use env vars for subdomain and domain in caddy

2024-12-07 11:38:09 +01:00
parent 2b61a00841
commit 52fc271b71
9 changed files with 16 additions and 15 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -8,7 +8,7 @@ import conf/*.caddy
 }

 (unprotected) {
-	{args[0]}.rik.veenboer.xyz {
+	{args[0]}.{$SUBDOMAIN}.{$DOMAIN} {
 		log {
 			output file /var/log/{args[0]}.log
 		}
@@ -17,7 +17,7 @@ import conf/*.caddy
 }

 (protected) {
-	{args[0]}.rik.veenboer.xyz {
+	{args[0]}.{$SUBDOMAIN}.{$DOMAIN} {
 		import authentik
 		reverse_proxy {args[1]}
 	}
--- a/caddy/conf/auth.caddy
+++ b/caddy/conf/auth.caddy
@@ -13,13 +13,12 @@
 			retry_attempts 3
 			retry_interval 10

-			base_auth_url https://authentik.rik.veenboer.xyz
-			metadata_url https://authentik.rik.veenboer.xyz/application/o/caddy/.well-known/openid-configuration
-			# metadata_url http://192.168.2.200:15000/caddy/.well-known/openid-configuration
+			base_auth_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}
+			metadata_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}/application/o/caddy/.well-known/openid-configuration
 		}
 		authentication portal myportal {
 			enable identity provider generic
-			cookie domain veenboer.xyz
+			cookie domain {$DOMAIN}
 			ui {
 				links {
 					"My Identity" "/whoami" icon "las la-user"
@@ -40,7 +39,7 @@
 			}
 		}
 		authorization policy mypolicy {
-			set auth url https://auth.rik.veenboer.xyz/oauth2/generic
+			set auth url https://auth.{$SUBDOMAIN}.{$DOMAIN}/oauth2/generic
 			allow roles authp/admin authp/user
 			validate bearer header
 			inject headers with claims
--- a/caddy/conf/dynamic_dns.caddy
+++ b/caddy/conf/dynamic_dns.caddy
@@ -2,7 +2,7 @@
 	dynamic_dns {
 		provider route53
 		domains {
-			veenboer.xyz. rik
+			{$DOMAIN}. {$SUBDOMAIN}
 		}
 		versions ipv4
 	}
--- a/caddy/sites/authentik.caddy
+++ b/caddy/sites/authentik.caddy
@@ -1,4 +1,4 @@
-authentik.veenboer.xyz {
+authentik.{$DOMAIN} {
 	log {
 		output file /var/log/authentik-root.log
 	}
--- a/caddy/sites/geo.caddy
+++ b/caddy/sites/geo.caddy
@@ -1,4 +1,4 @@
-geo.rik.veenboer.xyz {
+geo.{$SUBDOMAIN}.{$DOMAIN} {
 	log {
 		output file /var/log/geo.log
 	}
--- a/caddy/sites/ha.caddy
+++ b/caddy/sites/ha.caddy
@@ -1,4 +1,4 @@
-ha.rik.veenboer.xyz {
+ha.{$SUBDOMAIN}.{$DOMAIN} {
 	log {
 		output file /var/log/ha.log
 	}
--- a/caddy/sites/root.caddy
+++ b/caddy/sites/root.caddy
@@ -1,5 +1,5 @@
-rik.veenboer.xyz \
-*.rik.veenboer.xyz \
+{$SUBDOMAIN}.{$DOMAIN} \
+*.{$SUBDOMAIN}.{$DOMAIN} \
 {
 	handle_path /test/* {
 		reverse_proxy host:12345
--- a/caddy/sites/test.caddy
+++ b/caddy/sites/test.caddy
@@ -1,4 +1,4 @@
-test.rik.veenboer.xyz {
+test.{$SUBDOMAIN}.{$DOMAIN} {
 	log {
 		output file /var/log/test.log
 	}
@@ -7,7 +7,7 @@ test.rik.veenboer.xyz {
 	reverse_proxy host:15000
 }

-auth.rik.veenboer.xyz {
+auth.{$SUBDOMAIN}.{$DOMAIN} {
 	route {
 		authenticate with myportal
 	}
--- a/docker-compose.caddy.yml
+++ b/docker-compose.caddy.yml
@@ -4,6 +4,8 @@ services:
            context: /opt/caddy/
        container_name: caddy
        environment:
+        - DOMAIN=veenboer.xyz
+        - SUBDOMAIN=rik
        - AWS_REGION=eu-west-1
        - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
        - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}