mirror of https://github.com/caddyserver/caddy
203 lines
4.7 KiB
Plaintext
203 lines
4.7 KiB
Plaintext
app.example.com {
|
|
forward_auth authelia:9091 {
|
|
uri /api/authz/forward-auth
|
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
|
}
|
|
|
|
reverse_proxy backend:8080
|
|
}
|
|
----------
|
|
{
|
|
"apps": {
|
|
"http": {
|
|
"servers": {
|
|
"srv0": {
|
|
"listen": [
|
|
":443"
|
|
],
|
|
"routes": [
|
|
{
|
|
"match": [
|
|
{
|
|
"host": [
|
|
"app.example.com"
|
|
]
|
|
}
|
|
],
|
|
"handle": [
|
|
{
|
|
"handler": "subroute",
|
|
"routes": [
|
|
{
|
|
"handle": [
|
|
{
|
|
"handle_response": [
|
|
{
|
|
"match": {
|
|
"status_code": [
|
|
2
|
|
]
|
|
},
|
|
"routes": [
|
|
{
|
|
"handle": [
|
|
{
|
|
"handler": "vars"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"handle": [
|
|
{
|
|
"handler": "headers",
|
|
"request": {
|
|
"set": {
|
|
"Remote-Email": [
|
|
"{http.reverse_proxy.header.Remote-Email}"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"match": [
|
|
{
|
|
"not": [
|
|
{
|
|
"vars": {
|
|
"{http.reverse_proxy.header.Remote-Email}": [
|
|
""
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"handle": [
|
|
{
|
|
"handler": "headers",
|
|
"request": {
|
|
"set": {
|
|
"Remote-Groups": [
|
|
"{http.reverse_proxy.header.Remote-Groups}"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"match": [
|
|
{
|
|
"not": [
|
|
{
|
|
"vars": {
|
|
"{http.reverse_proxy.header.Remote-Groups}": [
|
|
""
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"handle": [
|
|
{
|
|
"handler": "headers",
|
|
"request": {
|
|
"set": {
|
|
"Remote-Name": [
|
|
"{http.reverse_proxy.header.Remote-Name}"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"match": [
|
|
{
|
|
"not": [
|
|
{
|
|
"vars": {
|
|
"{http.reverse_proxy.header.Remote-Name}": [
|
|
""
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"handle": [
|
|
{
|
|
"handler": "headers",
|
|
"request": {
|
|
"set": {
|
|
"Remote-User": [
|
|
"{http.reverse_proxy.header.Remote-User}"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"match": [
|
|
{
|
|
"not": [
|
|
{
|
|
"vars": {
|
|
"{http.reverse_proxy.header.Remote-User}": [
|
|
""
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"handler": "reverse_proxy",
|
|
"headers": {
|
|
"request": {
|
|
"set": {
|
|
"X-Forwarded-Method": [
|
|
"{http.request.method}"
|
|
],
|
|
"X-Forwarded-Uri": [
|
|
"{http.request.uri}"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"rewrite": {
|
|
"method": "GET",
|
|
"uri": "/api/authz/forward-auth"
|
|
},
|
|
"upstreams": [
|
|
{
|
|
"dial": "authelia:9091"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"handler": "reverse_proxy",
|
|
"upstreams": [
|
|
{
|
|
"dial": "backend:8080"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"terminal": true
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |