123 lines
2.3 KiB
Caddyfile
123 lines
2.3 KiB
Caddyfile
{
|
|
email neale@woozle.org
|
|
#debug
|
|
}
|
|
|
|
(authelia) {
|
|
uri /api/verify?rd=https://auth.woozle.org/
|
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
|
}
|
|
|
|
# This has to be at the same level as other `handle` directives,
|
|
# since `handle` is a mutually-exclusive thingy.
|
|
# https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827
|
|
(restricted-access) {
|
|
@noAuth header !Authorization
|
|
@hasAuth not header !Authorization
|
|
forward_auth @noAuth authelia:9091 {
|
|
import authelia
|
|
}
|
|
forward_auth @hasAuth authelia:9091 {
|
|
import authelia
|
|
header_up Proxy-Authorization {header.authorization}
|
|
}
|
|
|
|
# XXX: If the client sends an "Accept" header, Authelia returns 401 with no Www-Authenticate header, violating HTTP
|
|
@unauthorized `{err.status_code} == 401`
|
|
header @unauthorized Www-Authenticate "Basic realm=goober"
|
|
}
|
|
|
|
auth.woozle.org {
|
|
reverse_proxy authelia:9091
|
|
}
|
|
|
|
git.woozle.org {
|
|
reverse_proxy forgejo:3000
|
|
}
|
|
|
|
drive.woozle.org {
|
|
import restricted-access
|
|
|
|
# XXX: browsing says method not allowed
|
|
@nondav {
|
|
method HEAD GET
|
|
}
|
|
# route overrides built-in ordering
|
|
route {
|
|
file_server @nondav {
|
|
root /srv/
|
|
browse /browser.html
|
|
}
|
|
reverse_proxy webdav:8000
|
|
}
|
|
}
|
|
|
|
media.woozle.org {
|
|
reverse_proxy jellyfin:8096
|
|
}
|
|
|
|
# XXX: have this use caddy auth
|
|
ancestry.woozle.org {
|
|
reverse_proxy geneweb:2317
|
|
}
|
|
|
|
##
|
|
## handle sends original path
|
|
## handle_path truncates path
|
|
##
|
|
|
|
deergrove.woozle.org {
|
|
import restricted-access
|
|
|
|
handle_path /ddns/* {
|
|
reverse_proxy ddns:8000
|
|
}
|
|
|
|
handle /transmission/* {
|
|
reverse_proxy transmission:9091
|
|
}
|
|
|
|
handle /nzbget/* {
|
|
reverse_proxy nzbget:6789
|
|
}
|
|
|
|
handle /sonarr/* {
|
|
reverse_proxy sonarr:8989
|
|
}
|
|
handle /radarr/* {
|
|
reverse_proxy radarr:7878
|
|
}
|
|
handle /readarr/* {
|
|
reverse_proxy readarr:8787
|
|
}
|
|
handle /lidarr/* {
|
|
reverse_proxy lidarr:8686
|
|
}
|
|
handle /prowlarr/* {
|
|
reverse_proxy prowlarr:9696
|
|
}
|
|
|
|
handle_path /sucker/* {
|
|
reverse_proxy host.lan:5801
|
|
}
|
|
|
|
handle_path /netdata/* {
|
|
reverse_proxy netdata:19999
|
|
}
|
|
|
|
# Octoprint serves up broken webcam URLs
|
|
uri replace /webcam/ /octoprint/webcam/
|
|
handle_path /octoprint/* {
|
|
reverse_proxy {
|
|
to 192.168.86.20:80
|
|
header_up X-Script-Name "/octoprint"
|
|
}
|
|
}
|
|
|
|
handle {
|
|
file_server {
|
|
root /www
|
|
}
|
|
}
|
|
}
|