tidy up caddy config
This commit is contained in:
@@ -1,10 +1,8 @@
|
|||||||
import conf/*.caddy
|
|
||||||
|
|
||||||
{
|
{
|
||||||
import dynamic_dns
|
import conf/dynamic_dns.caddy
|
||||||
import auth
|
import conf/auth.caddy
|
||||||
import geoip2
|
import conf/geoip2.caddy
|
||||||
# import layer4
|
# import conf/layer4.caddy
|
||||||
}
|
}
|
||||||
|
|
||||||
(unprotected) {
|
(unprotected) {
|
||||||
@@ -18,7 +16,7 @@ import conf/*.caddy
|
|||||||
|
|
||||||
(protected) {
|
(protected) {
|
||||||
{args[0]}.{$SUBDOMAIN}.{$DOMAIN} {
|
{args[0]}.{$SUBDOMAIN}.{$DOMAIN} {
|
||||||
import authentik
|
import conf/authentik.caddy
|
||||||
reverse_proxy {args[1]}
|
reverse_proxy {args[1]}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
(auth) {
|
order authenticate before respond
|
||||||
order authenticate before respond
|
order authorize before reverse_proxy
|
||||||
order authorize before reverse_proxy
|
security {
|
||||||
security {
|
|
||||||
oauth identity provider generic {
|
oauth identity provider generic {
|
||||||
realm mine
|
realm mine
|
||||||
driver generic
|
driver generic
|
||||||
@@ -45,5 +44,4 @@
|
|||||||
validate bearer header
|
validate bearer header
|
||||||
inject headers with claims
|
inject headers with claims
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
(authentik) {
|
reverse_proxy /outpost.goauthentik.io/* http://host:19000
|
||||||
reverse_proxy /outpost.goauthentik.io/* http://host:19000
|
forward_auth http://host:19000 {
|
||||||
forward_auth http://host:19000 {
|
|
||||||
uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
|
uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
|
||||||
copy_headers {
|
copy_headers {
|
||||||
X-Authentik-Username
|
X-Authentik-Username
|
||||||
@@ -23,5 +22,4 @@
|
|||||||
X-Custom-Password
|
X-Custom-Password
|
||||||
X-User-Header
|
X-User-Header
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,9 +1,7 @@
|
|||||||
(dynamic_dns) {
|
dynamic_dns {
|
||||||
dynamic_dns {
|
|
||||||
provider route53
|
provider route53
|
||||||
domains {
|
domains {
|
||||||
{$DOMAIN}. {$SUBDOMAIN}
|
{$DOMAIN}. {$SUBDOMAIN}
|
||||||
}
|
}
|
||||||
versions ipv4
|
versions ipv4
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
(geoip2) {
|
order geoip2_vars first
|
||||||
order geoip2_vars first
|
geoip2 {
|
||||||
geoip2 {
|
|
||||||
# accountId {$GEO_ACCOUNT_ID}
|
# accountId {$GEO_ACCOUNT_ID}
|
||||||
# licenseKey {$GEO_API_KEY}
|
# licenseKey {$GEO_API_KEY}
|
||||||
databaseDirectory /data/caddy/geoip/
|
databaseDirectory /data/caddy/geoip/
|
||||||
@@ -8,5 +7,4 @@
|
|||||||
editionID GeoLite2-City
|
editionID GeoLite2-City
|
||||||
updateUrl https://updates.maxmind.com
|
updateUrl https://updates.maxmind.com
|
||||||
updateFrequency 86400 # in seconds
|
updateFrequency 86400 # in seconds
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,10 +1,8 @@
|
|||||||
(layer4) {
|
layer4 {
|
||||||
layer4 {
|
|
||||||
:443 {
|
:443 {
|
||||||
@openvpn openvpn
|
@openvpn openvpn
|
||||||
route @openvpn {
|
route @openvpn {
|
||||||
proxy host:444 # Proxy OpenVPN traffic to its backend
|
proxy host:444 # Proxy OpenVPN traffic to its backend
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ geo.{$SUBDOMAIN}.{$DOMAIN} {
|
|||||||
# trusted_proxies: Trust 'X-Forwarded-For' header_up if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
|
# trusted_proxies: Trust 'X-Forwarded-For' header_up if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
|
||||||
# default: trusted_proxies
|
# default: trusted_proxies
|
||||||
|
|
||||||
@geofilter expression ({geoip2.country_code} == "NL")
|
@geofilter expression ({geoip2.country_code} != "FR")
|
||||||
|
|
||||||
route @geofilter {
|
route @geofilter {
|
||||||
reverse_proxy host:12345 {
|
reverse_proxy host:12345 {
|
||||||
|
|||||||
Reference in New Issue
Block a user