chris/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9f394b4b97144890106d391a0282b95df9a17755
docker/caddy/config/Caddyfile
Chris King 9f394b4b97 Move Caddyfile into config/Caddyfile to allow caddy reload to work in Docker 
Remove caddyfile configs setup in docker-compose.yml
Add authentik, redirect, and authentik-forward Caddyfile snippets
Move homepage, frigate, and code into Authentik in Caddyfile
Add redirect for home to homepage
2025-01-16 14:27:23 -08:00

164 lines
4.2 KiB
Caddyfile
Raw Blame History

# Global Config
{
email certs@tremendousturtle.tools
default_sni tremendousturtle.tools
acme_ca https://acme-v02.api.letsencrypt.org/directory
admin :2019
# debug
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
servers {
trusted_proxies cloudflare {
interval 12h
timeout 15s
}
client_ip_headers Cf-Connecting-Ip X-Forwarded-For X-Real-IP
}
}
# Global Reusable Blocks
(tls) {
tls {
dns cloudflare {
zone_token {env.CF_ZONE_TOKEN}
api_token {env.CF_API_TOKEN}
}
resolvers 1.1.1.1 1.0.0.1
}
}
(secure) {
forward_auth {args[0]} authelia-app-1:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
}
(secure-external) {
forward_auth {args[0]} https://auth.tremendousturtle.tools {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
header_up Host {upstream_hostport}
}
}
(ttt-log) {
log {
output file /logs/{args[0]}.tremendousturtle.tools.log
}
}
(ttt-proxy) {
reverse_proxy {args[0]}:{args[1]} {
header_up X-Real-IP {http.request.header.CF-Connecting-IP}
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
}
}
(ttt-app) {
{args[0]}.tremendousturtle.tools {
import ttt-log {args[0]}
import tls
import secure *
import ttt-proxy {args[0]}-app-1 {args[1]}
}
}
(ttt-app-local) {
{args[0]}.tremendousturtle.tools {
import ttt-log {args[0]}
import tls
import secure *
import ttt-proxy host.docker.internal {args[1]}
}
}
(ttt-app-alt) {
{args[0]}.tremendousturtle.tools {
import ttt-log {args[0]}
import tls
import secure *
import ttt-proxy {args[1]} {args[2]}
}
}
(authentik) {
{args[0]}.tremendousturtle.tools {
import ttt-log {args[0]}
import tls
reverse_proxy authentik-app-1:9000 {
header_up X-Real-IP {http.request.header.CF-Connecting-IP}
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
}
}
}
(redirect) {
{args[0]}.tremendousturtle.tools {
import tls
redir https://{args[1]}.tremendousturtle.tools{uri}
}
}
(authentik-forward) {
{args[0]}.tremendousturtle.tools {
import ttt-log {args[0]}
import tls
route {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://authentik-app-1:9000
# forward authentication to outpost
forward_auth http://authentik-app-1:9000 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
# actual site configuration below, for example
reverse_proxy {args[1]}:{args[2]}
}
}
}
# Web Config
tremendousturtle.tools {
import tls
respond "I'm Alive!"
}
auth.tremendousturtle.tools {
import tls
reverse_proxy authelia-app-1:9091
}
authentik.tremendousturtle.tools {
import tls
reverse_proxy authentik-app-1:9000
}
# Define code.tremendousturtle.tools
# Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost)
#import ttt-app-local code 8020
import ttt-app-local pihole 1080
import ttt-app-local sonarr 8989
import ttt-app-local radarr 7878
import ttt-app-local prowlarr 9696
import ttt-app-local cockpit 9090
# Docker apps with same subdomain as docker compose project name
#import ttt-app frigate 8971
import ttt-app overseerr 5055
import ttt-app openobserve 5080
import ttt-app gitea 3000
#import ttt-app homepage 3000
import ttt-app requestrr 4545
# Alternate configuration (different subdomain and docker compose project name)
import ttt-app-alt budget actual-server-app-1 5006
import ttt-app-alt trilium triliumnext-notes-app-1 8080
import ttt-app-alt notes triliumnext-notes-app-1 8080
import ttt-app-alt stash stashapp-app-1 9999
import ttt-app-alt pihole1 192.168.1.116 80
# Authentik Configs
import authentik homepage
import redirect home homepage
import authentik frigate
import authentik code
Reference in New Issue View Git Blame Copy Permalink