diff --git a/admin/Caddyfile b/admin/Caddyfile new file mode 100644 index 0000000..ab6225b --- /dev/null +++ b/admin/Caddyfile @@ -0,0 +1,25 @@ +{ + email dead@cxap.space + dns cloudflare {$CF_API_TOKEN} + servers { + dns cloudflare {env.CF_API_TOKEN} + trusted_proxies static private_ranges + } +} + +# общий сниппет авторизации +(tinyauth_forwarder) { + forward_auth tinyauth:3000 { + uri /api/auth/caddy + copy_headers Remote-User Remote-Name Remote-Email Remote-Groups + } +} + +# при желании — отдельный сниппет для API +(tinyauth_api_forwarder) { + forward_auth tinyauth:3000 { + uri /api/auth/caddy + header_up Authorization {http.request.header.X-Api-Key} + header_up Accept application/json + } +} diff --git a/admin/bootstrap/docker-compose.yml b/admin/bootstrap/docker-compose.yml index 63e0cb4..fc8b843 100644 --- a/admin/bootstrap/docker-compose.yml +++ b/admin/bootstrap/docker-compose.yml @@ -15,30 +15,16 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - caddy_data:/data + - ./Caddyfile:/etc/caddy/Caddyfile:ro networks: [proxy] - # Глобальные настройки + сниппет для forward_auth (Tinyauth) - labels: - caddy.email: dead@cxap.space - caddy.dns: "cloudflare {env.CF_API_TOKEN}" command: ["caddy","docker-proxy","--docker-sockets","unix:///var/run/docker.sock"] - caddy-snippets: - image: alpine:3.20 - command: ["sleep", "infinity"] - restart: unless-stopped - networks: [proxy] - labels: - # сниппет аутентификации - caddy: (tinyauth_forwarder) - caddy.forward_auth: tinyauth:3000 - caddy.forward_auth.uri: /api/auth/caddy - caddy.forward_auth.copy_headers: Remote-User Remote-Name Remote-Email Remote-Groups - tinyauth: image: ghcr.io/steveiliop56/tinyauth:v3 container_name: tinyauth restart: unless-stopped environment: + - LOG_LEVEL=2 - APP_URL=https://auth.realy.nothing.help - SECRET=${TINYAUTH_SECRET} - USERS=${TINYAUTH_USERS} @@ -67,7 +53,7 @@ services: labels: caddy: port.realy.nothing.help caddy.encode: zstd gzip - caddy.import: tinyauth_forwarder * + caddy.import: tinyauth_forwarder caddy.reverse_proxy: "{{upstreams 9000}}" volumes: