feat: Reverts to not using security.
This commit is contained in:
@@ -1,38 +1,5 @@
|
||||
{
|
||||
email {env.ACME_EMAIL}
|
||||
|
||||
# Configure caddy-security.
|
||||
order authenticate before respond
|
||||
|
||||
security {
|
||||
oauth identity provider generic {
|
||||
delay_start 3
|
||||
realm generic
|
||||
driver generic
|
||||
client_id {env.OAUTH_CLIENT_ID}
|
||||
client_secret {env.OAUTH_CLIENT_SECRET}
|
||||
scopes openid email profile
|
||||
base_auth_url https://id.housh.dev
|
||||
metadata_url https://id.housh.dev/.well-known/openid-configuration
|
||||
}
|
||||
|
||||
authentication portal myportal {
|
||||
crypto default token lifetime 3600 # Seconds until you have to re-authenticate
|
||||
enable identity provider generic
|
||||
cookie insecure off # Set to "on" if you're not using HTTPS
|
||||
|
||||
transform user {
|
||||
match realm generic
|
||||
action add role user
|
||||
}
|
||||
}
|
||||
|
||||
authorization policy mypolicy {
|
||||
set auth url /caddy-security/oauth2/generic
|
||||
allow roles user
|
||||
inject headers with claims
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Subdomains
|
||||
@@ -98,18 +65,7 @@
|
||||
|
||||
@docs host docs.housh.dev
|
||||
handle @docs {
|
||||
@auth {
|
||||
path /caddy-security/*
|
||||
}
|
||||
|
||||
route @auth {
|
||||
authenticate with myportal
|
||||
}
|
||||
|
||||
|
||||
route /* {
|
||||
reverse_proxy docs:80
|
||||
}
|
||||
}
|
||||
|
||||
@pocket_id host id.housh.dev
|
||||
|
||||
Reference in New Issue
Block a user