breakfix: CHANGE_MEΒ #438
Description
Describe the issue
I can't customize the logo. static_asset doesn't seem to be working:
logo urldirective IS workinghttps://auth.example.com/assets/images/logo.svgis being requested but status = 404https://auth.example.com/auth/assets/images/logo.svgalso 404s- I added
static_asset "assets/test.txt" "text/plain" /etc/hostsas an experiment and that also 404s - other assets, e.g.
https://auth.example.com/assets/images/favicon.png, seem to be served fine - the file it points at (
/nix/store/piw4b53psp3r2vyw23ifc54ia15d9j21-logo.svg) is verified to exist on filesystem and is world-readable
Configuration
Paste full Caddyfile below:
{
email <redacted>
order authenticate before respond
order authorize before basicauth
security {
oauth identity provider google {
realm google
driver google
client_id {env.GOOGLE_OAUTH_CLIENT_ID}
client_secret {env.GOOGLE_OAUTH_CLIENT_SECRET}
scopes openid email profile
}
authentication portal oauthportal {
cookie domain example.com
cookie lifetime 86400
enable source ip tracking
enable identity provider google
ui {
logo url /assets/images/logo.svg
logo description "MySite"
# TODO Fix this
static_asset "assets/images/logo.svg" "image/svg+xml" "/nix/store/piw4b53psp3r2vyw23ifc54ia15d9j21-logo.svg"
# TODO Remove this, temporary
static_asset "assets/test.txt" "text/plain" /etc/hosts
}
# this should go before other transforms, since it might apply roles
transform user {
exact match origin google
exact match email [email protected]
action add role authp/admin
action add role authp/user
action add role authp/fileserver-user
}
transform user {
exact match origin google
exact match email [email protected]
action add role authp/user
action add role authp/fileserver-user
action add role authp/fileserver-dnd
}
transform user {
exact match origin google
exact match email [email protected]
action add role authp/user
action add role authp/fileserver-user
action add role authp/fileserver-dnd
}
transform user {
exact match origin google
exact match email [email protected]
action add role authp/user
action add role authp/fileserver-user
action add role authp/fileserver-media
}
# Custom Links - Admin Links
# (links use Line Awesome - https://icons8.com/line-awesome)
transform user {
exact match role authp/admin
ui link "My Identity" "/whoami" icon "las la-user"
}
# Custom Links - fileserver Links
# (links use Line Awesome - https://icons8.com/line-awesome)
transform user {
exact match role authp/fileserver-user
ui link "Files" "http://files.example.com" icon "las la-file-alt"
}
}
authorization policy fileserverpolicy {
allow roles authp/admin authp/fileserver-user
validate bearer header
set auth url https://auth.example.com/auth/login
inject headers with claims
}
}
}
auth.example.com {
authenticate with oauthportal
}
files.example.com {
authorize with fileserverpolicy
reverse_proxy http://127.0.0.1:3923 {
# headers for caddy <-> backend
header_up <redacted> "hello-fileserver"
}
# response headers
header {
Referrer-Policy same-origin
X-Frame-Options DENY
X-Content-Type-Options nosniff
X-XSS-Protection "1; mode=block"
}
}
Version Information
Provide output of caddy list-modules --versions | grep -E "(auth|security)" below:
$ caddy list-modules --versions | grep -E "(auth|security)"
http.authentication.hashes.bcrypt
http.authentication.providers.http_basic
http.handlers.authentication
tls.client_auth.verifier.leaf
Expected behavior
I would expect https://auth.example.com/assets/images/logo.svg to be the logo I wanted and show up in the portal
Additional context
n/a