Skip to content

Instantly share code, notes, and snippets.

@mueslimak3r
Created May 1, 2022 07:47
Show Gist options
  • Save mueslimak3r/0e4a0eebe9f6a5296ce7bb8fb4a9f684 to your computer and use it in GitHub Desktop.
Save mueslimak3r/0e4a0eebe9f6a5296ce7bb8fb4a9f684 to your computer and use it in GitHub Desktop.
caddy security caddyfile for google oath2
{
admin off
http_port 80
https_port 443
order authenticate before respond
order authorize before basicauth
security {
oauth identity provider google {env.GOOGLE_CLIENT_ID} {env.GOOGLE_CLIENT_SECRET}
authentication portal myportal {
enable identity provider google
crypto default token lifetime 3600
crypto key sign-verify {env.JWT_SHARED_KEY}
cookie domain mydomain.com
ui {
links {
"My Identity" "/whoami" icon "las la-user"
}
}
transform user {
match realm google
action add role authp/user
ui link "Main Website" https://mydomain.com icon "las la-star"
}
transform user {
match realm google
match email myemail@gmail.com
action add role authp/admin
}
}
authorization policy mypolicy {
set auth url https://auth.mydomain.com/auth/oauth2/google
crypto key verify {env.JWT_SHARED_KEY}
allow roles authp/admin authp/user
validate bearer header
inject headers with claims
}
}
}
auth.mydomain.com {
authenticate with myportal
}
myservice.mydomain.com {
authorize with mypolicy
reverse_proxy http://localhost:9000
}
myfileserver.mydomain.com {
redir / https://mydomain.com
root * /AppData/webfiles
file_server
handle_errors {
respond "{http.error.status_code} {http.error.status_text}"
}
}
mydomain.com {
reverse_proxy http://localhost:8080
}
www.mydomain.com {
redir https://mydomain.com
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment