{"id":2539,"date":"2025-11-13T21:38:40","date_gmt":"2025-11-13T20:38:40","guid":{"rendered":"https:\/\/alessandromasciadri.com\/?p=2539"},"modified":"2026-03-13T21:45:55","modified_gmt":"2026-03-13T20:45:55","slug":"come-mettere-in-sicurezza-un-servizio-utilizzando-http-basic-auth-di-caddy","status":"publish","type":"post","link":"https:\/\/alessandromasciadri.com\/come-mettere-in-sicurezza-un-servizio-utilizzando-http-basic-auth-di-caddy\/","title":{"rendered":"Come mettere in sicurezza un servizio utilizzando HTTP Basic Auth di Caddy"},"content":{"rendered":"\t\t<div data-akihiro-type=\"ama-post\" data-akihiro-id=\"2539\" class=\"akihiro akihiro-2539\" data-akihiro-post-type=\"post\">\n\t\t\t\t<div class=\"akihiro-element akihiro-element-e430b25 e-flex e-con-boxed e-con e-parent\" data-id=\"e430b25\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"akihiro-element akihiro-element-567eb16 akihiro-widget akihiro-widget-text-editor\" data-id=\"567eb16\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In questo scenario dobbiamo mettere in sicurezza un servizio che nativamente non ha un sistema di autenticazione (nel mio caso si tratta di Homepage) e per fare ci\u00f2 utilizziamo la funzionalit\u00e0 <strong>HTTP Basic Auth<\/strong> del reverse proxy.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-1b81094 akihiro-widget akihiro-widget-heading\" data-id=\"1b81094\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h3 class=\"akihiro-heading-title akihiro-size-default\">Generare password hash<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-59b837b akihiro-widget akihiro-widget-text-editor\" data-id=\"59b837b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Nella configurazione di Caddy non si possono inserire password in chiaro, pertanto \u00e8 necessario generare l&#8217;hash della password. Per farlo Caddy ci mette a disposizione una utility.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-343effd akihiro-widget akihiro-widget-code-highlight\" data-id=\"343effd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>caddy hash-password --plaintext 'super-strong-password'<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-5c8343b akihiro-widget akihiro-widget-text-editor\" data-id=\"5c8343b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Nel caso stessimo utilizzando Caddy in versione containerizzata, il comando da lanciare sar\u00e0 questo:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-8b6e55a akihiro-widget akihiro-widget-code-highlight\" data-id=\"8b6e55a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>docker exec -it caddy caddy hash-password --plaintext 'super-strong-password'<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-f953afc akihiro-widget akihiro-widget-heading\" data-id=\"f953afc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h3 class=\"akihiro-heading-title akihiro-size-default\">Configurazione di Caddy<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-54cd14c akihiro-widget akihiro-widget-text-editor\" data-id=\"54cd14c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A questo punto possiamo configurare Caddy. Apriamo il file Caddyfile e aggiungiamo la configurazione necessaria:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-652f5ab akihiro-widget akihiro-widget-code-highlight\" data-id=\"652f5ab\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language- \">\n\t\t\t\t<code readonly=\"true\" class=\"language-\">\n\t\t\t\t\t<xmp>dashboard.example.com {\n    basic_auth {\n        admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT\/5qqR7hx4IjWJPDhjvG\n    }\n    reverse_proxy homepage:3000\n}<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-3f1c7ee akihiro-widget akihiro-widget-heading\" data-id=\"3f1c7ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h3 class=\"akihiro-heading-title akihiro-size-default\">Piccola sicurezza extra (consigliata)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-ff8437d akihiro-widget akihiro-widget-text-editor\" data-id=\"ff8437d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Per migliorare la sicurezza del nostro servizio che sta dietro a HTTP Basic Auth, \u00e8 consigliabile:<\/p><ul><li>non esporre la porta del container direttamente<\/li><li>lasciare il servizio accessibile solo tramite Caddy<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-14460d8 akihiro-widget akihiro-widget-text-editor\" data-id=\"14460d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Nel mio caso utilizzo un container Docker e pertanto la configurazione nel mio docker-compose.yaml \u00e8 la seguente:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-6952958 akihiro-widget akihiro-widget-code-highlight\" data-id=\"6952958\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-tomorrow copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language- \">\n\t\t\t\t<code readonly=\"true\" class=\"language-\">\n\t\t\t\t\t<xmp>ports:\n  - \"127.0.0.1:3000:3000\"<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In questo scenario dobbiamo mettere in sicurezza un servizio che nativamente non ha un sistema di autenticazione (nel mio caso si tratta di Homepage) e per fare ci\u00f2 utilizziamo la funzionalit\u00e0 HTTP Basic Auth del reverse proxy. Generare password hash Nella configurazione di Caddy non si possono inserire password in chiaro, pertanto \u00e8 necessario generare [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[63,20,64],"class_list":["post-2539","post","type-post","status-publish","format-standard","hentry","category-sistemistica","tag-caddy","tag-linux","tag-reverse-proxy"],"_links":{"self":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/2539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/comments?post=2539"}],"version-history":[{"count":4,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/2539\/revisions"}],"predecessor-version":[{"id":2543,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/2539\/revisions\/2543"}],"wp:attachment":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/media?parent=2539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/categories?post=2539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/tags?post=2539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}