Hi everyone,

I'm encountering an issue with my self-hosted setup using Caddy 2.9.1 and Authelia 4.38.19. All domains except auth.laniecarmelo.tech return a 401 Unauthorized error. Journald logs suggest issues with insecure schemes ('') instead of https or wss.

Details:

Setup: Caddy as reverse proxy, Authelia for authentication
Domains: AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer
Logs:
Authelia:
Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"Caddy:
Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}

Configurations:

Full Caddyfile and Authelia config: GitHub Gist

Curl Output:

HTTP Request:

    
$ curl home.laniecarmelo.tech -v< HTTP/1.1 308 Permanent Redirect< Location: https://home.laniecarmelo.tech/

HTTPS Request:

    
$ curl https://home.laniecarmelo.tech/ -v< HTTP/2 401 < content-type: text/plain; charset=utf-8< server: Caddy401 Unauthorized

Does anyone know what might be causing this? I suspect it could be related to forward_auth or trusted proxies.

Thanks in advance! 🙏

SelfHosting #CaddyServer #Authelia #ReverseProxy #TechHelp #Linux #HomeLab
@selfhost @selfhosting @selfhosted

2 comments

Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported
Have you tried using a supported scheme in the target URL?

@selfhost @selfhosting @selfhosted Got help on #IRC. Trick was to move trustedproxies out of site blocks and into a global servers block and use uri /api/authz/forward-auth
instead of uri /api/verify.