caddy/config/Caddyfile

{
    email {env.ACME_EMAIL}

    security {
          oauth identity provider generic {
                    delay_start 3
                    realm generic
                    driver generic
                    client_id 54ac14e4-4e6b-46ce-a870-01b297421e89
                    client_secret 54ac14e4-4e6b-46ce-a870-01b297421e89
                    scopes openid email profile
                    base_auth_url http://localhost
                    metadata_url http://localhost/.well-known/openid-configuration

            }

            authentication portal docsportal {
                    crypto default token lifetime 3600  # Seconds until you have to reauthenticate
                    enable identity provider generic
                    cookie insedure off
                    transfrom {
                            match realm generic
                            action add role user
                    }

            }

            authorization policy docspolicy {
                    set auth url /caddy-security/oauth2/generic
                    allow roles user
                    inject headers with claims
            }

    }

}

housh.dev {
    tls {
        dns cloudflare {env.CF_AUTH_TOKEN}
        resolvers 1.1.1.1
    }

    reverse_proxy /docs/* http://docs:80
}

# Subdomains
*.housh.dev {
    tls {
        dns cloudflare {env.CF_AUTH_TOKEN}
        resolvers 1.1.1.1
    }

    @pos host po.housh.dev
    handle @pos {
          reverse_proxy http://roguemini.housh.dev:8082
    }

    @legacypos host legacy-po.housh.dev
    handle @legacypos {
         reverse_proxy http://roguemini.housh.dev:5000
    }

    @gitea host git.housh.dev
    handle @gitea {
         reverse_proxy gitea:3000
    }

    @dash host dash.housh.dev
    handle @dash {
         reverse_proxy http://roguemini.housh.dev:7575
    }

    @komodo host komo.housh.dev
    handle @komodo {
         reverse_proxy komodo:9120
    }

    @excalidraw host draw.housh.dev
    handle @excalidraw {
         reverse_proxy excalidraw:80
    }

    @uptimekuma host uptime.housh.dev
    handle @uptimekuma {
          reverse_proxy uptime_kuma:3001
    }

    @immich host photos.housh.dev
    handle @immich {

      # Immich public proxy.
      @public path /share /share/*
      handle @public {
          reverse_proxy http://frankenmini.housh.dev:3000
      }

      handle {
          reverse_proxy http://frankenmini.housh.dev:2283
      }
    }

    @snapp host s.housh.dev
    handle @snapp {
          reverse_proxy http://roguemini.housh.dev:3000
    }

    @docs host docs.housh.dev
    handle @docs {
          @auth {
                  path /caddy-security/*
          }

          route @auth {
                  authenticate with docsportal
          }

          route /* {
                  authorize with docspolicy
                  reverse_proxy docs:80
          }
    }

    @pocket_id host id.housh.dev
    handle @pocket_id {
          reverse_proxy pocket-id:80
    }


}

# Console
console.mightymini.housh.dev {
    tls {
        dns cloudflare {env.CF_AUTH_TOKEN}
        resolvers 1.1.1.1
    }

    reverse_proxy https://192.168.50.6:9090 {
          transport http {
              tls_insecure_skip_verify
          }
    }
}