feat(proxy): Misc caddyfile #64

Merged
carsten merged 1 commit from caddyfile-misc into main 2024-09-03 23:33:08 +02:00
2 changed files with 28 additions and 17 deletions
Showing only changes of commit ed7cec4ac4 - Show all commits

View file

@ -12,4 +12,4 @@ services:
volumes:
- ${BASE_DIR:-/srv}/actualbudget/data:/data
networks:
- authentik
- proxy

View file

@ -33,7 +33,7 @@
(defaultHeaders) {
header {
# enable HSTS
Strict-Transport-Security max-age=31536000;
Strict-Transport-Security "max-age=31536000"
}
}
@ -101,6 +101,11 @@ home.{$BASE_DOMAIN} {
stuff.{$BASE_DOMAIN} {
import default
header {
# headers for godot web export
Cross-Origin-Opener-Policy "same-origin"
Cross-Origin-Embedder-Policy "require-corp"
}
root * /srv/public_html
file_server browse
}
@ -110,17 +115,16 @@ md.{$BASE_DOMAIN} {
reverse_proxy hedgedoc:3000
}
hackmd.{$BASE_DOMAIN} {
import default
redir https://md.{$BASE_DOMAIN}{uri} permanent
}
ci.{$BASE_DOMAIN} {
import default
reverse_proxy woodpecker:8000
}
# echo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy echo:8000
# }
passwords.{$BASE_DOMAIN} {
import default
reverse_proxy vaultwarden:80 {
@ -128,12 +132,6 @@ passwords.{$BASE_DOMAIN} {
}
}
# ci-demo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy docker-ci-demo:8000
# }
games.{$BASE_DOMAIN} {
import default
reverse_proxy games:8080
@ -161,7 +159,20 @@ mc-map.{$BASE_DOMAIN} {
}
money.{$BASE_DOMAIN} {
import default
# using extra auth via proxy in authentik
reverse_proxy authentik:80
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://authentik:80
# forward authentication to outpost
forward_auth http://authentik:80 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
# actual site config
reverse_proxy money:5006
}