feat: Adds pocket id authentication to caddy, adds server management article.

2025-04-11 08:26:51 -04:00
parent f43a191908
commit b986fe41c3
14 changed files with 295 additions and 144 deletions
--- a/53
+++ b/53
@@ -0,0 +1,53 @@
+{
+	# Port to listen on
+	http_port 80
+
+	# Configure caddy-security.
+	order authenticate before respond
+
+	security {
+		oauth identity provider generic {
+			delay_start 3
+			realm generic
+			driver generic
+			client_id {env.OAUTH_CLIENT_ID}
+			client_secret {env.OAUTH_CLIENT_SECRET}
+			scopes openid email profile
+			base_auth_url https://id.housh.dev
+			metadata_url https://id.housh.dev/.well-known/openid-configuration
+		}
+
+		authentication portal myportal {
+			crypto default token lifetime 3600 # Seconds until you have to re-authenticate
+			enable identity provider generic
+			cookie insecure on # Set to "on" if you're not using HTTPS
+
+			transform user {
+				match realm generic
+				action add role user
+			}
+		}
+
+		authorization policy mypolicy {
+			set auth url /caddy-security/oauth2/generic
+			allow roles user
+			inject headers with claims
+		}
+	}
+}
+
+https://docs.housh.dev {
+	@auth {
+		path /caddy-security/*
+	}
+
+	route @auth {
+		authenticate with myportal
+	}
+
+	route /* {
+		authorize with mypolicy
+		root * /app
+		file_server
+	}
+}