akanealw/proxyserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

copied folder

Browse Source
This commit is contained in:
akanealw
2025-03-24 14:58:50 -05:00
parent 4b3266401a
commit 3f596fb191
4 changed files with 273 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
reverseproxy/.env Normal file
View File

@@ -0,0 +1,18 @@
TZ=America/Chicago
POSTGRES_PASSWORD=nu8Vohx1ot1eesoono5teshu6bohn9eiteich6Bu
AUTHENTIK_SECRET_KEY=0KGwGINtIe3PE7h1RR+CF/n+6hm6BiD1YjD31BBpqoA=
# SMTP Host Emails are sent to
AUTHENTIK_EMAIL__HOST=smtp.gmail.com
AUTHENTIK_EMAIL__PORT=587
# Optionally authenticate (don't add quotation marks to your password)
AUTHENTIK_EMAIL__USERNAME=akanealw@gmail.com
AUTHENTIK_EMAIL__PASSWORD=jaflkfakjfkljkd
# Use StartTLS
AUTHENTIK_EMAIL__USE_TLS=true
# Use SSL
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=10
# Email address authentik will send from, should have a correct @domain
AUTHENTIK_EMAIL__FROM=akanealw@gmail.com

8
reverseproxy/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM caddy:builder AS builder
RUN caddy-builder \
github.com/caddy-dns/cloudflare
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

125
reverseproxy/caddy/Caddyfile Normal file
View File

@@ -0,0 +1,125 @@
# --------------------------------------------------
# global options
# --------------------------------------------------
{
acme_dns cloudflare {env.DNS_PROVIDER_TOKEN}
# log {
# output file caddy.log
# level info
# }
}
# --------------------------------------------------
# auth snippet for authentik
# --------------------------------------------------
(auth) {
reverse_proxy /outpost.goauthentik.io/* authentik-server:9000
forward_auth authentik-server:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
}
}
# --------------------------------------------------
# akanealw2.com root domain
# --------------------------------------------------
akanealw2.com {
@homepage host akanealw2.com
handle @homepage {
import auth
reverse_proxy 192.168.1.30:3005
}
}
# --------------------------------------------------
# authentik subdomain
# --------------------------------------------------
authentik.akanealw2.com {
reverse_proxy authentik-server:9000
}
# --------------------------------------------------
# *.akanealw2.com subdomains
# --------------------------------------------------
*.akanealw2.com {
# --------------------------------------------------
# internal only subdomains
# --------------------------------------------------
@allowed client_ip private_ranges
@dockge host dockge.akanealw2.com
handle @dockge {
handle @allowed {
reverse_proxy dockge:5001
}
respond "ip range not allowed"
}
@dozzle host dozzle.akanealw2.com
handle @dozzle {
handle @allowed {
reverse_proxy dozzle:8080
}
respond "ip range not allowed"
}
@adguard1 host adguard1.akanealw2.com
handle @adguard1 {
handle @allowed {
reverse_proxy 192.168.1.2:80
}
respond "ip range not allowed"
}
# --------------------------------------------------
# external subdomains
# --------------------------------------------------
@adguard2 host adguard2.akanealw2.com
handle @adguard2 {
import auth
reverse_proxy 192.168.1.3:80
}
@filebrowser host filebrowser.akanealw2.com
handle @filebrowser {
import auth
reverse_proxy 192.168.1.30:8484
}
}
# --------------------------------------------------
# akanealw3.com root domain
# --------------------------------------------------
akanealw3.com {
@shlink host akanealw3.com
handle @shlink {
reverse_proxy 192.168.1.30:8380
}
}
# --------------------------------------------------
# *.akanealw3.com subdomains
# --------------------------------------------------
repo.akanealw3.com {
tls {
dns cloudflare {env.DNS_PROVIDER_TOKEN}
}
reverse_proxy 192.168.1.50:3000
}
}

122
reverseproxy/compose.yml Normal file
View File

@@ -0,0 +1,122 @@
services:
authentik-server:
image: ghcr.io/goauthentik/server:2025.2.2
container_name: authentik-server
command: server
environment:
- AUTHENTIK_REDIS__HOST=authentik-redis
- AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
- AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
- AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
- AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
- AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
- AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
- AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
networks:
- reverseproxy
- authentik
volumes:
- ./authentik/media:/media
- ./authentik/custom-templates:/templates
depends_on:
- authentik-postgres
- authentik-redis
restart: unless-stopped
authentik-worker:
image: ghcr.io/goauthentik/server:2025.2.2
container_name: authentik-worker
command: worker
environment:
- AUTHENTIK_REDIS__HOST=authentik-redis
- AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
- AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
- AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
- AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
- AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
- AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
- AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
networks:
- reverseproxy
- authentik
user: root
volumes:
- /run/docker.sock:/run/docker.sock
- ./authentik/media:/media
- ./authentik/certs:/certs
- ./authentik/custom-templates:/templates
depends_on:
- authentik-postgres
- authentik-redis
restart: unless-stopped
authentik-redis:
image: docker.io/library/redis:7.4.2
container_name: authentik-redis
command: --save 60 1 --loglevel warning
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
networks:
- authentik
volumes:
- ./authentik/redis:/data
restart: unless-stopped
authentik-postgres:
image: docker.io/library/postgres:17.4
container_name: authentik-postgres
environment:
- POSTGRES_USER=authentik
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=authentik
- TZ=${TZ}
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U "authentik"']
start_period: 30s
interval: 10s
timeout: 10s
retries: 5
networks:
- authentik
volumes:
- ./authentik/postgres:/var/lib/postgresql/data
restart: unless-stopped
caddy:
container_name: caddy
build: .
environment:
- DNS_PROVIDER_TOKEN=W9UJpmPDDG-kT9RlgRIUjuptTm-xkGcajvzYjpzb
security_opt:
- no-new-privileges:true
networks:
- reverseproxy
ports:
- 80:80
- 443:443
volumes:
- ./caddy/data:/data
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/logs:/srv/
restart: unless-stopped
networks:
authentik:
reverseproxy:
external: true