74 lines
1.3 KiB
Caddyfile
74 lines
1.3 KiB
Caddyfile
|
{
|
||
|
email sean@seanclayton.me
|
||
|
|
||
|
order authenticate before respond
|
||
|
order authorize before basicauth
|
||
|
|
||
|
security {
|
||
|
authentication portal authportal {
|
||
|
crypto default token lifetime 3600
|
||
|
crypto key sign-verify {env.JWT_SHARED_KEY}
|
||
|
backend local /data/caddy/users.json local
|
||
|
cookie domain gopoop.org
|
||
|
|
||
|
ui {
|
||
|
password_recovery_enabled yes
|
||
|
}
|
||
|
|
||
|
transform user {
|
||
|
match realm generic
|
||
|
action add role authp/user
|
||
|
ui link "Cloud" https://cloud.gopoop.org/ icon "las la-star"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
authorization policy users_policy {
|
||
|
set auth url https://auth.gopoop.org/
|
||
|
allow roles authp/admin authp/user
|
||
|
crypto key verify {env.JWT_SHARED_KEY}
|
||
|
acl rule {
|
||
|
comment allow users
|
||
|
match role authp/user
|
||
|
allow stop log info
|
||
|
}
|
||
|
acl rule {
|
||
|
comment default deny
|
||
|
match any
|
||
|
deny log warn
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
auth.gopoop.org {
|
||
|
route {
|
||
|
authenticate with authportal
|
||
|
}
|
||
|
}
|
||
|
|
||
|
foundry.gopoop.org {
|
||
|
reverse_proxy server_foundry:30000
|
||
|
}
|
||
|
|
||
|
admin.gopoop.org {
|
||
|
authorize with users_policy
|
||
|
reverse_proxy server_portainer:9000
|
||
|
}
|
||
|
|
||
|
monitor.gopoop.org {
|
||
|
authorize with users_policy
|
||
|
reverse_proxy server_netdata:19999
|
||
|
}
|
||
|
|
||
|
code.sean.wtf {
|
||
|
reverse_proxy server_gitea:3000
|
||
|
}
|
||
|
|
||
|
ci.sean.wtf {
|
||
|
reverse_proxy server_woodpecker-server:8000
|
||
|
}
|
||
|
|
||
|
codeberg-ci.sean.wtf {
|
||
|
reverse_proxy server_codeberg-woodpecker-server:8000
|
||
|
}
|