More auth work, ugh
This commit is contained in:
parent
e10bde0646
commit
a9e4c9fea1
|
@ -12,20 +12,19 @@
|
|||
# since `handle` is a mutually-exclusive thingy.
|
||||
# https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827
|
||||
(restricted-access) {
|
||||
handle {
|
||||
@noauth header !Authorization
|
||||
handle @noauth {
|
||||
forward_auth authelia:9091 {
|
||||
import authelia
|
||||
}
|
||||
}
|
||||
handle {
|
||||
forward_auth authelia:9091 {
|
||||
import authelia
|
||||
header_up Proxy-Authorization {header.authorization}
|
||||
}
|
||||
}
|
||||
@noAuth header !Authorization
|
||||
@hasAuth not header !Authorization
|
||||
forward_auth @noAuth authelia:9091 {
|
||||
import authelia
|
||||
}
|
||||
forward_auth @hasAuth authelia:9091 {
|
||||
import authelia
|
||||
header_up Proxy-Authorization {header.authorization}
|
||||
}
|
||||
|
||||
# XXX: If the client sends an "Accept" header, Authelia returns 401 with no Www-Authenticate header, violating HTTP
|
||||
@unauthorized `{err.status_code} == 401`
|
||||
header @unauthorized Www-Authenticate "Basic realm=goober"
|
||||
}
|
||||
|
||||
auth.woozle.org {
|
||||
|
@ -102,6 +101,10 @@ deergrove.woozle.org {
|
|||
reverse_proxy host.lan:5801
|
||||
}
|
||||
|
||||
handle_path /netdata/* {
|
||||
reverse_proxy netdata:19999
|
||||
}
|
||||
|
||||
# Octoprint serves up broken webcam URLs
|
||||
uri replace /webcam/ /octoprint/webcam/
|
||||
handle_path /octoprint/* {
|
||||
|
|
|
@ -44,6 +44,7 @@ access_control:
|
|||
- domain: deergrove.woozle.org
|
||||
resources:
|
||||
- '^/[a-z.]*$'
|
||||
- '^/netdata/'
|
||||
policy: one_factor
|
||||
|
||||
- domain: drive.woozle.org
|
||||
|
@ -73,6 +74,7 @@ access_control:
|
|||
- HEAD
|
||||
- GET
|
||||
- PROPFIND
|
||||
- OPTIONS
|
||||
resources:
|
||||
- '^/(README.md)?$'
|
||||
- '^/incoming/'
|
||||
|
|
|
@ -218,6 +218,29 @@ services:
|
|||
source: /srv/sys/atlas/status
|
||||
target: /var/atlas-probe/status
|
||||
|
||||
netdata:
|
||||
image: netdata/netdata
|
||||
hostname: "{{.Node.Hostname}}"
|
||||
environment:
|
||||
NETDATA_DISABLE_CLOUD: "1"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /
|
||||
target: /host
|
||||
read_only: true
|
||||
- type: bind
|
||||
source: /srv/sys/netdata/lib
|
||||
target: /var/lib/netdata
|
||||
- type: bind
|
||||
source: /srv/sys/netdata/cache
|
||||
target: /var/cache/netdata
|
||||
configs:
|
||||
- source: netdata.conf
|
||||
target: /etc/netdata/netdata.conf
|
||||
|
||||
|
||||
geneweb:
|
||||
image: ravermeister/geneweb
|
||||
volumes:
|
||||
|
@ -311,7 +334,7 @@ configs:
|
|||
name: Corefile-v4
|
||||
Caddyfile:
|
||||
file: Caddyfile
|
||||
name: Caddyfile-v111
|
||||
name: Caddyfile-v120
|
||||
index.html:
|
||||
file: www/index.html
|
||||
name: index.html-v42
|
||||
|
@ -329,7 +352,10 @@ configs:
|
|||
name: deergrove.png-v1
|
||||
authelia.yaml:
|
||||
file: authelia.yaml
|
||||
name: authelia.yaml-v24
|
||||
name: authelia.yaml-v28
|
||||
netdata.conf:
|
||||
file: netdata.conf
|
||||
name: netdata.conf-v1
|
||||
|
||||
secrets:
|
||||
passwd:
|
||||
|
|
Loading…
Reference in New Issue