Last active
November 26, 2024 13:49
-
-
Save greenpau/dbfadd3c9fee21dbb0a0d3902a8d0ec0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
http_port 8080 | |
https_port 8443 | |
# debug | |
security { | |
authentication portal myportal { | |
crypto default token lifetime 3600 | |
crypto key sign-verify {env.JWT_SHARED_KEY} | |
backend local {env.HOME}/.local/caddy/users.json local | |
backend github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET} | |
cookie domain myfiosgateway.com | |
ui { | |
links { | |
"My Website" https://assetq.myfiosgateway.com:8443/ icon "las la-star" | |
"Guests" https://assetq.myfiosgateway.com:8443/guests icon "las la-star" | |
"Users" https://assetq.myfiosgateway.com:8443/users icon "las la-star" | |
"Admins" https://assetq.myfiosgateway.com:8443/admins icon "las la-star" | |
"My Identity" "/whoami" icon "las la-user" | |
} | |
password_recovery_enabled yes | |
} | |
transform user { | |
match origin local | |
action add role authp/user | |
ui link "Portal Settings" /settings icon "las la-cog" | |
} | |
transform user { | |
match realm github | |
match sub github.com/greenpau | |
action add role authp/user | |
} | |
registration { | |
dropbox {env.HOME}/.local/caddy/registrations.json | |
title "User Registration" | |
code "NY2020" | |
require accept terms | |
require domain mx | |
} | |
} | |
authorization policy guests_policy { | |
# disable auth redirect | |
set auth url https://auth.myfiosgateway.com:8443/ | |
allow roles authp/admin authp/user | |
crypto key verify {env.JWT_SHARED_KEY} | |
acl rule { | |
comment allow guests only | |
match role guest authp/guest | |
allow stop log info | |
} | |
acl rule { | |
comment default deny | |
always match iss any | |
deny log warn | |
} | |
} | |
authorization policy users_policy { | |
set auth url https://auth.myfiosgateway.com:8443/ | |
allow roles authp/admin authp/user | |
crypto key verify {env.JWT_SHARED_KEY} | |
acl rule { | |
comment allow users | |
match role authp/user | |
allow stop log info | |
} | |
acl rule { | |
comment default deny | |
always match role any | |
deny log warn | |
} | |
} | |
authorization policy admins_policy { | |
set auth url https://auth.myfiosgateway.com:8443/ | |
allow roles authp/admin authp/user | |
crypto key verify {env.JWT_SHARED_KEY} | |
acl rule { | |
comment allow users | |
match role authp/user | |
allow stop log info | |
} | |
acl rule { | |
comment default deny | |
always match role any | |
deny log warn | |
} | |
} | |
} | |
} | |
(tls_config) { | |
tls {env.HOME}/.local/caddy/server.crt {env.HOME}/.local/caddy/server.key | |
} | |
auth.myfiosgateway.com { | |
import tls_config | |
route { | |
authenticate with myportal | |
} | |
} | |
assetq.myfiosgateway.com { | |
import tls_config | |
route /guests* { | |
authorize with guests_policy | |
respond * "assetq - guests only" 200 | |
} | |
route /users* { | |
authorize with users_policy | |
respond * "assetq - users" 200 | |
} | |
route /admins* { | |
authorize with admins_policy | |
respond * "assetq - admins" 200 | |
} | |
route { | |
respond "assetq is running" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@greenpau is this still maintained. I tried your config and /settings /admin /guest paths all redirect like full urls instead of paths so the url address in the browser becomes https://test.localhost/test.localhost/guests.
Also the syntax seems to be invalid.
password_recovery_enabled yes
is not recognized and had to be disabled in order for Caddy to start.I am using your latest Caddy docker Image. ghcr.io/authcrunch/authcrunch:v1.0.11