
A *simple enough but secure for someone* auth schema for caddy reverse proxies.
Basically, you can forbid access to services until a particular, secret parameter is added to the service's URL. Then a session cookie authorizes the access until the tab/browser is closed.
You must be aware that this secret parameter is **equivalent to a token and must be protected as a secret**. Don't create a bookmark in the browser. Keep it safe.
And yes, in the future I will add a timeout, not just "forever". But it's a good POC for now.
## Building
```bash
xcaddy build --with github.com/proofrock/caddy_knockknock@v0.1.3
```
## Configuration
First of all, decide a key and hash it with argon2, for example using [this site](https://argon2.online) (it doesn't seem to send your key over the internet at the time of writing, but check yourself!)
> Example:
> key: abcdef
> hash: $argon2id$v=19$m=16,t=2,p=1$Y2lhb2dlcm0$llGztGLqY/nSR2ax5vCtIg
Then, suppose you have a site to protect in caddy:
> Example
You add a parameter `kkkey` with the secret:
> Example:
When you do so, your session will be enabled for .
This is the corresponding `Caddyfile`:
```caddyfile
{
order caddy_knockknock first
}
protected.example.com {
caddy_knockknock {
key_hash "$argon2id$v=19$m=16,t=2,p=1$Y2lhb2dlcm0$llGztGLqY/nSR2ax5vCtIg"
}
respond "Authorized!"
}
```