infrastructure/roles/caddy/files/snippets

47 lines
1.2 KiB
Text
Raw Normal View History

2024-09-26 22:02:36 +00:00
(auth_serguzim_me) {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* authentik:9000
# forward authentication to outpost
forward_auth authentik:9000 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
}
(default) {
encode zstd gzip
}
(acmedns) {
tls {
dns acmedns {
username "{$ACMEDNS_USER}"
password "{$ACMEDNS_PASS}"
subdomain "{$ACMEDNS_SUBD}"
server_url "{$ACMEDNS_URL}"
}
}
}
(faas) {
rewrite * /function/{args[0]}{uri}
reverse_proxy https://faas.serguzim.me {
header_up Host {http.reverse_proxy.upstream.hostport}
}
}
(analytics) {
handle_path /_a/* {
reverse_proxy https://analytics.serguzim.me {
header_up X-Analytics-IP {remote}
header_up Host {http.reverse_proxy.upstream.hostport}
}
}
}