added caddy back for testing

caddy/Caddyfile

@@ -0,0 +1,69 @@
+{
+        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
+        auto_https prefer_wildcard
+        email akanealw@gmail.com
+}
+
+(secure) {
+  forward_auth "https://auth.akanealw.com" {
+    uri /api/verify?rd=https://auth.akanealw.com
+    copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+    header_up Host {upstream_hostport}
+  }
+}
+
+(https) {
+        transport http {
+                tls
+                tls_insecure_skip_verify
+        }
+}
+
+(wildcard-akanealw.com) {
+        handle {
+                abort
+        }
+        tls {
+                dns cloudflare cAPH9-QQPzljKAEMurHpRbJ2sS5DqPO1iWIuW8fq
+                resolvers 1.1.1.1 1.0.0.1
+        }
+}
+
+akanealw.com {
+        import secure *
+        reverse_proxy 192.168.1.30:3005
+}
+
+*.akanealw.com {
+        import wildcard-akanealw.com
+}
+
+auth.akanealw.com {
+        reverse_proxy upstream:9091
+}
+
+bitwarden.akanealw.com {
+        reverse_proxy 192.168.1.4:8089
+}
+
+codeserver.akanealw.com {
+        import secure *
+        reverse_proxy 192.168.1.50:3001
+}
+
+gitea-docker.akanealw.com {
+        reverse_proxy 192.168.1.4:3001
+}
+
+gitea.akanealw.com {
+        reverse_proxy 192.168.1.50:3000
+}
+
+linkwarden.akanealw.com {
+        reverse_proxy 192.168.1.4:3232
+}
+
+whoami.akanealw.com {
+        import secure *
+        reverse_proxy upstream:80
+}

caddy/Dockerfile

@@ -0,0 +1,22 @@
+FROM caddy:builder AS builder
+
+RUN caddy-builder \
+    github.com/caddy-dns/cloudflare
+
+FROM caddy:latest
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+
+# ARG CADDY_VERSION=2
+# FROM caddy:${CADDY_VERSION}-builder AS builder
+
+# no need the "v2.9.0-beta.2" part after new version release
+# RUN xcaddy build \ 
+    # --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
+    # --with github.com/caddy-dns/cloudflare
+
+# FROM caddy:${CADDY_VERSION}-alpine
+
+# COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+
+# CMD ["caddy", "docker-proxy"]

caddy/compose.yml

@@ -0,0 +1,163 @@
+networks:
+  authelia:
+    name: authelia
+  reverse-proxy:
+    name: reverse-proxy
+    external: true
+  # caddy:
+  #   name: caddy
+  #   external: true
+  # caddy_controller:
+  #   name: caddy_controller
+  #   external: true
+
+services:
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:latest
+    restart: unless-stopped
+    depends_on:
+      - postgres
+      - redis
+    volumes:
+      - ./config:/config
+    networks:
+      # - caddy
+      - authelia
+      - reverse-proxy
+    expose:
+      - 9091
+    environment:
+      AUTHELIA_JWT_SECRET_FILE: /config/secrets/JWT_SECRET
+      AUTHELIA_SESSION_SECRET_FILE: /config/secrets/SESSION_SECRET
+      AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /config/secrets/SMTP_PASSWORD
+      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /config/secrets/STORAGE_ENCRYPTION_KEY
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /config/secrets/STORAGE_PASSWORD
+      AUTHELIA_SESSION_REDIS_PASSWORD_FILE: /config/secrets/REDIS_PASSWORD
+    labels:
+      caddy_9091: auth.akanealw.com
+      caddy_9091.reverse_proxy: "{{upstreams 9091}}"
+
+  postgres:
+    container_name: postgres
+    image: postgres:15
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    networks:
+      - authelia
+    environment:
+      POSTGRES_USER: "authelia"
+      POSTGRES_PASSWORD: "8RXS4KPhejCw7OaqrtOhdgaUN4k9rPOcK4sUDBvIQ6q8BDNFWo4l47RXtY7Itkic"
+
+  redis:
+    container_name: redis
+    image: redis:7
+    networks:
+      - authelia
+    restart: unless-stopped
+    command: "redis-server --save 60 1 --loglevel warning --requirepass t7SxQuf48cUu1XLBNKLbWGBJzEUSMnaWMd9a1QRqoXyhajcPQObfX0so9M2Mklxn"
+    volumes:
+      - ./redis:/data
+
+  caddy:
+    container_name: caddy
+    build: .
+    restart: always
+    # environment:
+      # - CADDY_INGRESS_NETWORKS=caddy
+      # - CADDY_DOCKER_MODE=controller
+      # - CADDY_CONTROLLER_NETWORK=10.0.2.0/24
+    volumes:
+      # - /var/run/docker.sock:/var/run/docker.sock:ro
+      # - ./caddydata:/data/caddy
+      # - ./caddyconfig:/config/caddy
+      - ./data:/data
+      - ./Caddyfile:/etc/caddy/Caddyfile
+    networks:
+      - reverse-proxy
+      # - caddy
+      # - caddy_controller
+    ports:
+      - 80:80
+      - 443:443
+    # extra_hosts:
+    #   - host.docker.internal:host-gateway
+
+  # caddy-config:
+  #   container_name: caddy-config
+  #   image: traefik/whoami:latest
+  #   networks:
+  #     - caddy
+  #   restart: always
+  #   labels:
+  #   #############################################
+  #   # Settings and snippets to get things working
+  #   # You shouldn't need to modify this normally
+  #   # Custom settings and definitions are below
+  #   #############################################
+
+  #     #### Global Settings ####
+  #     caddy_0.email: akanealw@gmail.com
+  #     caddy_0.auto_https: prefer_wildcard
+
+  #     #### Snippets ####
+  #     # Get wildcard certificate
+  #     caddy_1: (wildcard)
+  #     caddy_1.tls.dns: "cloudflare cAPH9-QQPzljKAEMurHpRbJ2sS5DqPO1iWIuW8fq"
+  #     caddy_1.tls.resolvers: 1.1.1.1 1.0.0.1
+  #     caddy_1.handle.abort: ""
+
+  #     # Secure a site with Authelia
+  #     caddy_2: (auth)
+  #     caddy_2.forward_auth: "authelia:9091"
+  #     caddy_2.forward_auth.uri: /api/verify?rd=https://auth.akanealw.com
+  #     caddy_2.forward_auth.copy_headers : Remote-User Remote-Groups Remote-Name Remote-Email
+
+  #     # Skip TLS verify for backend with self-signed HTTPS
+  #     caddy_3: (https)
+  #     caddy_3.transport: http
+  #     caddy_3.transport.tls: ""
+  #     caddy_3.transport.tls_insecure_skip_verify: ""
+
+  #   ###########################################
+  #   # Custom settings. Modify things below :
+  #   # Make sure they have unique label numbers
+  #   ###########################################
+
+  #     # Custom global settings, add/edit as needed
+  #     # caddy_0.log: default
+  #     # caddy_0.log.format: console
+
+  #     # Uncomment this during testing to avoid hitting rate limit.
+  #     # It will try to obtain SSL from Let's Encrypt's staging endpoint.
+  #     acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" #  Staging
+
+  #     caddy_3005: akanealw.com
+  #     caddy_3005.reverse_proxy: 192.168.1.30:3005
+  #     caddy_3005.import: auth
+
+  #     ## Setup wildcard sites
+  #     caddy_10: "*.akanealw.com"
+  #     caddy_10.import: wildcard
+
+  #     ## Wildcard domains
+  #     caddy_20: whoami.akanealw.com
+  #     caddy_20.reverse_proxy: "{{upstreams 80}}"
+  #     caddy_20.import: auth
+
+  #     caddy_8089: bitwarden.akanealw.com
+  #     caddy_8089.reverse_proxy: 192.168.1.4:8089
+
+  #     caddy_3000: gitea.akanealw.com
+  #     caddy_3000.reverse_proxy: 192.168.1.50:3000
+      
+  #     caddy_3001: gitea-docker.akanealw.com
+  #     caddy_3001.reverse_proxy: 192.168.1.4:3001
+
+  #     caddy_3232: linkwarden.akanealw.com
+  #     caddy_3232.reverse_proxy: 192.168.1.4:3232
+
+  #     caddy_30012: codeserver.akanealw.com
+  #     caddy_30012.reverse_proxy: 192.168.1.50:3001
+  #     caddy_30012.import: auth

caddy/config/configuration.yml

@@ -0,0 +1,46 @@
+# Miscellaneous https://www.authelia.com/configuration/miscellaneous/introduction/
+# Set also AUTHELIA_JWT_SECRET_FILE
+theme: auto
+default_redirection_url: https://auth.akanealw.com/
+
+# First Factor https://www.authelia.com/configuration/first-factor/file/
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+
+# Second Factor https://www.authelia.com/configuration/second-factor/introduction/
+totp:
+  issuer: akanealw.com
+
+# Security https://www.authelia.com/configuration/security/access-control/
+access_control:
+  default_policy: two_factor
+
+# Session https://www.authelia.com/configuration/session/introduction/
+# Set also AUTHELIA_SESSION_SECRET_FILE
+session:
+  domain: akanealw.com
+
+  # https://www.authelia.com/configuration/session/redis/
+  # Set also AUTHELIA_SESSION_REDIS_PASSWORD_FILE if appropriate
+  redis:
+    host: redis
+    port: 6379
+
+# Storage https://www.authelia.com/configuration/storage/postgres/
+# Set also AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
+# Set also AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE
+storage:
+  postgres:
+    host: postgres
+    database: authelia
+    username: authelia
+
+# SMTP Notifier https://www.authelia.com/configuration/notifications/smtp/
+# Set also AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+notifier:
+  smtp:
+    host: smtp.gmail.com                     
+    port: 587                                  
+    username: akanealw@gmail.com                  
+    sender: "Authelia <akanealw@gmail.com>"  

caddy/config/secrets/JWT_SECRET

@@ -0,0 +1 @@
+4zCkp6VWUWwY4PDDN5olunCT98xWIl2RoVEnUjdKcM18GtcKDmjY8fRD795H8oxo

caddy/config/secrets/REDIS_PASSWORD

@@ -0,0 +1 @@
+t7SxQuf48cUu1XLBNKLbWGBJzEUSMnaWMd9a1QRqoXyhajcPQObfX0so9M2Mklxn

caddy/config/secrets/SESSION_SECRET

@@ -0,0 +1 @@
+eht7lOozIpqlshLWpVuSkrV6mDn71qGTmzZSRplCTLC5oXrfvOna9vNJYcYgDeRV

caddy/config/secrets/SMTP_PASSWORD

@@ -0,0 +1 @@
+ifisridbjcnsrgat

caddy/config/secrets/STORAGE_ENCRYPTION_KEY

@@ -0,0 +1 @@
+P2zLfIArLigGjJkCmM9SBtt8I4xwNdJJrVK8eVU1D8eNzhLcaw4yNLiRGyYaGOha

caddy/config/secrets/STORAGE_PASSWORD

@@ -0,0 +1 @@
+8RXS4KPhejCw7OaqrtOhdgaUN4k9rPOcK4sUDBvIQ6q8BDNFWo4l47RXtY7Itkic

caddy/config/users_database.yml

@@ -0,0 +1,8 @@
+# User file database https://www.authelia.com/reference/guides/passwords/#yaml-format
+# Generate passwords https://www.authelia.com/reference/guides/passwords/#passwords
+# docker run --rm -it authelia/authelia:latest authelia crypto hash generate argon2
+users:
+    akanealw:
+        password: $argon2id$v=19$m=65536,t=3,p=4$qZQtuOoVQp0+M0NHWarIxQ$tdAdmJK6KB0Z5ngDyoCPu2YD/wDFlHgBSbgt/5WqVYY
+        displayname: "akanealw"
+        email: akanealw@gmail.com