{ email neale@woozle.org #debug } (authelia) { uri /api/verify?rd=https://auth.woozle.org/ copy_headers Remote-User Remote-Groups Remote-Name Remote-Email } # This has to be at the same level as other `handle` directives, # since `handle` is a mutually-exclusive thingy. # https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827 (restricted-access) { @noAuth header !Authorization @hasAuth not header !Authorization forward_auth @noAuth authelia:9091 { import authelia } forward_auth @hasAuth authelia:9091 { import authelia header_up Proxy-Authorization {header.authorization} } # XXX: If the client sends an "Accept" header, Authelia returns 401 with no Www-Authenticate header, violating HTTP @unauthorized `{err.status_code} == 401` header @unauthorized Www-Authenticate "Basic realm=goober" } auth.woozle.org { reverse_proxy authelia:9091 } git.woozle.org { reverse_proxy forgejo:3000 } drive.woozle.org { import restricted-access # XXX: browsing says method not allowed @nondav { method HEAD GET } # route overrides built-in ordering route { file_server @nondav { root /srv/ browse /browser.html } reverse_proxy webdav:8000 } } media.woozle.org { reverse_proxy jellyfin:8096 } # XXX: have this use caddy auth ancestry.woozle.org { reverse_proxy geneweb:2317 } photos.woozle.org { import restricted-access reverse_proxy pigallery2:80 } ## ## handle sends original path ## handle_path truncates path ## deergrove.woozle.org { import restricted-access handle_path /ddns/* { reverse_proxy ddns:8000 } handle /transmission/* { reverse_proxy transmission:9091 } handle /nzbget/* { reverse_proxy nzbget:6789 } handle /sonarr/* { reverse_proxy sonarr:8989 } handle /radarr/* { reverse_proxy radarr:7878 } handle /readarr/* { reverse_proxy readarr:8787 } handle /lidarr/* { reverse_proxy lidarr:8686 } handle /prowlarr/* { reverse_proxy prowlarr:9696 } handle /unmanic/* { reverse_proxy unmanic:8888 } handle_path /sucker/* { reverse_proxy host.lan:5801 } handle_path /netdata/* { reverse_proxy netdata:19999 } # Octoprint serves up broken webcam URLs uri replace /webcam/ /octoprint/webcam/ handle_path /octoprint/* { reverse_proxy { to 192.168.86.20:80 header_up X-Script-Name "/octoprint" } } handle { file_server { root /www } } }