moved caddy to proxyserver

caddy/.env

@@ -0,0 +1,4 @@
+EMAIL=akanealw@gmail.com           # Your email for SSL cert
+CF_API_TOKEN=vGUPDgbV_61VAAnDV352Y4qTadmHf2m5ltJWFf-U # Get your token from Cloudflare
+AUTH_HOST_INTERNAL=authelia:9091       # Authelia container name and port
+AUTH_HOST_EXTERNAL=auth.akanealw2.com    # Public facing domain of Authelia 

caddy/Dockerfile

@@ -0,0 +1,13 @@
+ARG CADDY_VERSION=2
+FROM caddy:${CADDY_VERSION}-builder AS builder
+
+# no need the "v2.9.0-beta.2" part after new version release
+RUN xcaddy build \ 
+    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
+    --with github.com/caddy-dns/cloudflare
+
+FROM caddy:${CADDY_VERSION}-alpine
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+
+CMD ["caddy", "docker-proxy"]

caddy/compose.yml

@@ -0,0 +1,134 @@
+networks:
+  authelia:
+    name: authelia
+  reverse-proxy:
+    name: reverse-proxy
+    external: true
+
+services:
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:latest
+    restart: unless-stopped
+    depends_on:
+      - postgres
+      - redis
+    volumes:
+      - ./config:/config
+    networks:
+      - reverse-proxy
+      - authelia
+    expose:
+      - 9091
+    environment:
+      AUTHELIA_JWT_SECRET_FILE: /config/secrets/JWT_SECRET
+      AUTHELIA_SESSION_SECRET_FILE: /config/secrets/SESSION_SECRET
+      AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /config/secrets/SMTP_PASSWORD
+      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /config/secrets/STORAGE_ENCRYPTION_KEY
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /config/secrets/STORAGE_PASSWORD
+      AUTHELIA_SESSION_REDIS_PASSWORD_FILE: /config/secrets/REDIS_PASSWORD
+    labels:
+      caddy: auth.akanealw2.com                    # Public facing subdomain of Authelia
+      caddy.reverse_proxy: "{{upstreams 9091}}"  # Authelia container port
+
+  postgres:
+    container_name: postgres
+    image: postgres:15
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    networks:
+      - authelia
+    environment:
+      POSTGRES_USER: "authelia"
+      POSTGRES_PASSWORD: "8RXS4KPhejCw7OaqrtOhdgaUN4k9rPOcK4sUDBvIQ6q8BDNFWo4l47RXtY7Itkic"
+
+  redis:
+    container_name: redis
+    image: redis:7
+    networks:
+      - authelia
+    restart: unless-stopped
+    command: "redis-server --save 60 1 --loglevel warning --requirepass t7SxQuf48cUu1XLBNKLbWGBJzEUSMnaWMd9a1QRqoXyhajcPQObfX0so9M2Mklxn"
+    volumes:
+      - ./redis:/data
+
+  caddy:
+    container_name: caddy
+    build: .
+    restart: always
+    environment:
+      CADDY_INGRESS_NETWORKS: reverse-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./caddy/data:/data/caddy
+      - ./caddy/config:/config/caddy
+    networks:
+      - reverse-proxy
+    ports:
+      - 80:80
+      - 443:443
+    extra_hosts:
+      - host.docker.internal:host-gateway
+
+  caddy-config:
+    container_name: caddy-config
+    image: traefik/whoami:latest
+    networks:
+      - reverse-proxy
+    restart: always
+    labels:
+    #############################################
+    # Settings and snippets to get things working
+    # You shouldn't need to modify this normally
+    # Custom settings and definitions are below
+    #############################################
+
+      #### Global Settings ####
+      caddy_0.email: akanealw@gmail.com
+      caddy_0.auto_https: prefer_wildcard
+
+      #### Snippets ####
+      # Get wildcard certificate
+      caddy_1: (wildcard)
+      caddy_1.tls.dns: "cloudflare vGUPDgbV_61VAAnDV352Y4qTadmHf2m5ltJWFf-U"
+      caddy_1.tls.resolvers: 1.1.1.1 1.0.0.1
+      caddy_1.handle.abort: ""
+
+      # Secure a site with Authelia
+      caddy_2: (auth)
+      caddy_2.forward_auth: "authelia:9091"
+      caddy_2.forward_auth.uri: /api/verify?rd=https://auth.akanealw2.com
+      caddy_2.forward_auth.copy_headers : Remote-User Remote-Groups Remote-Name Remote-Email
+
+      # Skip TLS verify for backend with self-signed HTTPS
+      caddy_3: (https)
+      caddy_3.transport: http
+      caddy_3.transport.tls: ""
+      caddy_3.transport.tls_insecure_skip_verify: ""
+
+    ###########################################
+    # Custom settings. Modify things below :
+    # Make sure they have unique label numbers
+    ###########################################
+
+      # Custom global settings, add/edit as needed
+      # caddy_0.log: default
+      # caddy_0.log.format: console
+
+      # Uncomment this during testing to avoid hitting rate limit.
+      # It will try to obtain SSL from Let's Encrypt's staging endpoint.
+      # acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" #  Staging
+
+      ## Setup wildcard sites
+      caddy_10: "*.akanealw2.com"   # Change to your domain
+      caddy_10.import: wildcard
+
+      # Add our first site, which this container itself
+      caddy_20: whoami.akanealw2.com                       # Subdomain using wildcard cert
+      caddy_20.reverse_proxy: "{{upstreams 80}}"         # Container port
+      caddy_20.import: auth                              # Enable protection by Authelia
+
+      caddy_100: akanealw2.com                      # Subdomain using wildcard cert
+      caddy_100.reverse_proxy: 192.168.1.30:3005            # LAN IP and port
+      caddy_100.import: auth                             # Enable protection by Authelia

caddy/config/configuration.yml

@@ -0,0 +1,46 @@
+# Miscellaneous https://www.authelia.com/configuration/miscellaneous/introduction/
+# Set also AUTHELIA_JWT_SECRET_FILE
+theme: auto
+default_redirection_url: https://auth.akanealw2.com/ # Change me!
+
+# First Factor https://www.authelia.com/configuration/first-factor/file/
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+
+# Second Factor https://www.authelia.com/configuration/second-factor/introduction/
+totp:
+  issuer: akanealw2.com # Change me!
+
+# Security https://www.authelia.com/configuration/security/access-control/
+access_control:
+  default_policy: two_factor
+
+# Session https://www.authelia.com/configuration/session/introduction/
+# Set also AUTHELIA_SESSION_SECRET_FILE
+session:
+  domain: akanealw2.com # Change me!
+
+  # https://www.authelia.com/configuration/session/redis/
+  # Set also AUTHELIA_SESSION_REDIS_PASSWORD_FILE if appropriate
+  redis:
+    host: redis
+    port: 6379
+
+# Storage https://www.authelia.com/configuration/storage/postgres/
+# Set also AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
+# Set also AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE
+storage:
+  postgres:
+    host: postgres
+    database: authelia
+    username: authelia
+
+# SMTP Notifier https://www.authelia.com/configuration/notifications/smtp/
+# Set also AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+notifier:
+  smtp:
+    host: smtp.gmail.com                     # Change me!
+    port: 587                                  # Change me!
+    username: akanealw@gmail.com                  # Change me!
+    sender: "Authelia <akanealw@gmail.com>"  # Change me!

caddy/config/secrets/JWT_SECRET

@@ -0,0 +1 @@
+4zCkp6VWUWwY4PDDN5olunCT98xWIl2RoVEnUjdKcM18GtcKDmjY8fRD795H8oxo

caddy/config/secrets/REDIS_PASSWORD

@@ -0,0 +1 @@
+t7SxQuf48cUu1XLBNKLbWGBJzEUSMnaWMd9a1QRqoXyhajcPQObfX0so9M2Mklxn

caddy/config/secrets/SESSION_SECRET

@@ -0,0 +1 @@
+eht7lOozIpqlshLWpVuSkrV6mDn71qGTmzZSRplCTLC5oXrfvOna9vNJYcYgDeRV

caddy/config/secrets/SMTP_PASSWORD

@@ -0,0 +1 @@
+ifisridbjcnsrgat

caddy/config/secrets/STORAGE_ENCRYPTION_KEY

@@ -0,0 +1 @@
+P2zLfIArLigGjJkCmM9SBtt8I4xwNdJJrVK8eVU1D8eNzhLcaw4yNLiRGyYaGOha

caddy/config/secrets/STORAGE_PASSWORD

@@ -0,0 +1 @@
+8RXS4KPhejCw7OaqrtOhdgaUN4k9rPOcK4sUDBvIQ6q8BDNFWo4l47RXtY7Itkic

caddy/config/users_database.yml

@@ -0,0 +1,8 @@
+# User file database https://www.authelia.com/reference/guides/passwords/#yaml-format
+# Generate passwords https://www.authelia.com/reference/guides/passwords/#passwords
+# docker run --rm -it authelia/authelia:latest authelia crypto hash generate argon2
+users:
+    akanealw:
+        password: $argon2id$v=19$m=65536,t=3,p=4$qZQtuOoVQp0+M0NHWarIxQ$tdAdmJK6KB0Z5ngDyoCPu2YD/wDFlHgBSbgt/5WqVYY
+        displayname: "akanealw"
+        email: akanealw@gmail.com