From 9f394b4b97144890106d391a0282b95df9a17755 Mon Sep 17 00:00:00 2001
From: Chris King <cking91977@gmail.com>
Date: Thu, 16 Jan 2025 14:27:23 -0800
Subject: [PATCH] Move Caddyfile into config/Caddyfile to allow caddy reload to
 work in Docker Remove caddyfile configs setup in docker-compose.yml Add
 authentik, redirect, and authentik-forward Caddyfile snippets Move homepage,
 frigate, and code into Authentik in Caddyfile Add redirect for home to
 homepage

---
 caddy/{ => config}/Caddyfile | 53 ++++++++++++++++++++++++++++++++++--
 caddy/docker-compose.yml     |  8 +-----
 2 files changed, 51 insertions(+), 10 deletions(-)
 rename caddy/{ => config}/Caddyfile (63%)

diff --git a/caddy/Caddyfile b/caddy/config/Caddyfile
similarity index 63%
rename from caddy/Caddyfile
rename to caddy/config/Caddyfile
index 4e8dc31..036fdb3 100644
--- a/caddy/Caddyfile
+++ b/caddy/config/Caddyfile
@@ -74,6 +74,46 @@
 		import ttt-proxy {args[1]} {args[2]}
 	}
 }
+(authentik) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		reverse_proxy authentik-app-1:9000 {
+			header_up X-Real-IP {http.request.header.CF-Connecting-IP}
+			header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
+		}
+	}
+}
+(redirect) {
+	{args[0]}.tremendousturtle.tools {
+		import tls
+		redir https://{args[1]}.tremendousturtle.tools{uri}
+	}
+}
+(authentik-forward) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		route {
+			# always forward outpost path to actual outpost
+			reverse_proxy /outpost.goauthentik.io/* http://authentik-app-1:9000
+
+			# forward authentication to outpost
+			forward_auth http://authentik-app-1:9000 {
+				uri /outpost.goauthentik.io/auth/caddy
+
+				# capitalization of the headers is important, otherwise they will be empty
+				copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+
+				# optional, in this config trust all private ranges, should probably be set to the outposts IP
+				trusted_proxies private_ranges
+			}
+
+			# actual site configuration below, for example
+			reverse_proxy {args[1]}:{args[2]}
+		}
+	}
+}
 
 # Web Config
 tremendousturtle.tools {
@@ -93,7 +133,7 @@ authentik.tremendousturtle.tools {
 
 # Define code.tremendousturtle.tools
 # Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost)
-import ttt-app-local code 8020
+#import ttt-app-local code 8020
 import ttt-app-local pihole 1080
 import ttt-app-local sonarr 8989
 import ttt-app-local radarr 7878
@@ -101,11 +141,11 @@ import ttt-app-local prowlarr 9696
 import ttt-app-local cockpit 9090
 
 # Docker apps with same subdomain as docker compose project name
-import ttt-app frigate 8971
+#import ttt-app frigate 8971
 import ttt-app overseerr 5055
 import ttt-app openobserve 5080
 import ttt-app gitea 3000
-import ttt-app homepage 3000
+#import ttt-app homepage 3000
 import ttt-app requestrr 4545
 
 # Alternate configuration (different subdomain and docker compose project name)
@@ -114,3 +154,10 @@ import ttt-app-alt trilium triliumnext-notes-app-1 8080
 import ttt-app-alt notes triliumnext-notes-app-1 8080
 import ttt-app-alt stash stashapp-app-1 9999
 import ttt-app-alt pihole1 192.168.1.116 80
+
+# Authentik Configs
+import authentik homepage
+import redirect home homepage
+
+import authentik frigate
+import authentik code
diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml
index c26714a..cc203d4 100644
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@@ -13,12 +13,10 @@ services:
       - "443:443"
       - "443:443/udp"
       - "2019:2019"
-    configs:
-      - source: caddyfile
-        target: /etc/caddy/Caddyfile
     volumes:
       - ./data/site:/srv
       - ./data/logs:/logs
+      - ./config:/etc/caddy
       - caddy_data:/data
       - caddy_config:/config
 
@@ -26,10 +24,6 @@ networks:
   proxy-net:
     external: true
 
-configs:
-  caddyfile:
-    file: ./Caddyfile
-
 volumes:
   caddy_data:
   caddy_config: