mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
и снова фикс кадди
This commit is contained in:
@@ -1,7 +1,6 @@
|
|||||||
# Cloudflare (создайте Scoped API Token c правами Zone:Read + DNS:Edit
|
# Cloudflare (создайте Scoped API Token c правами Zone:Read + DNS:Edit
|
||||||
# для зоны nothing.help — не используйте глобальный API‑ключ!)
|
# для зоны nothing.help — не используйте глобальный API‑ключ!)
|
||||||
CF_API_TOKEN=jRq98TKXi2rYYtG42x9w1M8EOElt5V5BOkA4TBoY
|
CF_API_TOKEN=jRq98TKXi2rYYtG42x9w1M8EOElt5V5BOkA4TBoY
|
||||||
|
CADDY_INGRESS_NETWORKS=proxy
|
||||||
|
JWT=pzq7ywjyp663i5444nugdi5hgpzjd5rr
|
||||||
|
|
||||||
# Пользователи для авторизации описываются в файле users.json
|
|
||||||
# рядом с docker-compose.yml. Хэши паролей можно получить
|
|
||||||
# командой `caddy hash-password --plaintext "пароль"`.
|
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
acme_dns cloudflare {$CF_API_TOKEN}
|
acme_dns cloudflare {$CF_API_TOKEN}
|
||||||
|
|
||||||
order authenticate before respond
|
order authenticate before respond
|
||||||
order authorize before reverse_proxy
|
order authorize before basicauth
|
||||||
|
|
||||||
servers {
|
servers {
|
||||||
trusted_proxies static private_ranges
|
trusted_proxies static private_ranges
|
||||||
@@ -17,6 +17,7 @@
|
|||||||
|
|
||||||
authentication portal authportal {
|
authentication portal authportal {
|
||||||
crypto default token lifetime {$AUTH_TOKEN_LIFETIME:43200}
|
crypto default token lifetime {$AUTH_TOKEN_LIFETIME:43200}
|
||||||
|
crypto key sign-verify {$JWT}
|
||||||
enable identity store localdb
|
enable identity store localdb
|
||||||
|
|
||||||
cookie domain realy.nothing.help
|
cookie domain realy.nothing.help
|
||||||
@@ -26,29 +27,33 @@
|
|||||||
ui {
|
ui {
|
||||||
links {
|
links {
|
||||||
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
|
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
|
||||||
"WhoAmI" "/whoami" icon "las la-user"
|
"My Identity" "/auth/whoami" icon "las la-id-badge"
|
||||||
|
"My Profile" "/auth/profile/" icon "las la-user"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
transform user {
|
transform user {
|
||||||
match origin local
|
match origin local
|
||||||
action add role admin
|
action add role authp/admin
|
||||||
# require mfa
|
# require mfa
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
authorization policy apikey_or_admin {
|
authorization policy apikey_or_admin {
|
||||||
set auth url https://auth.realy.nothing.help
|
set auth url https://auth.realy.nothing.help
|
||||||
allow roles admin
|
allow roles authp/admin authp/user
|
||||||
|
crypto key verify {$JWT}
|
||||||
|
|
||||||
|
with basic auth portal authportal realm local
|
||||||
with api key auth portal authportal realm local
|
with api key auth portal authportal realm local
|
||||||
|
|
||||||
acl rule {
|
acl rule {
|
||||||
comment "Accept"
|
comment allow users
|
||||||
match role admin
|
match role authp/user
|
||||||
allow stop log info
|
allow stop log info
|
||||||
}
|
}
|
||||||
acl rule {
|
acl rule {
|
||||||
comment "Deny"
|
comment default deny
|
||||||
match any
|
match any
|
||||||
deny log warn
|
deny log warn
|
||||||
}
|
}
|
||||||
|
|||||||
+4
-3
@@ -9,9 +9,10 @@ services:
|
|||||||
- "80:80"
|
- "80:80"
|
||||||
- "443:443"
|
- "443:443"
|
||||||
- "443:443/udp"
|
- "443:443/udp"
|
||||||
environment:
|
env_file:
|
||||||
- CADDY_INGRESS_NETWORKS=proxy
|
- .env
|
||||||
- CF_API_TOKEN=${CF_API_TOKEN}
|
#environment:
|
||||||
|
#- CF_API_TOKEN=${CF_API_TOKEN}
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- caddy_data:/data
|
- caddy_data:/data
|
||||||
|
|||||||
+21
-4
@@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"version": "1.1.2",
|
"version": "1.1.7",
|
||||||
"policy": {
|
"policy": {
|
||||||
"password": {
|
"password": {
|
||||||
"keep_versions": 10,
|
"keep_versions": 10,
|
||||||
@@ -19,8 +19,8 @@
|
|||||||
"allow_uppercase": false
|
"allow_uppercase": false
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"revision": 2,
|
"revision": 7,
|
||||||
"last_modified": "2021-10-25T13:04:58.482997492-04:00",
|
"last_modified": "2025-08-28T19:12:55.534658844Z",
|
||||||
"users": [
|
"users": [
|
||||||
{
|
{
|
||||||
"id": "39555452-454e-4c85-829b-8195a8dd8c81",
|
"id": "39555452-454e-4c85-829b-8195a8dd8c81",
|
||||||
@@ -46,12 +46,29 @@
|
|||||||
"disabled_at": "0001-01-01T00:00:00Z"
|
"disabled_at": "0001-01-01T00:00:00Z"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
"api_keys": [
|
||||||
|
{
|
||||||
|
"id": "yvLkKTyFMu6n1q3YAG0np5W5hcCIFWoyfQPciHkh",
|
||||||
|
"prefix": "NuRZm4NXKfmDTyVo7XWbwZeM",
|
||||||
|
"usage": "api",
|
||||||
|
"comment": "test",
|
||||||
|
"payload": "$2a$10$DZVydqhmY8Df4HHYRUQpJOmT2hTd.A3nAGIcI/tp19RbnO6vyUf62",
|
||||||
|
"expired_at": "0001-01-01T00:00:00Z",
|
||||||
|
"created_at": "2025-08-28T19:12:55.534650459Z",
|
||||||
|
"disabled_at": "0001-01-01T00:00:00Z"
|
||||||
|
}
|
||||||
|
],
|
||||||
"created": "2021-10-25T17:04:58.42512588Z",
|
"created": "2021-10-25T17:04:58.42512588Z",
|
||||||
"last_modified": "2021-10-25T17:04:58.42512594Z",
|
"last_modified": "2025-08-28T19:12:55.534654817Z",
|
||||||
|
"revision": 5,
|
||||||
"roles": [
|
"roles": [
|
||||||
{
|
{
|
||||||
"name": "admin",
|
"name": "admin",
|
||||||
"organization": "authp"
|
"organization": "authp"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "user",
|
||||||
|
"organization": "authp"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user