Migrate services part

2024-09-27 00:02:36 +02:00 · 2024-09-27 00:02:36 +02:00 · 73bce8f6e5
commit 73bce8f6e5
parent 7c59e4ae57
157 changed files with 3883 additions and 9 deletions
--- a/roles/caddy/files/snippets
+++ b/roles/caddy/files/snippets
@ -0,0 +1,46 @@
+(auth_serguzim_me) {
+    # always forward outpost path to actual outpost
+    reverse_proxy /outpost.goauthentik.io/* authentik:9000
+
+    # forward authentication to outpost
+    forward_auth authentik:9000 {
+        uri /outpost.goauthentik.io/auth/caddy
+
+        # capitalization of the headers is important, otherwise they will be empty
+        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+
+        # optional, in this config trust all private ranges, should probably be set to the outposts IP
+        trusted_proxies private_ranges
+    }
+}
+
+(default) {
+	encode zstd gzip
+}
+
+(acmedns) {
+	tls {
+		dns acmedns {
+			username "{$ACMEDNS_USER}"
+			password "{$ACMEDNS_PASS}"
+			subdomain "{$ACMEDNS_SUBD}"
+			server_url "{$ACMEDNS_URL}"
+		}
+	}
+}
+
+(faas) {
+	rewrite * /function/{args[0]}{uri}
+	reverse_proxy https://faas.serguzim.me {
+		header_up Host {http.reverse_proxy.upstream.hostport}
+	}
+}
+
+(analytics) {
+	handle_path /_a/* {
+		reverse_proxy https://analytics.serguzim.me {
+			header_up X-Analytics-IP {remote}
+			header_up Host {http.reverse_proxy.upstream.hostport}
+		}
+	}
+}