-
Notifications
You must be signed in to change notification settings - Fork 0
/
Caddyfile
60 lines (51 loc) · 1.25 KB
/
Caddyfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
http_port 8080
https_port 8443
# debug
order authenticate before respond
order authorize before basicauth
security {
oauth identity provider github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET}
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify {env.JWT_SHARED_KEY}
cookie domain myfiosgateway.com
enable identity provider github
ui {
links {
"My Identity" "/whoami" icon "las la-user"
}
}
transform user {
match realm github
action add role authp/user
ui link "File Server" https://assetq.myfiosgateway.com:8443/ icon "las la-star"
}
transform user {
match realm github
match sub github.com/greenpau
action add role authp/admin
}
}
authorization policy mypolicy {
set auth url https://auth.myfiosgateway.com:8443/oauth2/github
crypto key verify {env.JWT_SHARED_KEY}
allow roles authp/admin authp/user
validate bearer header
inject headers with claims
}
}
}
(tls_config) {
tls {$HOME}/.local/caddy/server.crt {$HOME}/.local/caddy/server.key
}
auth.myfiosgateway.com {
import tls_config
authenticate with myportal
}
assetq.myfiosgateway.com {
import tls_config
authorize with mypolicy
root * {env.HOME}/www
file_server
}