akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
3fb643f41e34340e09d664c13096d22be3310c1e
caddy-proxy-manager/.env.example
akanealw 99819b70ff
Some checks failed
Build and Push Docker Images (Trusted) / build-and-push (., docker/caddy/Dockerfile, caddy) (push) Has been cancelled
Details
Build and Push Docker Images (Trusted) / build-and-push (., docker/l4-port-manager/Dockerfile, l4-port-manager) (push) Has been cancelled
Details
Build and Push Docker Images (Trusted) / build-and-push (., docker/web/Dockerfile, web) (push) Has been cancelled
Details
Tests / test (push) Has been cancelled
Details
added caddy-proxy-manager for testing
2026-04-21 22:49:08 +00:00

132 lines
5.0 KiB
Plaintext
Executable File
Raw Blame History

# Caddy Proxy Manager Environment Configuration
# Copy this file to .env and update with your secure values
# IMPORTANT: chmod 600 .env after creating it
# =============================================================================
# REQUIRED SECURITY SETTINGS (PRODUCTION)
# =============================================================================
# Session Secret (REQUIRED)
# Generate with: openssl rand -base64 32
# Must be at least 32 characters in production
SESSION_SECRET=your-secure-session-secret-here-min-32-chars
# Admin Credentials (REQUIRED)
# USERNAME: Any username (e.g., "admin" is fine)
# PASSWORD: Must be 12+ characters with:
# - Uppercase letters (A-Z)
# - Lowercase letters (a-z)
# - Numbers (0-9)
# - Special characters (!@#$%^&* etc.)
ADMIN_USERNAME=admin
ADMIN_PASSWORD=Your-Secure-P@ssw0rd-Here!
# =============================================================================
# APPLICATION CONFIGURATION
# =============================================================================
# Public base URL for the application (IMPORTANT!)
# This is the URL where users access your Caddy Proxy Manager interface.
#
# ** REQUIRED FOR OAUTH: If using OAuth2/OIDC authentication, this MUST match
# the redirect URI configured in your OAuth provider exactly.
# The redirect URI will be: {BASE_URL}/api/auth/callback/oauth2
#
# Examples:
# - Local development: http://localhost:3000
# - Production with domain: https://caddy-manager.example.com
# - Production with IP: http://192.168.1.100:3000
#
# IMPORTANT: Do not include a trailing slash
BASE_URL=http://localhost:3000
# =============================================================================
# ROOTLESS OPERATION (OPTIONAL)
# =============================================================================
# User and Group IDs for running containers as non-root
# Set these to match your host user to avoid permission issues with volumes
# Find your UID/GID with: id -u / id -g
#
# Defaults:
# - Web service: PUID=10001, PGID=10001
# - Caddy service: PUID=10000, PGID=10000
#
# For matching your host user (recommended for development):
# PUID=1000
# PGID=1000
# =============================================================================
# OAUTH2/OIDC AUTHENTICATION (OPTIONAL)
# =============================================================================
# OAuth2/OIDC Provider (works with Authentik, Authelia, Keycloak, etc.)
# Enable OAuth2 authentication with any OIDC-compliant provider
OAUTH_ENABLED=false
OAUTH_PROVIDER_NAME=OAuth2 # Display name (e.g., "Authentik", "Keycloak")
OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
OAUTH_ISSUER= # OIDC discovery URL (e.g., https://auth.example.com/application/o/app/)
# Optional: Override auto-discovered URLs (only if OIDC discovery doesn't work)
# OAUTH_AUTHORIZATION_URL=
# OAUTH_TOKEN_URL=
# OAUTH_USERINFO_URL=
# OAuth Settings
OAUTH_ALLOW_AUTO_LINKING=false # Auto-link OAuth to accounts without passwords
# Example for Authentik:
# OAUTH_ENABLED=true
# OAUTH_PROVIDER_NAME=Authentik
# OAUTH_CLIENT_ID=your-client-id
# OAUTH_CLIENT_SECRET=your-client-secret
# OAUTH_ISSUER=https://auth.example.com/application/o/caddy-proxy/
#
# IMPORTANT: Configure the redirect URI in your OAuth provider:
# Redirect URI = {BASE_URL}/api/auth/callback/oauth2
# Example: http://localhost:3000/api/auth/callback/oauth2
# or: https://caddy-manager.example.com/api/auth/callback/oauth2
# =============================================================================
# OPTIONAL: ADVANCED CONFIGURATION
# =============================================================================
# Database configuration (usually no need to change)
# DATABASE_URL=file:/app/data/caddy-proxy-manager.db
# Caddy Admin API endpoint (usually no need to change)
# CADDY_API_URL=http://caddy:2019
# Certificate storage directory (usually no need to change)
# CERTS_DIRECTORY=./data/certs
# Login rate limiting (optional, for custom rate limit settings)
# LOGIN_MAX_ATTEMPTS=5
# LOGIN_WINDOW_MS=300000
# LOGIN_BLOCK_MS=900000
# =============================================================================
# CLICKHOUSE ANALYTICS (OPTIONAL)
# =============================================================================
# ClickHouse is used for analytics data (traffic events, WAF events).
# Data is automatically retained for 90 days via ClickHouse TTL.
# CLICKHOUSE_PASSWORD is required — generate with: openssl rand -base64 32
CLICKHOUSE_PASSWORD=your-clickhouse-password-here
# CLICKHOUSE_URL=http://clickhouse:8123
# CLICKHOUSE_USER=cpm
# CLICKHOUSE_DB=analytics
# =============================================================================
# GEOIP UPDATE (OPTIONAL)
# =============================================================================
# GeoIP Update (Optional - for geoblocking support)
# To enable the geoipupdate container, set COMPOSE_PROFILES=geoipupdate
# Get credentials at: https://www.maxmind.com/en/geolite2/signup
COMPOSE_PROFILES=
GEOIPUPDATE_ACCOUNT_ID=
GEOIPUPDATE_LICENSE_KEY=
Reference in New Issue View Git Blame Copy Permalink