You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
My goal is to use a wildcard certificate and subdomains to protect some services. I got something working, but I just wanted to post here for other people to reference and to make sure it is correct.
This would be for a home server that hosts simple things.
cheers and thank you for the great open source project!
{
# debug
order log first
order authenticate before respond
order authorize before basicauth
security {
authentication portal myportal {
crypto default token lifetime 3600
backend local /etc/caddy/auth/local/users.json local
cookie domain blah.org
transform user {
match origin local
action add role authp/user
}
}
authorization policy sillypolicy {
set auth url https://auth.blah.org
allow roles authp/user authp/admin
acl rule {
comment allow users
match role authp/user
allow stop log info
}
acl rule {
comment default deny
match any
deny log warn
}
}
}
}
*.blah.org {
tls {
{redacted}
}
@auth host auth.blah.org
handle @auth {
authenticate with myportal
}
@tmoney host tmoney.blah.org
handle @tmoney {
authorize with sillypolicy
reverse_proxy tmoney:8888
}
@r3 host r3.blah.org
handle @r3 {
authorize with sillypolicy
reverse_proxy r3:7888
}
@unprotected host unprotected.blah.org
handle @unproc {
reverse_proxy unprotected:7889
}
log {
format formatted "{request>host} {common_log} endcl {request>headers>Origin} {request>tls>server_name}"
output file /var/log/caddy/access.log
}
}
The text was updated successfully, but these errors were encountered:
Hello,
My goal is to use a wildcard certificate and subdomains to protect some services. I got something working, but I just wanted to post here for other people to reference and to make sure it is correct.
This would be for a home server that hosts simple things.
cheers and thank you for the great open source project!
The text was updated successfully, but these errors were encountered: