feat: Removes caddy security from this image and to primary proxy.
This commit is contained in:
49
Caddyfile
49
Caddyfile
@@ -1,53 +1,4 @@
|
|||||||
{
|
|
||||||
# Port to listen on
|
|
||||||
http_port 80
|
|
||||||
|
|
||||||
# Configure caddy-security.
|
|
||||||
order authenticate before respond
|
|
||||||
|
|
||||||
security {
|
|
||||||
oauth identity provider generic {
|
|
||||||
delay_start 3
|
|
||||||
realm generic
|
|
||||||
driver generic
|
|
||||||
client_id {env.OAUTH_CLIENT_ID}
|
|
||||||
client_secret {env.OAUTH_CLIENT_SECRET}
|
|
||||||
scopes openid email profile
|
|
||||||
base_auth_url https://id.housh.dev
|
|
||||||
metadata_url https://id.housh.dev/.well-known/openid-configuration
|
|
||||||
}
|
|
||||||
|
|
||||||
authentication portal myportal {
|
|
||||||
crypto default token lifetime 3600 # Seconds until you have to re-authenticate
|
|
||||||
enable identity provider generic
|
|
||||||
cookie insecure on # Set to "on" if you're not using HTTPS
|
|
||||||
|
|
||||||
transform user {
|
|
||||||
match realm generic
|
|
||||||
action add role user
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
authorization policy mypolicy {
|
|
||||||
set auth url /caddy-security/oauth2/generic
|
|
||||||
allow roles user
|
|
||||||
inject headers with claims
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
http://localhost {
|
http://localhost {
|
||||||
@auth {
|
|
||||||
path /caddy-security/*
|
|
||||||
}
|
|
||||||
|
|
||||||
route @auth {
|
|
||||||
authenticate with myportal
|
|
||||||
}
|
|
||||||
|
|
||||||
route /* {
|
|
||||||
authorize with mypolicy
|
|
||||||
root * /app
|
root * /app
|
||||||
file_server
|
file_server
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user