PocketID in combination with Caddy Secure / authcrunch #454

New Issue

Closed

opened 2025-10-07 00:15:35 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2025-10-07 00:15:35 +03:00

Owner

Copy Link

Originally created by @PaddyPat on GitHub.

Feature description

Dear stonith404,

could you give me a hint how to solve this issue with caddy and caddy secure plugin?

I'm using caddy secure as auth portal.
Pocketid supports groups, which is really great in combination with caddy secure (add user to group xy - menu entry is visible and domain is accessible) .

But I need to run it on two different server, one for pocketit on port 443, one for authcrunch (caddy secure) on 443.

Why two servers?

In authcrunch Caddyfile (https://github.com/authcrunch/authcrunch.github.io/blob/main/assets/conf/oauth/generic/Caddyfile) for oidc,
the domain (Keycloak) is listed in line 16/17. This means, ts listed before its declared at the bottom of the caddy file to offer it (line 70 for pocketid as an example)

If I bind it to pocketid:80, it also fails and I have no more idea, howto run both apps on 443 on one machine.

Do you have any hint for me to solve this issue without using two servers?
Thanks for your work and your help. 👍

Pitch

.

Originally created by @PaddyPat on GitHub. ### Feature description Dear stonith404, could you give me a hint how to solve this issue with caddy and caddy secure plugin? I'm using caddy secure as auth portal. Pocketid supports groups, which is really great in combination with caddy secure (add user to group xy - menu entry is visible and domain is accessible) . But I need to run it on two different server, one for pocketit on port 443, one for authcrunch (caddy secure) on 443. Why two servers? In authcrunch Caddyfile (https://github.com/authcrunch/authcrunch.github.io/blob/main/assets/conf/oauth/generic/Caddyfile) for oidc, the domain (Keycloak) is listed in line 16/17. This means, ts listed before its declared at the bottom of the caddy file to offer it (line 70 for pocketid as an example) If I bind it to pocketid:80, it also fails and I have no more idea, howto run both apps on 443 on one machine. Do you have any hint for me to solve this issue without using two servers? Thanks for your work and your help. 👍 ### Pitch .

OVERLORD added the feature label 2025-10-07 00:15:35 +03:00

OVERLORD closed this issue 2025-10-07 00:15:36 +03:00

OVERLORD commented 2025-10-07 00:15:38 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

I don’t use Authcrunch, so I can’t provide detailed assistance with it. However, I think a Cloudflare tunnel is a solid solution. Alternatively, you could try running Pocket ID behind Authcrunch and disabling authentication for Pocket ID within Authcrunch, I'm not sure if this is possible though. Another option could be placing Caddy as a reverse proxy in front of both Authcrunch and Pocket ID.

@stonith404 commented on GitHub: I don’t use Authcrunch, so I can’t provide detailed assistance with it. However, I think a Cloudflare tunnel is a solid solution. Alternatively, you could try running Pocket ID behind Authcrunch and disabling authentication for Pocket ID within Authcrunch, I'm not sure if this is possible though. Another option could be placing Caddy as a reverse proxy in front of both Authcrunch and Pocket ID.

OVERLORD commented 2025-10-07 00:15:39 +03:00

Author

Owner

Copy Link

@PaddyPat commented on GitHub:

For others how I solved it:
Run pocketid only behind cloudflare tunnel.
This allowed me during execution from authcrunch to validate oidc connection.

Other hints are welcome

@PaddyPat commented on GitHub: For others how I solved it: Run pocketid only behind cloudflare tunnel. This allowed me during execution from authcrunch to validate oidc connection. Other hints are welcome

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

breaking/v2

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#454