Move Caddyfile into config/Caddyfile to allow caddy reload to work in Docker

Remove caddyfile configs setup in docker-compose.yml Add authentik, redirect, and authentik-forward Caddyfile snippets Move homepage, frigate, and code into Authentik in Caddyfile Add redirect for home to homepage
2025-01-16 14:27:23 -08:00
parent 6d353fcd69
commit 9f394b4b97
2 changed files with 51 additions and 10 deletions
--- a/caddy/config/Caddyfile
+++ b/caddy/config/Caddyfile
@@ -74,6 +74,46 @@
 		import ttt-proxy {args[1]} {args[2]}
 	}
 }
+(authentik) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		reverse_proxy authentik-app-1:9000 {
+			header_up X-Real-IP {http.request.header.CF-Connecting-IP}
+			header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
+		}
+	}
+}
+(redirect) {
+	{args[0]}.tremendousturtle.tools {
+		import tls
+		redir https://{args[1]}.tremendousturtle.tools{uri}
+	}
+}
+(authentik-forward) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		route {
+			# always forward outpost path to actual outpost
+			reverse_proxy /outpost.goauthentik.io/* http://authentik-app-1:9000
+
+			# forward authentication to outpost
+			forward_auth http://authentik-app-1:9000 {
+				uri /outpost.goauthentik.io/auth/caddy
+
+				# capitalization of the headers is important, otherwise they will be empty
+				copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+
+				# optional, in this config trust all private ranges, should probably be set to the outposts IP
+				trusted_proxies private_ranges
+			}
+
+			# actual site configuration below, for example
+			reverse_proxy {args[1]}:{args[2]}
+		}
+	}
+}

 # Web Config
 tremendousturtle.tools {
@@ -93,7 +133,7 @@ authentik.tremendousturtle.tools {

 # Define code.tremendousturtle.tools
 # Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost)
-import ttt-app-local code 8020
+#import ttt-app-local code 8020
 import ttt-app-local pihole 1080
 import ttt-app-local sonarr 8989
 import ttt-app-local radarr 7878
@@ -101,11 +141,11 @@ import ttt-app-local prowlarr 9696
 import ttt-app-local cockpit 9090

 # Docker apps with same subdomain as docker compose project name
-import ttt-app frigate 8971
+#import ttt-app frigate 8971
 import ttt-app overseerr 5055
 import ttt-app openobserve 5080
 import ttt-app gitea 3000
-import ttt-app homepage 3000
+#import ttt-app homepage 3000
 import ttt-app requestrr 4545

 # Alternate configuration (different subdomain and docker compose project name)
@@ -114,3 +154,10 @@ import ttt-app-alt trilium triliumnext-notes-app-1 8080
 import ttt-app-alt notes triliumnext-notes-app-1 8080
 import ttt-app-alt stash stashapp-app-1 9999
 import ttt-app-alt pihole1 192.168.1.116 80
+
+# Authentik Configs
+import authentik homepage
+import redirect home homepage
+
+import authentik frigate
+import authentik code
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@@ -13,12 +13,10 @@ services:
      - "443:443"
      - "443:443/udp"
      - "2019:2019"
-    configs:
-      - source: caddyfile
-        target: /etc/caddy/Caddyfile
    volumes:
      - ./data/site:/srv
      - ./data/logs:/logs
+      - ./config:/etc/caddy
      - caddy_data:/data
      - caddy_config:/config

@@ -26,10 +24,6 @@ networks:
  proxy-net:
    external: true

-configs:
-  caddyfile:
-    file: ./Caddyfile
-
 volumes:
  caddy_data:
  caddy_config: