mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
и снова фикс кадди
This commit is contained in:
@@ -1,7 +1,6 @@
|
||||
# Cloudflare (создайте Scoped API Token c правами Zone:Read + DNS:Edit
|
||||
# для зоны nothing.help — не используйте глобальный API‑ключ!)
|
||||
CF_API_TOKEN=jRq98TKXi2rYYtG42x9w1M8EOElt5V5BOkA4TBoY
|
||||
CADDY_INGRESS_NETWORKS=proxy
|
||||
JWT=pzq7ywjyp663i5444nugdi5hgpzjd5rr
|
||||
|
||||
# Пользователи для авторизации описываются в файле users.json
|
||||
# рядом с docker-compose.yml. Хэши паролей можно получить
|
||||
# командой `caddy hash-password --plaintext "пароль"`.
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
acme_dns cloudflare {$CF_API_TOKEN}
|
||||
|
||||
order authenticate before respond
|
||||
order authorize before reverse_proxy
|
||||
order authorize before basicauth
|
||||
|
||||
servers {
|
||||
trusted_proxies static private_ranges
|
||||
@@ -17,6 +17,7 @@
|
||||
|
||||
authentication portal authportal {
|
||||
crypto default token lifetime {$AUTH_TOKEN_LIFETIME:43200}
|
||||
crypto key sign-verify {$JWT}
|
||||
enable identity store localdb
|
||||
|
||||
cookie domain realy.nothing.help
|
||||
@@ -26,29 +27,33 @@
|
||||
ui {
|
||||
links {
|
||||
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
|
||||
"WhoAmI" "/whoami" icon "las la-user"
|
||||
"My Identity" "/auth/whoami" icon "las la-id-badge"
|
||||
"My Profile" "/auth/profile/" icon "las la-user"
|
||||
}
|
||||
}
|
||||
|
||||
transform user {
|
||||
match origin local
|
||||
action add role admin
|
||||
action add role authp/admin
|
||||
# require mfa
|
||||
}
|
||||
}
|
||||
|
||||
authorization policy apikey_or_admin {
|
||||
set auth url https://auth.realy.nothing.help
|
||||
allow roles admin
|
||||
allow roles authp/admin authp/user
|
||||
crypto key verify {$JWT}
|
||||
|
||||
with basic auth portal authportal realm local
|
||||
with api key auth portal authportal realm local
|
||||
|
||||
acl rule {
|
||||
comment "Accept"
|
||||
match role admin
|
||||
comment allow users
|
||||
match role authp/user
|
||||
allow stop log info
|
||||
}
|
||||
acl rule {
|
||||
comment "Deny"
|
||||
comment default deny
|
||||
match any
|
||||
deny log warn
|
||||
}
|
||||
|
||||
+4
-3
@@ -9,9 +9,10 @@ services:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "443:443/udp"
|
||||
environment:
|
||||
- CADDY_INGRESS_NETWORKS=proxy
|
||||
- CF_API_TOKEN=${CF_API_TOKEN}
|
||||
env_file:
|
||||
- .env
|
||||
#environment:
|
||||
#- CF_API_TOKEN=${CF_API_TOKEN}
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- caddy_data:/data
|
||||
|
||||
+21
-4
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"version": "1.1.2",
|
||||
"version": "1.1.7",
|
||||
"policy": {
|
||||
"password": {
|
||||
"keep_versions": 10,
|
||||
@@ -19,8 +19,8 @@
|
||||
"allow_uppercase": false
|
||||
}
|
||||
},
|
||||
"revision": 2,
|
||||
"last_modified": "2021-10-25T13:04:58.482997492-04:00",
|
||||
"revision": 7,
|
||||
"last_modified": "2025-08-28T19:12:55.534658844Z",
|
||||
"users": [
|
||||
{
|
||||
"id": "39555452-454e-4c85-829b-8195a8dd8c81",
|
||||
@@ -46,12 +46,29 @@
|
||||
"disabled_at": "0001-01-01T00:00:00Z"
|
||||
}
|
||||
],
|
||||
"api_keys": [
|
||||
{
|
||||
"id": "yvLkKTyFMu6n1q3YAG0np5W5hcCIFWoyfQPciHkh",
|
||||
"prefix": "NuRZm4NXKfmDTyVo7XWbwZeM",
|
||||
"usage": "api",
|
||||
"comment": "test",
|
||||
"payload": "$2a$10$DZVydqhmY8Df4HHYRUQpJOmT2hTd.A3nAGIcI/tp19RbnO6vyUf62",
|
||||
"expired_at": "0001-01-01T00:00:00Z",
|
||||
"created_at": "2025-08-28T19:12:55.534650459Z",
|
||||
"disabled_at": "0001-01-01T00:00:00Z"
|
||||
}
|
||||
],
|
||||
"created": "2021-10-25T17:04:58.42512588Z",
|
||||
"last_modified": "2021-10-25T17:04:58.42512594Z",
|
||||
"last_modified": "2025-08-28T19:12:55.534654817Z",
|
||||
"revision": 5,
|
||||
"roles": [
|
||||
{
|
||||
"name": "admin",
|
||||
"organization": "authp"
|
||||
},
|
||||
{
|
||||
"name": "user",
|
||||
"organization": "authp"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user