Created
May 1, 2022 07:47
-
-
Save mueslimak3r/0e4a0eebe9f6a5296ce7bb8fb4a9f684 to your computer and use it in GitHub Desktop.
caddy security caddyfile for google oath2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
admin off | |
http_port 80 | |
https_port 443 | |
order authenticate before respond | |
order authorize before basicauth | |
security { | |
oauth identity provider google {env.GOOGLE_CLIENT_ID} {env.GOOGLE_CLIENT_SECRET} | |
authentication portal myportal { | |
enable identity provider google | |
crypto default token lifetime 3600 | |
crypto key sign-verify {env.JWT_SHARED_KEY} | |
cookie domain mydomain.com | |
ui { | |
links { | |
"My Identity" "/whoami" icon "las la-user" | |
} | |
} | |
transform user { | |
match realm google | |
action add role authp/user | |
ui link "Main Website" https://mydomain.com icon "las la-star" | |
} | |
transform user { | |
match realm google | |
match email myemail@gmail.com | |
action add role authp/admin | |
} | |
} | |
authorization policy mypolicy { | |
set auth url https://auth.mydomain.com/auth/oauth2/google | |
crypto key verify {env.JWT_SHARED_KEY} | |
allow roles authp/admin authp/user | |
validate bearer header | |
inject headers with claims | |
} | |
} | |
} | |
auth.mydomain.com { | |
authenticate with myportal | |
} | |
myservice.mydomain.com { | |
authorize with mypolicy | |
reverse_proxy http://localhost:9000 | |
} | |
myfileserver.mydomain.com { | |
redir / https://mydomain.com | |
root * /AppData/webfiles | |
file_server | |
handle_errors { | |
respond "{http.error.status_code} {http.error.status_text}" | |
} | |
} | |
mydomain.com { | |
reverse_proxy http://localhost:8080 | |
} | |
www.mydomain.com { | |
redir https://mydomain.com | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment