и снова фикс кадди

This commit is contained in:
2025-08-29 17:44:18 +03:00
parent 46e36a0876
commit a0a05b7b3a
4 changed files with 41 additions and 19 deletions
+14 -9
View File
@@ -3,7 +3,7 @@
acme_dns cloudflare {$CF_API_TOKEN}
order authenticate before respond
order authorize before reverse_proxy
order authorize before basicauth
servers {
trusted_proxies static private_ranges
@@ -17,6 +17,7 @@
authentication portal authportal {
crypto default token lifetime {$AUTH_TOKEN_LIFETIME:43200}
crypto key sign-verify {$JWT}
enable identity store localdb
cookie domain realy.nothing.help
@@ -25,30 +26,34 @@
ui {
links {
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
"WhoAmI" "/whoami" icon "las la-user"
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
"My Identity" "/auth/whoami" icon "las la-id-badge"
"My Profile" "/auth/profile/" icon "las la-user"
}
}
transform user {
match origin local
action add role admin
action add role authp/admin
# require mfa
}
}
authorization policy apikey_or_admin {
set auth url https://auth.realy.nothing.help
allow roles admin
allow roles authp/admin authp/user
crypto key verify {$JWT}
with basic auth portal authportal realm local
with api key auth portal authportal realm local
acl rule {
comment "Accept"
match role admin
allow stop log info
comment allow users
match role authp/user
allow stop log info
}
acl rule {
comment "Deny"
comment default deny
match any
deny log warn
}