Remote authentication, behind caddy and cloudflare zero access #12225
-
|
Hello! I have a netbox 3.4.7 behind a Caddy reverse-proxy. The whole thing is behind a Cloudflare Zero Access reverse proxy, using Google Workspace as the IdP. I can't figure out how to make remote authentication work and I am running out of ideas to troubleshoot it! I have the following configuration in my .. and when I visit https://my-netbox/, after successfully authenticating with the Cloudflare Zero Access thing, it takes me to the netbox login page.
Here's my Caddyfile just for reference: .. but I still end up on the login page. Can anyone give me some help with troubleshooting this? Has anyone else faced this? Where might I look to find the problem? Am I testing it correctly? Thanks for reading! <3 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
https://docs.netbox.dev/en/stable/configuration/remote-authentication/#remote_auth_header
|
Beta Was this translation helpful? Give feedback.
-
|
REMOTE_AUTH_HEADER = 'HTTP_CF_ACCESS_AUTHENTICATED_USER_EMAIL'
.. prepending HTTP_, and converting the - to _. I also capitalised it but idk if that's important.
This is a general webserver thing, headers are passed to CGIs as Environment variables, and servers maintain compatibility with that style even when using WSGI, FCGI, etc. to communicate with the appserver. Passing arbitrary Environment variables to applications can greatly change their behavior which is a security risk (eg. PATH, LD_PRELOAD, many others) so to make sure you can't override the Environment for any program/library which is a child of the web request (eg. bash, ld, libc, whatever), arbitrary header variables are pre-pended with HTTP_ and normalized so they never conflict.
—
Mark Tinberg ***@***.***>
Division of Information Technology-Network Services
University of Wisconsin-Madison
Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
https://docs.netbox.dev/en/stable/configuration/remote-authentication/#remote_auth_header