Caddy Proxy Manager has a built-in user system with three roles, admin-managed accounts, and group membership for forward auth access control. The initial admin account is seeded from theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/fuomag9/caddy-proxy-manager/llms.txt
Use this file to discover all available pages before exploring further.
ADMIN_USERNAME and ADMIN_PASSWORD environment variables on first start.
User roles
CPM has three roles with increasing privileges:| Capability | Viewer | User | Admin |
|---|---|---|---|
| Log in to the dashboard | Yes | Yes | Yes |
| View own profile | Yes | Yes | Yes |
| Access forward-auth-protected apps (when granted) | Yes | Yes | Yes |
| Manage proxy hosts, certificates, access lists | No | No | Yes |
| Manage users, groups, and settings | No | No | Yes |
| View analytics, audit log, and API docs | No | No | Yes |
| Create and manage API tokens | No | No | Yes |
Access the REST API (/api/v1/) | No | No | Yes |
Managing users
Navigate to Users in the sidebar to:- Edit role: Change a user’s role between Viewer, User, and Admin.
- Enable/disable: Suspend a user’s access without deleting their account. Disabling a user immediately revokes all active forward auth sessions.
- Delete: Permanently remove a user and their data.
- Search and filter: Find users by name or email.
API tokens
Admins can create API tokens under Settings → API Tokens. Each token:- Authenticates as the creating admin for all REST API calls
- Can have an optional expiration date
- Is shown only once at creation — treat it as a secret
Groups
Groups organize users for forward auth access control.Forward auth access is independent of the user’s role. Even an Admin must be explicitly added to a forward-auth host’s access list to access the protected application.