diff --git a/.env.example b/.env.example index 1ae07083..4ea246db 100644 --- a/.env.example +++ b/.env.example @@ -101,6 +101,10 @@ OAUTH_ALLOW_AUTO_LINKING=false # Auto-link OAuth to accounts without pas # Certificate storage directory (usually no need to change) # CERTS_DIRECTORY=./data/certs +# Caddy certificate directory for ACME metadata scanning in the Certificates page +# (Only needed for custom/non-standard deployments) +# CADDY_CERTS_DIR=/caddy-data/caddy/certificates + # Login rate limiting (optional, for custom rate limit settings) # LOGIN_MAX_ATTEMPTS=5 # LOGIN_WINDOW_MS=300000 diff --git a/README.md b/README.md index 7da81cc9..bf7fafd8 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,11 @@ Web interface for managing [Caddy Server](https://caddyserver.com/) reverse prox This project provides a web UI for Caddy Server, eliminating the need to manually edit JSON configurations or Caddyfiles. It handles reverse proxies, access lists, and certificate management through a Material UI interface. **Key features:** -- Reverse proxy configuration with upstream pools and custom headers -- HTTP basic auth access lists +- Reverse proxy configuration with multiple upstreams and custom headers +- HTTP basic auth access lists with multi-account support - OAuth2/OIDC authentication support - Automatic HTTPS via Caddy's ACME (Let's Encrypt) with Cloudflare DNS-01 support +- ACME certificate visibility (issuer + expiry) in the Certificates page - Optional upstream DNS pinning (resolve upstream hostnames on config apply) - Geo blocking per proxy host — block/allow by country, continent, ASN, CIDR, or IP - Custom certificate import (internal CA, wildcards, etc.) @@ -45,10 +46,10 @@ Data persists in Docker volumes (caddy-manager-data, caddy-data, caddy-config, c ## Features -- **Proxy Hosts** - Reverse proxies with custom headers and upstream pools +- **Proxy Hosts** - Reverse proxies with custom headers and multiple upstreams - **Geo Blocking** - Block or allow traffic by country, continent, ASN, CIDR range, or exact IP per proxy host -- **Access Lists** - HTTP basic auth -- **Certificates** - Custom SSL/TLS import (automatic Let's Encrypt via Caddy) +- **Access Lists** - Multi-account HTTP basic auth +- **Certificates** - Automatic Let's Encrypt certificates via Caddy + manual SSL/TLS import - **Settings** - ACME email, Cloudflare DNS-01, and upstream DNS pinning defaults - **Audit Log** - Configuration change tracking @@ -67,6 +68,7 @@ Data persists in Docker volumes (caddy-manager-data, caddy-data, caddy-config, c | `CADDY_API_URL` | Caddy Admin API endpoint | `http://caddy:2019` (prod)
`http://localhost:2019` (dev) | No | | `DATABASE_URL` | SQLite database URL | `file:/app/data/caddy-proxy-manager.db` | No | | `CERTS_DIRECTORY` | Certificate storage directory | `./data/certs` | No | +| `CADDY_CERTS_DIR` | Caddy cert storage path used for ACME metadata scanning (non-default deployments) | `/caddy-data/caddy/certificates` | No | | `LOGIN_MAX_ATTEMPTS` | Max login attempts before rate limit | `5` | No | | `LOGIN_WINDOW_MS` | Rate limit window in milliseconds | `300000` (5 min) | No | | `LOGIN_BLOCK_MS` | Rate limit block duration in milliseconds | `900000` (15 min) | No | @@ -75,6 +77,10 @@ Data persists in Docker volumes (caddy-manager-data, caddy-data, caddy-config, c | `OAUTH_CLIENT_ID` | OAuth2 client ID | None | No | | `OAUTH_CLIENT_SECRET` | OAuth2 client secret | None | No | | `OAUTH_ISSUER` | OAuth2 OIDC issuer URL | None | No | +| `OAUTH_AUTHORIZATION_URL` | Optional OAuth authorization endpoint override | Auto-discovered from `OAUTH_ISSUER` | No | +| `OAUTH_TOKEN_URL` | Optional OAuth token endpoint override | Auto-discovered from `OAUTH_ISSUER` | No | +| `OAUTH_USERINFO_URL` | Optional OAuth userinfo endpoint override | Auto-discovered from `OAUTH_ISSUER` | No | +| `OAUTH_ALLOW_AUTO_LINKING` | Allow auto-linking OAuth identities to existing users | `false` | No | **Production Requirements:** - `SESSION_SECRET`: 32+ characters (`openssl rand -base64 32`) @@ -230,8 +236,8 @@ Contributions welcome: ## Support -- **Issues:** [GitHub Issues](https://github.com/yourusername/caddy-proxy-manager/issues) for bugs and feature requests -- **Discussions:** [GitHub Discussions](https://github.com/yourusername/caddy-proxy-manager/discussions) for questions and ideas +- **Issues:** [GitHub Issues](https://github.com/fuomag9/caddy-proxy-manager/issues) for bugs and feature requests +- **Discussions:** [GitHub Discussions](https://github.com/fuomag9/caddy-proxy-manager/discussions) for questions and ideas ---