From b218f0a2cc2ad10dd77a6b56a6050be3e0df37dc Mon Sep 17 00:00:00 2001 From: deadcxap Date: Mon, 25 Aug 2025 08:05:43 +0300 Subject: [PATCH] =?UTF-8?q?=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D0=BB=20ca?= =?UTF-8?q?ddyfile=20=D0=B4=D0=BB=D1=8F=20=D0=B1=D0=B0=D0=B7=D0=BE=D0=B2?= =?UTF-8?q?=D1=8B=D1=85=20=D0=B4=D0=B8=D1=80=D0=B5=D0=BA=D1=82=D0=B8=D0=B2?= =?UTF-8?q?=20(=D0=BD=D0=B5=20=D0=B2=D1=81=D1=91=20=D0=B6=D0=B5=20=D0=B2?= =?UTF-8?q?=20=D0=BB=D0=B5=D0=B1=D0=BB=D1=8B=20=D0=BF=D0=B8=D1=85=D0=B0?= =?UTF-8?q?=D1=82=D1=8C,=20=D1=82=D0=B0=D0=BA=20=D0=BD=D0=B5=20=D1=83?= =?UTF-8?q?=D0=B4=D0=BE=D0=B1=D0=BD=D0=BE)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/Caddyfile | 25 +++++++++++++++++++++++++ admin/bootstrap/docker-compose.yml | 20 +++----------------- 2 files changed, 28 insertions(+), 17 deletions(-) create mode 100644 admin/Caddyfile diff --git a/admin/Caddyfile b/admin/Caddyfile new file mode 100644 index 0000000..ab6225b --- /dev/null +++ b/admin/Caddyfile @@ -0,0 +1,25 @@ +{ + email dead@cxap.space + dns cloudflare {$CF_API_TOKEN} + servers { + dns cloudflare {env.CF_API_TOKEN} + trusted_proxies static private_ranges + } +} + +# общий сниппет авторизации +(tinyauth_forwarder) { + forward_auth tinyauth:3000 { + uri /api/auth/caddy + copy_headers Remote-User Remote-Name Remote-Email Remote-Groups + } +} + +# при желании — отдельный сниппет для API +(tinyauth_api_forwarder) { + forward_auth tinyauth:3000 { + uri /api/auth/caddy + header_up Authorization {http.request.header.X-Api-Key} + header_up Accept application/json + } +} diff --git a/admin/bootstrap/docker-compose.yml b/admin/bootstrap/docker-compose.yml index 63e0cb4..fc8b843 100644 --- a/admin/bootstrap/docker-compose.yml +++ b/admin/bootstrap/docker-compose.yml @@ -15,30 +15,16 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - caddy_data:/data + - ./Caddyfile:/etc/caddy/Caddyfile:ro networks: [proxy] - # Глобальные настройки + сниппет для forward_auth (Tinyauth) - labels: - caddy.email: dead@cxap.space - caddy.dns: "cloudflare {env.CF_API_TOKEN}" command: ["caddy","docker-proxy","--docker-sockets","unix:///var/run/docker.sock"] - caddy-snippets: - image: alpine:3.20 - command: ["sleep", "infinity"] - restart: unless-stopped - networks: [proxy] - labels: - # сниппет аутентификации - caddy: (tinyauth_forwarder) - caddy.forward_auth: tinyauth:3000 - caddy.forward_auth.uri: /api/auth/caddy - caddy.forward_auth.copy_headers: Remote-User Remote-Name Remote-Email Remote-Groups - tinyauth: image: ghcr.io/steveiliop56/tinyauth:v3 container_name: tinyauth restart: unless-stopped environment: + - LOG_LEVEL=2 - APP_URL=https://auth.realy.nothing.help - SECRET=${TINYAUTH_SECRET} - USERS=${TINYAUTH_USERS} @@ -67,7 +53,7 @@ services: labels: caddy: port.realy.nothing.help caddy.encode: zstd gzip - caddy.import: tinyauth_forwarder * + caddy.import: tinyauth_forwarder caddy.reverse_proxy: "{{upstreams 9000}}" volumes: