feat(proxy): Misc caddyfile #64

Merged
carsten merged 1 commit from caddyfile-misc into main 2024-09-03 23:33:08 +02:00
2 changed files with 28 additions and 17 deletions

View file

@ -12,4 +12,4 @@ services:
volumes: volumes:
- ${BASE_DIR:-/srv}/actualbudget/data:/data - ${BASE_DIR:-/srv}/actualbudget/data:/data
networks: networks:
- authentik - proxy

View file

@ -33,7 +33,7 @@
(defaultHeaders) { (defaultHeaders) {
header { header {
# enable HSTS # enable HSTS
Strict-Transport-Security max-age=31536000; Strict-Transport-Security "max-age=31536000"
} }
} }
@ -101,6 +101,11 @@ home.{$BASE_DOMAIN} {
stuff.{$BASE_DOMAIN} { stuff.{$BASE_DOMAIN} {
import default import default
header {
# headers for godot web export
Cross-Origin-Opener-Policy "same-origin"
Cross-Origin-Embedder-Policy "require-corp"
}
root * /srv/public_html root * /srv/public_html
file_server browse file_server browse
} }
@ -110,17 +115,16 @@ md.{$BASE_DOMAIN} {
reverse_proxy hedgedoc:3000 reverse_proxy hedgedoc:3000
} }
hackmd.{$BASE_DOMAIN} {
import default
redir https://md.{$BASE_DOMAIN}{uri} permanent
}
ci.{$BASE_DOMAIN} { ci.{$BASE_DOMAIN} {
import default import default
reverse_proxy woodpecker:8000 reverse_proxy woodpecker:8000
} }
# echo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy echo:8000
# }
passwords.{$BASE_DOMAIN} { passwords.{$BASE_DOMAIN} {
import default import default
reverse_proxy vaultwarden:80 { reverse_proxy vaultwarden:80 {
@ -128,12 +132,6 @@ passwords.{$BASE_DOMAIN} {
} }
} }
# ci-demo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy docker-ci-demo:8000
# }
games.{$BASE_DOMAIN} { games.{$BASE_DOMAIN} {
import default import default
reverse_proxy games:8080 reverse_proxy games:8080
@ -161,7 +159,20 @@ mc-map.{$BASE_DOMAIN} {
} }
money.{$BASE_DOMAIN} { money.{$BASE_DOMAIN} {
import default # always forward outpost path to actual outpost
# using extra auth via proxy in authentik reverse_proxy /outpost.goauthentik.io/* http://authentik:80
reverse_proxy authentik:80
# forward authentication to outpost
forward_auth http://authentik:80 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
# actual site config
reverse_proxy money:5006
} }