74 lines
1.3 KiB
Caddyfile
Executable File
74 lines
1.3 KiB
Caddyfile
Executable File
{
|
|
email sean@seanclayton.me
|
|
|
|
order authenticate before respond
|
|
order authorize before basicauth
|
|
|
|
security {
|
|
authentication portal authportal {
|
|
crypto default token lifetime 3600
|
|
crypto key sign-verify {env.JWT_SHARED_KEY}
|
|
backend local /data/caddy/users.json local
|
|
cookie domain gopoop.org
|
|
|
|
ui {
|
|
password_recovery_enabled yes
|
|
}
|
|
|
|
transform user {
|
|
match realm generic
|
|
action add role authp/user
|
|
ui link "Cloud" https://cloud.gopoop.org/ icon "las la-star"
|
|
}
|
|
}
|
|
|
|
authorization policy users_policy {
|
|
set auth url https://auth.gopoop.org/
|
|
allow roles authp/admin authp/user
|
|
crypto key verify {env.JWT_SHARED_KEY}
|
|
acl rule {
|
|
comment allow users
|
|
match role authp/user
|
|
allow stop log info
|
|
}
|
|
acl rule {
|
|
comment default deny
|
|
match any
|
|
deny log warn
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
auth.gopoop.org {
|
|
route {
|
|
authenticate with authportal
|
|
}
|
|
}
|
|
|
|
foundry.gopoop.org {
|
|
reverse_proxy server_foundry:30000
|
|
}
|
|
|
|
admin.gopoop.org {
|
|
authorize with users_policy
|
|
reverse_proxy server_portainer:9000
|
|
}
|
|
|
|
monitor.gopoop.org {
|
|
authorize with users_policy
|
|
reverse_proxy server_netdata:19999
|
|
}
|
|
|
|
code.sean.wtf {
|
|
reverse_proxy server_gitea:3000
|
|
}
|
|
|
|
ci.sean.wtf {
|
|
reverse_proxy server_woodpecker-server:8000
|
|
}
|
|
|
|
codeberg-ci.sean.wtf {
|
|
reverse_proxy server_codeberg-woodpecker-server:8000
|
|
}
|