icealtria/fava-caddy-auth

Use Caddy reverse proxy to add authentication to protect fava.

fava-caddy-auth

Use Caddy reverse proxy to add authentication to protect fava.

configuration

---
version: "3.0"
services:
  fava: # dont change this
    container_name: fava
    image: yegle/fava
    #     ports:
    #       - 5000:5000
    environment:
      - BEANCOUNT_FILE=/bean/main.bean
    volumes:
      - <beancount_dir>:/bean
    restart: unless-stopped
    networks:
      - fava

  caddy:
    container_name: fava-caddy-auth
    image: icealtria/fava-caddy-auth:master
    env_file:
      - stack.env
    ports:
      - 5001:5001
    restart: unless-stopped
    networks:
      - fava

networks:
  fava:

The credentials are set in the stack.env file. HASHED_PASSWORD is generated by bcrypt. SALT is optional.

USERNAME=<USERNAME>
HASHED_PASSWORD='<BCRYPT_HASH>'
SALT=<SALT>

Note

1. generate the BCRYPT_HASH by running htpasswd -bnBC 10 "" <your_password> | tr -d ':' or online bcrypt generator.
2. Enclose the BCRYPT_HASH with single quotes ('').
3. Due to escape issues, I didn't know how to resolve it, so I opted to use a .env file to store environment.