akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
785cfb6cc559d69adfa64853567eb216b1acdc53
caddy-proxy-manager/.env.example
T
fuomag9 b9a88c4330 fix: remove ACME cert scanning to eliminate caddy-data permission issue (#88) 
Caddy's certmagic creates storage dirs with hardcoded 0700 permissions,
making the web container's supplementary group membership ineffective.
Rather than working around this with ACLs or chmod hacks, remove the
feature entirely — it was cosmetic (issuer/expiry display) for certs
that Caddy auto-manages anyway.

Also bump access list dropdown timeout from 5s to 10s to fix flaky E2E test.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-03 12:34:18 +02:00

120 lines
4.5 KiB
Bash
Raw Blame History

# Caddy Proxy Manager Environment Configuration
# Copy this file to .env and update with your secure values
# IMPORTANT: chmod 600 .env after creating it
# =============================================================================
# REQUIRED SECURITY SETTINGS (PRODUCTION)
# =============================================================================
# Session Secret (REQUIRED)
# Generate with: openssl rand -base64 32
# Must be at least 32 characters in production
SESSION_SECRET=your-secure-session-secret-here-min-32-chars
# Admin Credentials (REQUIRED)
# USERNAME: Any username (e.g., "admin" is fine)
# PASSWORD: Must be 12+ characters with:
# - Uppercase letters (A-Z)
# - Lowercase letters (a-z)
# - Numbers (0-9)
# - Special characters (!@#$%^&* etc.)
ADMIN_USERNAME=admin
ADMIN_PASSWORD=Your-Secure-P@ssw0rd-Here!
# =============================================================================
# APPLICATION CONFIGURATION
# =============================================================================
# Public base URL for the application (IMPORTANT!)
# This is the URL where users access your Caddy Proxy Manager interface.
#
# ** REQUIRED FOR OAUTH: If using OAuth2/OIDC authentication, this MUST match
# the redirect URI configured in your OAuth provider exactly.
# The redirect URI will be: {BASE_URL}/api/auth/callback/oauth2
#
# Examples:
# - Local development: http://localhost:3000
# - Production with domain: https://caddy-manager.example.com
# - Production with IP: http://192.168.1.100:3000
#
# IMPORTANT: Do not include a trailing slash
BASE_URL=http://localhost:3000
# =============================================================================
# ROOTLESS OPERATION (OPTIONAL)
# =============================================================================
# User and Group IDs for running containers as non-root
# Set these to match your host user to avoid permission issues with volumes
# Find your UID/GID with: id -u / id -g
#
# Defaults:
# - Web service: PUID=10001, PGID=10001
# - Caddy service: PUID=10000, PGID=10000
#
# For matching your host user (recommended for development):
# PUID=1000
# PGID=1000
# =============================================================================
# OAUTH2/OIDC AUTHENTICATION (OPTIONAL)
# =============================================================================
# OAuth2/OIDC Provider (works with Authentik, Authelia, Keycloak, etc.)
# Enable OAuth2 authentication with any OIDC-compliant provider
OAUTH_ENABLED=false
OAUTH_PROVIDER_NAME=OAuth2 # Display name (e.g., "Authentik", "Keycloak")
OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
OAUTH_ISSUER= # OIDC discovery URL (e.g., https://auth.example.com/application/o/app/)
# Optional: Override auto-discovered URLs (only if OIDC discovery doesn't work)
# OAUTH_AUTHORIZATION_URL=
# OAUTH_TOKEN_URL=
# OAUTH_USERINFO_URL=
# OAuth Settings
OAUTH_ALLOW_AUTO_LINKING=false # Auto-link OAuth to accounts without passwords
# Example for Authentik:
# OAUTH_ENABLED=true
# OAUTH_PROVIDER_NAME=Authentik
# OAUTH_CLIENT_ID=your-client-id
# OAUTH_CLIENT_SECRET=your-client-secret
# OAUTH_ISSUER=https://auth.example.com/application/o/caddy-proxy/
#
# IMPORTANT: Configure the redirect URI in your OAuth provider:
# Redirect URI = {BASE_URL}/api/auth/callback/oauth2
# Example: http://localhost:3000/api/auth/callback/oauth2
# or: https://caddy-manager.example.com/api/auth/callback/oauth2
# =============================================================================
# OPTIONAL: ADVANCED CONFIGURATION
# =============================================================================
# Database configuration (usually no need to change)
# DATABASE_URL=file:/app/data/caddy-proxy-manager.db
# Caddy Admin API endpoint (usually no need to change)
# CADDY_API_URL=http://caddy:2019
# Certificate storage directory (usually no need to change)
# CERTS_DIRECTORY=./data/certs
# Login rate limiting (optional, for custom rate limit settings)
# LOGIN_MAX_ATTEMPTS=5
# LOGIN_WINDOW_MS=300000
# LOGIN_BLOCK_MS=900000
# =============================================================================
# GEOIP UPDATE (OPTIONAL)
# =============================================================================
# GeoIP Update (Optional - for geoblocking support)
# To enable the geoipupdate container, set COMPOSE_PROFILES=geoipupdate
# Get credentials at: https://www.maxmind.com/en/geolite2/signup
COMPOSE_PROFILES=
GEOIPUPDATE_ACCOUNT_ID=
GEOIPUPDATE_LICENSE_KEY=
Reference in New Issue View Git Blame Copy Permalink