-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCaddyfile
179 lines (145 loc) · 4.47 KB
/
Caddyfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
(cors) {
header {
Access-Control-Allow-Methods "GET,OPTIONS,PUT,POST,DELETE,HEAD,PATCH"
Access-Control-Allow-Headers content-type
Access-Control-Max-Age 100
Access-Control-Allow-Origin *
}
}
(handle_route_without_auth) {
# handle does not strips the prefix from the request path
handle {args.0}/* {
reverse_proxy {args.1}
import cors
}
}
(handle_path_route_with_auth) {
# handle_path automatically strips the prefix from the request path
handle_path {args.0}* {
reverse_proxy {args.1}
import cors
import auth
}
}
(handle_route_with_auth) {
# handle_path automatically strips the prefix from the request path
handle {args.0} {
reverse_proxy {args.2}
uri strip_prefix {args.1}
import cors
import auth
}
}
(handle_path_route_without_auth) {
# handle_path automatically strips the prefix from the request path
handle_path {args.0}* {
reverse_proxy {args.1}
import cors
}
}
(payments) {
@transferinitiationwritermatcher {
path {args.0}/transfer-initiations*
method POST DELETE
}
@transferinitiationreadermatcher {
path {args.0}/transfer-initiation*
method GET
}
@bankaccountswritermatcher {
path {args.0}/bank-accounts*
method POST
}
@bankaccountsreadermatcher {
path {args.0}/bank-accounts*
method GET
}
@connectorsmatcher {
path {args.0}/connectors*
}
@configmatcher {
path {args.0}/configs*
}
@accountsmatcher {
path {args.0}/accounts*
}
import handle_route_with_auth @transferinitiationreadermatcher {args.0} {args.1}
import handle_route_with_auth @bankaccountsreadermatcher {args.0} {args.1}
import handle_route_with_auth @accountsmatcher {args.0} {args.1}
import handle_route_with_auth @bankaccountswritermatcher {args.0} {args.2}
import handle_route_with_auth @transferinitiationwritermatcher {args.0} {args.2}
import handle_route_with_auth @connectorsmatcher {args.0} {args.2}
import handle_route_with_auth @configmatcher {args.0} {args.2}
# All other requests on the api
import handle_path_route_with_auth {args.0} {args.1}
}
(auth) {
auth {
issuer http://localhost/api/auth
read_key_set_max_retries 10
}
}
(audit) {
audit {
# Kafka publisher
publisher_kafka_broker {$PUBLISHER_KAFKA_BROKER:redpanda:29092}
publisher_kafka_enabled {$PUBLISHER_KAFKA_ENABLED:false}
publisher_kafka_tls_enabled {$PUBLISHER_KAFKA_TLS_ENABLED:false}
publisher_kafka_sasl_enabled {$PUBLISHER_KAFKA_SASL_ENABLED:false}
publisher_kafka_sasl_username {$PUBLISHER_KAFKA_SASL_USERNAME}
publisher_kafka_sasl_password {$PUBLISHER_KAFKA_SASL_PASSWORD}
publisher_kafka_sasl_mechanism {$PUBLISHER_KAFKA_SASL_MECHANISM}
publisher_kafka_sasl_scram_sha_size {$PUBLISHER_KAFKA_SASL_SCRAM_SHA_SIZE}
# Nats publisher
publisher_nats_enabled {$PUBLISHER_NATS_ENABLED:true}
publisher_nats_url {$PUBLISHER_NATS_URL:nats://nats:4222}
publisher_nats_client_id {$PUBLISHER_NATS_CLIENT_ID:gateway}
}
}
{
# Many directives manipulate the HTTP handler chain and the order in which
# those directives are evaluated matters. So the jwtauth directive must be
# ordered.
# c.f. https://caddyserver.com/docs/caddyfile/directives#directive-order
order auth before basicauth
order versions after metrics
order audit after encode
# Local env dev config
debug
}
localhost:80 {
tracing {
span gateway
}
import handle_route_without_auth "/api/auth/dex" "127.0.0.1:5556"
import handle_path_route_without_auth "/api/auth" "127.0.0.1:8083"
import handle_path_route_with_auth "/api/ledger" "127.0.0.1:3068"
import handle_path_route_with_auth "/api/wallets" "127.0.0.1:8081"
import handle_path_route_with_auth "/api/search" "127.0.0.1:8080"
import payments "/api/payments" "127.0.0.1:8082" "127.0.0.1:8087"
import handle_path_route_with_auth "/api/webhooks" "127.0.0.1:8084"
import audit
handle /versions {
versions {
region "local"
env "local"
endpoints {
auth http://127.0.0.1:8083/_info http://127.0.0.1:8083/_healthcheck
ledger http://127.0.0.1:3068/_info http://127.0.0.1:3068/_healthcheck
wallets http://127.0.0.1:8081/_info http://127.0.0.1:8081/_healthcheck
paymentsapi http://127.0.0.1:8082/_info http://127.0.0.1:8082/_healthcheck
paymentsconnectors http://127.0.0.1:8087/_info http://127.0.0.1:8087/_healthcheck
search http://127.0.0.1:8080/_info http://127.0.0.1:8080/_healthcheck
webhooks http://127.0.0.1:8084/_info http://127.0.0.1:8084/_healthcheck
}
}
}
handle /api/* {
respond "Bad Gateway" 502
}
# handle all other requests
handle {
reverse_proxy 127.0.0.1:3000
import cors
}
}