«

Misplaced trust

December 16th, 2024

This might be a little technical for some readers, but don’t worry, it’s not actually the technical detail that’s important…

On my home server, I run about half a dozen services that I need to access via a web browser, so they’re all behind a Caddy reverse proxy which connects me to the right one, depending on the name I use in my browser: ‘homeassistant’, ‘unifi’, ‘searxng’, ‘octoprint’ etc. (All of these names are aliases for the same machine.)

One of these services is Nextcloud, which has user accounts, and I was thinking it would be handy if I could use those accounts to authorise access to the other services. Can I allow someone to use my web search frontend only if they have an account on my Nextcloud server, for example?

I thought I’d try out an AI system to see if it could speed up this process, because they’re often good at this kind of thing – Google Gemini, in this case. And, to my delight, it gave me pages of detailed instructions.

It knew that Nextcloud supports the OpenID Connect system, told me how to set it up, and then how to use the oidc directive in the Caddy configuration file to connect the two, so that Caddy could ask Nextcloud whether the user should be allowed in. It gave me nice examples of oidc actually in use, and the parameters you’d need to configure when using it to talk to the Nextcloud instance.

“Great!”, I thought, and grabbed a coffee, went upstairs to my machine, and started typing code to try it out. And it was then that I discovered…

Caddy doesn’t actually have an oidc directive.

Enjoyed this post? Why not sign up to receive Status-Q in your inbox?

Possibly-related posts:

5 Comments

Maybe we should just rebrand this as an “AI-generated feature request”.

    Actually, there’s something there, perhaps! Or… could you use an AI to intercept all the feature requests from users, say, “Thank you, we’ll take a look at that!”, and then tell the developers what they actually need to implement to make the largest number of people happy?

    That does assume, of course, that the AI knows what is implemented already…

TFTY:
and then tell the developers what they actually need to implement
and then the AI writes the extra code required 😉

What a shame! I thought how useful an oidc option in Caddy would be, and then you disappointed me. 🙂

    Yes, wouldn’t it? I think there is a third-party plugin which will do it, but one of the downsides of the current trend for single-binary-executable tools is that you generally have to recompile them if you want to include a plugin!

    In the meantime I may have to try to do something with forward_auth

Got Something To Say:

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks: 

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

*

«

Feeds

RSS  RSS feed

Categories

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

© Copyright Quentin Stafford-Fraser