tidy up caddy config
This commit is contained in:
@@ -1,49 +1,47 @@
|
||||
(auth) {
|
||||
order authenticate before respond
|
||||
order authorize before reverse_proxy
|
||||
security {
|
||||
oauth identity provider generic {
|
||||
realm mine
|
||||
driver generic
|
||||
client_id {$OAUTH_CLIENT_ID}
|
||||
client_secret {$OAUTH_CLIENT_SECRET}
|
||||
scopes openid email profile
|
||||
order authenticate before respond
|
||||
order authorize before reverse_proxy
|
||||
security {
|
||||
oauth identity provider generic {
|
||||
realm mine
|
||||
driver generic
|
||||
client_id {$OAUTH_CLIENT_ID}
|
||||
client_secret {$OAUTH_CLIENT_SECRET}
|
||||
scopes openid email profile
|
||||
|
||||
delay_start 5
|
||||
retry_attempts 3
|
||||
retry_interval 10
|
||||
delay_start 5
|
||||
retry_attempts 3
|
||||
retry_interval 10
|
||||
|
||||
base_auth_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}
|
||||
metadata_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}/application/o/caddy/.well-known/openid-configuration
|
||||
}
|
||||
authentication portal myportal {
|
||||
enable identity provider generic
|
||||
cookie domain {$DOMAIN}
|
||||
ui {
|
||||
links {
|
||||
"My Identity" "/whoami" icon "las la-user"
|
||||
"Jellyfin" https://jellyfin.{$SUBDOMAIN}.{$DOMAIN} icon "las la-play"
|
||||
}
|
||||
}
|
||||
|
||||
transform user {
|
||||
match realm mine
|
||||
action add role authp/user
|
||||
}
|
||||
|
||||
transform user {
|
||||
match realm mine
|
||||
|
||||
# Give this account admin role in the auth portal
|
||||
match email rik.veenboer@gmail.com
|
||||
action add role authp/admin
|
||||
base_auth_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}
|
||||
metadata_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}/application/o/caddy/.well-known/openid-configuration
|
||||
}
|
||||
authentication portal myportal {
|
||||
enable identity provider generic
|
||||
cookie domain {$DOMAIN}
|
||||
ui {
|
||||
links {
|
||||
"My Identity" "/whoami" icon "las la-user"
|
||||
"Jellyfin" https://jellyfin.{$SUBDOMAIN}.{$DOMAIN} icon "las la-play"
|
||||
}
|
||||
}
|
||||
authorization policy mypolicy {
|
||||
set auth url https://auth.{$SUBDOMAIN}.{$DOMAIN}/oauth2/generic
|
||||
allow roles authp/admin authp/user
|
||||
validate bearer header
|
||||
inject headers with claims
|
||||
|
||||
transform user {
|
||||
match realm mine
|
||||
action add role authp/user
|
||||
}
|
||||
|
||||
transform user {
|
||||
match realm mine
|
||||
|
||||
# Give this account admin role in the auth portal
|
||||
match email rik.veenboer@gmail.com
|
||||
action add role authp/admin
|
||||
}
|
||||
}
|
||||
authorization policy mypolicy {
|
||||
set auth url https://auth.{$SUBDOMAIN}.{$DOMAIN}/oauth2/generic
|
||||
allow roles authp/admin authp/user
|
||||
validate bearer header
|
||||
inject headers with claims
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user