diff --git a/www/caddy/Makefile b/www/caddy/Makefile
index d876e47e5..0a03f1284 100644
--- a/www/caddy/Makefile
+++ b/www/caddy/Makefile
@@ -1,6 +1,5 @@
PLUGIN_NAME= caddy
-PLUGIN_VERSION= 1.8.0
-PLUGIN_REVISION= 2
+PLUGIN_VERSION= 1.8.1
PLUGIN_DEPENDS= caddy-custom
PLUGIN_COMMENT= Modern Reverse Proxy with Automatic HTTPS, Dynamic DNS and Layer4 Routing
PLUGIN_MAINTAINER= cedrik@pischem.com
diff --git a/www/caddy/pkg-descr b/www/caddy/pkg-descr
index 716a22aa4..c9583ba43 100644
--- a/www/caddy/pkg-descr
+++ b/www/caddy/pkg-descr
@@ -13,6 +13,12 @@ DOC: https://docs.opnsense.org/manual/how-tos/caddy.html
Plugin Changelog
================
+1.8.1
+
+* Add: Optional "Authorization" header to forward_auth (opnsense/plugins/issues/4488)
+* Add: Persistent banner notification if custom imports are used (opnsense/plugins/issues/4244)
+* Cleanup: Implement reusable grid template in views (opnsense/plugins/pull/4454)
+
1.8.0
* Build: Update Caddy to version 2.9.x and update dependencies (opnsense/plugins/issues/4437)
diff --git a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/general.xml b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/general.xml
index 60d604eaf..ca6b843ec 100644
--- a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/general.xml
+++ b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/general.xml
@@ -227,6 +227,13 @@
text
+
+ caddy.general.AuthCopyHeaders
+
+ select_multiple
+
+
+
general-settings
diff --git a/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml b/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
index 70f09cc37..49bd641f3 100644
--- a/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
+++ b/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
@@ -167,6 +167,27 @@
/^(\/.*)?$/u
Please enter a valid 'URI' that starts with '/'.
+
+ Y
+
+ Authorization
+ Remote-User
+ Remote-Groups
+ Remote-Name
+ Remote-Email
+ X-Authentik-Username
+ X-Authentik-Groups
+ X-Authentik-Email
+ X-Authentik-Name
+ X-Authentik-Uid
+ X-Authentik-Jwt
+ X-Authentik-Meta-Jwks
+ X-Authentik-Meta-Outpost
+ X-Authentik-Meta-Provider
+ X-Authentik-Meta-App
+ X-Authentik-Meta-Version
+
+
diff --git a/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/includeAuthProvider b/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/includeAuthProvider
index 8dd207f85..f179fc845 100644
--- a/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/includeAuthProvider
+++ b/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/includeAuthProvider
@@ -12,7 +12,11 @@
{% if generalSettings.AuthToUri %}
uri {{ generalSettings.AuthToUri|default("") }}
{% endif %}
- copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+ {% if generalSettings.AuthCopyHeaders|default("") == "" %}
+ copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+ {% else %}
+ copy_headers {{ generalSettings.AuthCopyHeaders.split(',') | join(' ') }}
+ {% endif %}
}
{% elif generalSettings.AuthProvider == 'authentik' %}
reverse_proxy /outpost.goauthentik.io/* {{ auth_url }} {
@@ -24,6 +28,10 @@
{% if generalSettings.AuthToUri %}
uri {{ generalSettings.AuthToUri|default("") }}
{% endif %}
- copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+ {% if generalSettings.AuthCopyHeaders|default("") == "" %}
+ copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+ {% else %}
+ copy_headers {{ generalSettings.AuthCopyHeaders.split(',') | join(' ') }}
+ {% endif %}
}
{% endif %}