добавил caddyfile для базовых директив

(не всё же в леблы пихать, так не удобно)
This commit is contained in:
2025-08-25 08:05:43 +03:00
parent f1683181f4
commit b218f0a2cc
2 changed files with 28 additions and 17 deletions
+25
View File
@@ -0,0 +1,25 @@
{
email dead@cxap.space
dns cloudflare {$CF_API_TOKEN}
servers {
dns cloudflare {env.CF_API_TOKEN}
trusted_proxies static private_ranges
}
}
# общий сниппет авторизации
(tinyauth_forwarder) {
forward_auth tinyauth:3000 {
uri /api/auth/caddy
copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
}
}
# при желании — отдельный сниппет для API
(tinyauth_api_forwarder) {
forward_auth tinyauth:3000 {
uri /api/auth/caddy
header_up Authorization {http.request.header.X-Api-Key}
header_up Accept application/json
}
}
+3 -17
View File
@@ -15,30 +15,16 @@ services:
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- caddy_data:/data - caddy_data:/data
- ./Caddyfile:/etc/caddy/Caddyfile:ro
networks: [proxy] networks: [proxy]
# Глобальные настройки + сниппет для forward_auth (Tinyauth)
labels:
caddy.email: dead@cxap.space
caddy.dns: "cloudflare {env.CF_API_TOKEN}"
command: ["caddy","docker-proxy","--docker-sockets","unix:///var/run/docker.sock"] command: ["caddy","docker-proxy","--docker-sockets","unix:///var/run/docker.sock"]
caddy-snippets:
image: alpine:3.20
command: ["sleep", "infinity"]
restart: unless-stopped
networks: [proxy]
labels:
# сниппет аутентификации
caddy: (tinyauth_forwarder)
caddy.forward_auth: tinyauth:3000
caddy.forward_auth.uri: /api/auth/caddy
caddy.forward_auth.copy_headers: Remote-User Remote-Name Remote-Email Remote-Groups
tinyauth: tinyauth:
image: ghcr.io/steveiliop56/tinyauth:v3 image: ghcr.io/steveiliop56/tinyauth:v3
container_name: tinyauth container_name: tinyauth
restart: unless-stopped restart: unless-stopped
environment: environment:
- LOG_LEVEL=2
- APP_URL=https://auth.realy.nothing.help - APP_URL=https://auth.realy.nothing.help
- SECRET=${TINYAUTH_SECRET} - SECRET=${TINYAUTH_SECRET}
- USERS=${TINYAUTH_USERS} - USERS=${TINYAUTH_USERS}
@@ -67,7 +53,7 @@ services:
labels: labels:
caddy: port.realy.nothing.help caddy: port.realy.nothing.help
caddy.encode: zstd gzip caddy.encode: zstd gzip
caddy.import: tinyauth_forwarder * caddy.import: tinyauth_forwarder
caddy.reverse_proxy: "{{upstreams 9000}}" caddy.reverse_proxy: "{{upstreams 9000}}"
volumes: volumes: