feat(proxy): Misc caddyfile #64
2 changed files with 28 additions and 17 deletions
|
@ -12,4 +12,4 @@ services:
|
|||
volumes:
|
||||
- ${BASE_DIR:-/srv}/actualbudget/data:/data
|
||||
networks:
|
||||
- authentik
|
||||
- proxy
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
(defaultHeaders) {
|
||||
header {
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
Strict-Transport-Security "max-age=31536000"
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -101,6 +101,11 @@ home.{$BASE_DOMAIN} {
|
|||
|
||||
stuff.{$BASE_DOMAIN} {
|
||||
import default
|
||||
header {
|
||||
# headers for godot web export
|
||||
Cross-Origin-Opener-Policy "same-origin"
|
||||
Cross-Origin-Embedder-Policy "require-corp"
|
||||
}
|
||||
root * /srv/public_html
|
||||
file_server browse
|
||||
}
|
||||
|
@ -110,17 +115,16 @@ md.{$BASE_DOMAIN} {
|
|||
reverse_proxy hedgedoc:3000
|
||||
}
|
||||
|
||||
hackmd.{$BASE_DOMAIN} {
|
||||
import default
|
||||
redir https://md.{$BASE_DOMAIN}{uri} permanent
|
||||
}
|
||||
|
||||
ci.{$BASE_DOMAIN} {
|
||||
import default
|
||||
reverse_proxy woodpecker:8000
|
||||
}
|
||||
|
||||
# echo.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy echo:8000
|
||||
# }
|
||||
|
||||
passwords.{$BASE_DOMAIN} {
|
||||
import default
|
||||
reverse_proxy vaultwarden:80 {
|
||||
|
@ -128,12 +132,6 @@ passwords.{$BASE_DOMAIN} {
|
|||
}
|
||||
}
|
||||
|
||||
# ci-demo.{$BASE_DOMAIN} {
|
||||
# import logging
|
||||
# import errorpages
|
||||
# reverse_proxy docker-ci-demo:8000
|
||||
# }
|
||||
|
||||
games.{$BASE_DOMAIN} {
|
||||
import default
|
||||
reverse_proxy games:8080
|
||||
|
@ -161,7 +159,20 @@ mc-map.{$BASE_DOMAIN} {
|
|||
}
|
||||
|
||||
money.{$BASE_DOMAIN} {
|
||||
import default
|
||||
# using extra auth via proxy in authentik
|
||||
reverse_proxy authentik:80
|
||||
# always forward outpost path to actual outpost
|
||||
reverse_proxy /outpost.goauthentik.io/* http://authentik:80
|
||||
|
||||
# forward authentication to outpost
|
||||
forward_auth http://authentik:80 {
|
||||
uri /outpost.goauthentik.io/auth/caddy
|
||||
|
||||
# capitalization of the headers is important, otherwise they will be empty
|
||||
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
|
||||
|
||||
# optional, in this config trust all private ranges, should probably be set to the outposts IP
|
||||
trusted_proxies private_ranges
|
||||
}
|
||||
|
||||
# actual site config
|
||||
reverse_proxy money:5006
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue