и снова фикс кадди

This commit is contained in:
2025-08-29 17:44:18 +03:00
parent 46e36a0876
commit a0a05b7b3a
4 changed files with 41 additions and 19 deletions
+2 -3
View File
@@ -1,7 +1,6 @@
# Cloudflare (создайте Scoped API Token c правами Zone:Read + DNS:Edit
# для зоны nothing.help — не используйте глобальный API‑ключ!)
CF_API_TOKEN=jRq98TKXi2rYYtG42x9w1M8EOElt5V5BOkA4TBoY
CADDY_INGRESS_NETWORKS=proxy
JWT=pzq7ywjyp663i5444nugdi5hgpzjd5rr
# Пользователи для авторизации описываются в файле users.json
# рядом с docker-compose.yml. Хэши паролей можно получить
# командой `caddy hash-password --plaintext "пароль"`.
+12 -7
View File
@@ -3,7 +3,7 @@
acme_dns cloudflare {$CF_API_TOKEN}
order authenticate before respond
order authorize before reverse_proxy
order authorize before basicauth
servers {
trusted_proxies static private_ranges
@@ -17,6 +17,7 @@
authentication portal authportal {
crypto default token lifetime {$AUTH_TOKEN_LIFETIME:43200}
crypto key sign-verify {$JWT}
enable identity store localdb
cookie domain realy.nothing.help
@@ -26,29 +27,33 @@
ui {
links {
"Portainer" "https://port.realy.nothing.help" icon "las la-tachometer-alt"
"WhoAmI" "/whoami" icon "las la-user"
"My Identity" "/auth/whoami" icon "las la-id-badge"
"My Profile" "/auth/profile/" icon "las la-user"
}
}
transform user {
match origin local
action add role admin
action add role authp/admin
# require mfa
}
}
authorization policy apikey_or_admin {
set auth url https://auth.realy.nothing.help
allow roles admin
allow roles authp/admin authp/user
crypto key verify {$JWT}
with basic auth portal authportal realm local
with api key auth portal authportal realm local
acl rule {
comment "Accept"
match role admin
comment allow users
match role authp/user
allow stop log info
}
acl rule {
comment "Deny"
comment default deny
match any
deny log warn
}
+4 -3
View File
@@ -9,9 +9,10 @@ services:
- "80:80"
- "443:443"
- "443:443/udp"
environment:
- CADDY_INGRESS_NETWORKS=proxy
- CF_API_TOKEN=${CF_API_TOKEN}
env_file:
- .env
#environment:
#- CF_API_TOKEN=${CF_API_TOKEN}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- caddy_data:/data
+21 -4
View File
@@ -1,5 +1,5 @@
{
"version": "1.1.2",
"version": "1.1.7",
"policy": {
"password": {
"keep_versions": 10,
@@ -19,8 +19,8 @@
"allow_uppercase": false
}
},
"revision": 2,
"last_modified": "2021-10-25T13:04:58.482997492-04:00",
"revision": 7,
"last_modified": "2025-08-28T19:12:55.534658844Z",
"users": [
{
"id": "39555452-454e-4c85-829b-8195a8dd8c81",
@@ -46,12 +46,29 @@
"disabled_at": "0001-01-01T00:00:00Z"
}
],
"api_keys": [
{
"id": "yvLkKTyFMu6n1q3YAG0np5W5hcCIFWoyfQPciHkh",
"prefix": "NuRZm4NXKfmDTyVo7XWbwZeM",
"usage": "api",
"comment": "test",
"payload": "$2a$10$DZVydqhmY8Df4HHYRUQpJOmT2hTd.A3nAGIcI/tp19RbnO6vyUf62",
"expired_at": "0001-01-01T00:00:00Z",
"created_at": "2025-08-28T19:12:55.534650459Z",
"disabled_at": "0001-01-01T00:00:00Z"
}
],
"created": "2021-10-25T17:04:58.42512588Z",
"last_modified": "2021-10-25T17:04:58.42512594Z",
"last_modified": "2025-08-28T19:12:55.534654817Z",
"revision": 5,
"roles": [
{
"name": "admin",
"organization": "authp"
},
{
"name": "user",
"organization": "authp"
}
]
}