feat(proxy): Misc caddyfile #64
2 changed files with 28 additions and 17 deletions
|
@ -12,4 +12,4 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- ${BASE_DIR:-/srv}/actualbudget/data:/data
|
- ${BASE_DIR:-/srv}/actualbudget/data:/data
|
||||||
networks:
|
networks:
|
||||||
- authentik
|
- proxy
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
(defaultHeaders) {
|
(defaultHeaders) {
|
||||||
header {
|
header {
|
||||||
# enable HSTS
|
# enable HSTS
|
||||||
Strict-Transport-Security max-age=31536000;
|
Strict-Transport-Security "max-age=31536000"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -101,6 +101,11 @@ home.{$BASE_DOMAIN} {
|
||||||
|
|
||||||
stuff.{$BASE_DOMAIN} {
|
stuff.{$BASE_DOMAIN} {
|
||||||
import default
|
import default
|
||||||
|
header {
|
||||||
|
# headers for godot web export
|
||||||
|
Cross-Origin-Opener-Policy "same-origin"
|
||||||
|
Cross-Origin-Embedder-Policy "require-corp"
|
||||||
|
}
|
||||||
root * /srv/public_html
|
root * /srv/public_html
|
||||||
file_server browse
|
file_server browse
|
||||||
}
|
}
|
||||||
|
@ -110,17 +115,16 @@ md.{$BASE_DOMAIN} {
|
||||||
reverse_proxy hedgedoc:3000
|
reverse_proxy hedgedoc:3000
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hackmd.{$BASE_DOMAIN} {
|
||||||
|
import default
|
||||||
|
redir https://md.{$BASE_DOMAIN}{uri} permanent
|
||||||
|
}
|
||||||
|
|
||||||
ci.{$BASE_DOMAIN} {
|
ci.{$BASE_DOMAIN} {
|
||||||
import default
|
import default
|
||||||
reverse_proxy woodpecker:8000
|
reverse_proxy woodpecker:8000
|
||||||
}
|
}
|
||||||
|
|
||||||
# echo.{$BASE_DOMAIN} {
|
|
||||||
# import logging
|
|
||||||
# import errorpages
|
|
||||||
# reverse_proxy echo:8000
|
|
||||||
# }
|
|
||||||
|
|
||||||
passwords.{$BASE_DOMAIN} {
|
passwords.{$BASE_DOMAIN} {
|
||||||
import default
|
import default
|
||||||
reverse_proxy vaultwarden:80 {
|
reverse_proxy vaultwarden:80 {
|
||||||
|
@ -128,12 +132,6 @@ passwords.{$BASE_DOMAIN} {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# ci-demo.{$BASE_DOMAIN} {
|
|
||||||
# import logging
|
|
||||||
# import errorpages
|
|
||||||
# reverse_proxy docker-ci-demo:8000
|
|
||||||
# }
|
|
||||||
|
|
||||||
games.{$BASE_DOMAIN} {
|
games.{$BASE_DOMAIN} {
|
||||||
import default
|
import default
|
||||||
reverse_proxy games:8080
|
reverse_proxy games:8080
|
||||||
|
@ -161,7 +159,20 @@ mc-map.{$BASE_DOMAIN} {
|
||||||
}
|
}
|
||||||
|
|
||||||
money.{$BASE_DOMAIN} {
|
money.{$BASE_DOMAIN} {
|
||||||
import default
|
# always forward outpost path to actual outpost
|
||||||
# using extra auth via proxy in authentik
|
reverse_proxy /outpost.goauthentik.io/* http://authentik:80
|
||||||
reverse_proxy authentik:80
|
|
||||||
|
# forward authentication to outpost
|
||||||
|
forward_auth http://authentik:80 {
|
||||||
|
uri /outpost.goauthentik.io/auth/caddy
|
||||||
|
|
||||||
|
# capitalization of the headers is important, otherwise they will be empty
|
||||||
|
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
|
||||||
|
|
||||||
|
# optional, in this config trust all private ranges, should probably be set to the outposts IP
|
||||||
|
trusted_proxies private_ranges
|
||||||
|
}
|
||||||
|
|
||||||
|
# actual site config
|
||||||
|
reverse_proxy money:5006
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue