46 lines
1.2 KiB
Text
46 lines
1.2 KiB
Text
(auth_serguzim_me) {
|
|
# always forward outpost path to actual outpost
|
|
reverse_proxy /outpost.goauthentik.io/* authentik:9000
|
|
|
|
# forward authentication to outpost
|
|
forward_auth authentik:9000 {
|
|
uri /outpost.goauthentik.io/auth/caddy
|
|
|
|
# capitalization of the headers is important, otherwise they will be empty
|
|
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
|
|
|
|
# optional, in this config trust all private ranges, should probably be set to the outposts IP
|
|
trusted_proxies private_ranges
|
|
}
|
|
}
|
|
|
|
(default) {
|
|
encode zstd gzip
|
|
}
|
|
|
|
(acmedns) {
|
|
tls {
|
|
dns acmedns {
|
|
username "{$ACMEDNS_USER}"
|
|
password "{$ACMEDNS_PASS}"
|
|
subdomain "{$ACMEDNS_SUBD}"
|
|
server_url "{$ACMEDNS_URL}"
|
|
}
|
|
}
|
|
}
|
|
|
|
(faas) {
|
|
rewrite * /function/{args[0]}{uri}
|
|
reverse_proxy https://faas.serguzim.me {
|
|
header_up Host {http.reverse_proxy.upstream.hostport}
|
|
}
|
|
}
|
|
|
|
(analytics) {
|
|
handle_path /_a/* {
|
|
reverse_proxy https://analytics.serguzim.me {
|
|
header_up X-Analytics-IP {remote}
|
|
header_up Host {http.reverse_proxy.upstream.hostport}
|
|
}
|
|
}
|
|
}
|