* www/caddy: Make usage of http01 challenge redirection clearer for domains and subdomains
* Update caddy.rst - Reformat Docs for better Maintainability
Removed the options with the help text and reformatted the text nicer.
* Update caddy.rst - Add ACME Email explanation due to recent upstream changes
* Update caddy.rst - Added small tutorial section for Access Lists
* Update caddy.rst - Port 80 TCP only, 443 is TCP/UDP for QUIC
* Update caddy.rst - Update Troubleshooting to be more precise, using the new Diagnostics View
* Update caddy.rst
* Added note to create NAT outbound rule for redirect-gateway to work
https://github.com/opnsense/core/issues/7318
* Added a brief info abount redirect-gateway
---------
Co-authored-by: Thomas Cekal <admin@cekal.org>
* Update caddy.rst - Some terminology changes for the new os-caddy version.
* Update caddy.rst - Small Typo fixed.
* Update caddy.rst - DNS01 is not needed for Dynamic DNS to work
* Update caddy.rst - Another small typo.
* Update caddy.rst
Add HTTP-01 challenge redirection option
* Update caddy.rst
- Added Tutorial section for the HTTP-01 challenge redirection
- A few more changes to get the docs in line with the new os-caddy-1.5.3 update
* Update caddy.rst - Add HTTP Response Code and Message
* Update caddy.rst - Add Header Manipulation
* Update caddy.rst - Added short tutorial how to use the most common header manipulation.
* Update caddy.rst - Improve header manipulation tutorial with the most common usecase, reverse proxying to an upstream webserver with vhosts.
* Update caddy.rst - Format fix
* Update caddy.rst - Add new fields for forward_auth support
* Update caddy.rst - Add configuration example for Authelia
* Update caddy.rst - Reformat doc
* Update caddy.rst
* Update caddy.rst - Again a few typos
* Revert all changes regarding forward_auth in caddy.rst
Since implementing this feature properly would take a redesign how the current handle/reverse_proxy structure works, it is unfeasible for now.
I am unsure the usecase is really there either. With basic_auth implemented, it's far easier to restrict access in a less convoluted way.
Combining basic_auth with http logs and crowdsec, makes bruteforcing also impossible, IP addresses are banned quite swiftly.
* Update source/manual/how-tos/caddy.rst - Typo
Co-authored-by: Dany Marcoux <github@dmarcoux.com>
* Update source/manual/how-tos/caddy.rst - Typo
Co-authored-by: Dany Marcoux <github@dmarcoux.com>
---------
Co-authored-by: Dany Marcoux <github@dmarcoux.com>
While setting up a reverse proxy for the OPNsense web UI, I stumbled on
this error. Without this configuration change, we get the following
error after logging in to https://opn.example.com
> The HTTP_REFERER "https://opn.example.com/" does not match the predefined settings
