setup remote auth
This commit is contained in:
@@ -1,5 +1,6 @@
|
|||||||
{
|
{
|
||||||
import conf/dynamic_dns.caddy
|
import conf/dynamic_dns.caddy
|
||||||
|
import conf/auth.caddy
|
||||||
}
|
}
|
||||||
|
|
||||||
(unprotected) {
|
(unprotected) {
|
||||||
@@ -11,13 +12,11 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
herderin.veenboer.xyz \
|
*.veenboer.xyz {
|
||||||
uitgeest.veenboer.xyz \
|
|
||||||
peter.veenboer.xyz \
|
|
||||||
{
|
|
||||||
reverse_proxy nginx
|
reverse_proxy nginx
|
||||||
}
|
}
|
||||||
|
|
||||||
import unprotected esp host:6052
|
import unprotected esp host:6052
|
||||||
import unprotected grafana host:3333
|
import unprotected grafana host:3333
|
||||||
import unprotected ha host:8123
|
import unprotected ha host:8123
|
||||||
|
|
||||||
|
import sites/auth.caddy
|
||||||
|
|||||||
@@ -30,14 +30,11 @@ security {
|
|||||||
ui {
|
ui {
|
||||||
links {
|
links {
|
||||||
"My Identity" "/whoami" icon "las la-user"
|
"My Identity" "/whoami" icon "las la-user"
|
||||||
"Jellyfin" https://jellyfin.{$SUBDOMAIN}.{$DOMAIN} icon "las la-play"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
transform user {
|
transform user {
|
||||||
match realm remote
|
match realm remote
|
||||||
action add role authp/user
|
action add role authp/user
|
||||||
action add iets "Zo iets!" as string
|
|
||||||
|
|
||||||
}
|
}
|
||||||
transform user {
|
transform user {
|
||||||
match origin local
|
match origin local
|
||||||
@@ -52,8 +49,7 @@ security {
|
|||||||
set user identity seafile_id
|
set user identity seafile_id
|
||||||
|
|
||||||
inject headers with claims
|
inject headers with claims
|
||||||
inject header "X-Seafile-Email" from "user|email"
|
inject header "X-Seafile-Email" from "userinfo|seafile_email"
|
||||||
inject header "X-Test" from "userinfo|seafile_email"
|
|
||||||
inject header "X-Onzin" from "realm"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,25 +0,0 @@
|
|||||||
reverse_proxy /outpost.goauthentik.io/* http://host:19000
|
|
||||||
forward_auth http://host:19000 {
|
|
||||||
uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
|
|
||||||
copy_headers {
|
|
||||||
X-Authentik-Username
|
|
||||||
X-Authentik-Groups
|
|
||||||
X-Authentik-Email
|
|
||||||
X-Authentik-Name
|
|
||||||
X-Authentik-Uid
|
|
||||||
X-Authentik-Jwt
|
|
||||||
X-Authentik-Meta-Jwks
|
|
||||||
X-Authentik-Meta-Outpost
|
|
||||||
X-Authentik-Meta-Provider
|
|
||||||
X-Authentik-Meta-App
|
|
||||||
X-Authentik-Meta-Version
|
|
||||||
X-Authentik-Other
|
|
||||||
X-Authentik-Password
|
|
||||||
X-Authentik-This
|
|
||||||
X-Authentik-What
|
|
||||||
Authorization>X-Custom-Authorization
|
|
||||||
X-Custom-User
|
|
||||||
X-Custom-Password
|
|
||||||
X-User-Header
|
|
||||||
}
|
|
||||||
}
|
|
||||||
5
caddy/sites/auth.caddy
Normal file
5
caddy/sites/auth.caddy
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
auth.{$SUBDOMAIN}.{$DOMAIN} {
|
||||||
|
route {
|
||||||
|
authenticate with myportal
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -9,6 +9,8 @@ services:
|
|||||||
- AWS_REGION=eu-west-1
|
- AWS_REGION=eu-west-1
|
||||||
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
|
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
|
||||||
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}
|
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}
|
||||||
|
- OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID:?}
|
||||||
|
- OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET:?}
|
||||||
image: caddy
|
image: caddy
|
||||||
links:
|
links:
|
||||||
- nginx
|
- nginx
|
||||||
|
|||||||
Reference in New Issue
Block a user