homelab/caddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Adds pocket-id to docs.

Browse Source
This commit is contained in:
Michael Housh
2025-04-10 15:33:28 -04:00
parent f8f872de9d
commit 1df325a766
2 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@@ -1,7 +1,8 @@
FROM docker.io/library/caddy:2.9.1-builder as builder FROM docker.io/library/caddy:2.9.1-builder AS builder
RUN xcaddy build \ RUN xcaddy build \
--with github.com/caddy-dns/cloudflare --with github.com/caddy-dns/cloudflare \
--with github.com/greenpau/caddy-security
FROM docker.io/library/caddy:2.9.1-alpine FROM docker.io/library/caddy:2.9.1-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy COPY --from=builder /usr/bin/caddy /usr/bin/caddy

46
config/Caddyfile
View File

@@ -1,5 +1,38 @@
{ {
email {env.ACME_EMAIL} email {env.ACME_EMAIL}
security {
oauth identity provider generic {
delay_start 3
realm generic
driver generic
client_id 54ac14e4-4e6b-46ce-a870-01b297421e89
client_secret 54ac14e4-4e6b-46ce-a870-01b297421e89
scopes openid email profile
base_auth_url http://localhost
metadata_url http://localhost/.well-known/openid-configuration
}
authentication portal docsportal {
crypto default token lifetime 3600 # Seconds until you have to reauthenticate
enable identity provider generic
cookie insedure off
transfrom {
match realm generic
action add role user
}
}
authorization policy docspolicy {
set auth url /caddy-security/oauth2/generic
allow roles user
inject headers with claims
}
}
} }
housh.dev { housh.dev {
@@ -74,7 +107,18 @@ housh.dev {
@docs host docs.housh.dev @docs host docs.housh.dev
handle @docs { handle @docs {
reverse_proxy docs:80 @auth {
path /caddy-security/*
}
route @auth {
authenticate with docsportal
}
route /* {
authorize with docspolicy
reverse_proxy docs:80
}
} }
@pocket_id host id.housh.dev @pocket_id host id.housh.dev