From 58c09ed6333637bde0a90454a755bf5564ffb388 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Thu, 20 Mar 2025 12:52:46 +0100 Subject: [PATCH] proxy auth for unsecured apps --- proxy/Caddyfile | 24 +++++++++++++++++++++--- torrent/docker-compose.yaml | 2 -- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/proxy/Caddyfile b/proxy/Caddyfile index d723d79..b8de824 100644 --- a/proxy/Caddyfile +++ b/proxy/Caddyfile @@ -6,6 +6,15 @@ } } +(proxy-auth) { + reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000 + forward_auth http://authentik-server:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version + trusted_proxies private_ranges + } +} + *.{$DOMAIN} { tls { dns netcup { @@ -21,7 +30,10 @@ @whoami host whoami.{$DOMAIN} handle @whoami { - reverse_proxy whoami:80 + route { + import proxy-auth + reverse_proxy whoami:80 + } } @dashboard host dashboard.{$DOMAIN} @@ -37,7 +49,10 @@ @zigbee2mqtt host zigbee2mqtt.{$DOMAIN} handle @zigbee2mqtt { - reverse_proxy zigbee2mqtt:8080 + route { + import proxy-auth + reverse_proxy zigbee2mqtt:8080 + } } @jellyfin host jellyfin.{$DOMAIN} @@ -62,7 +77,10 @@ @torrent host torrent.{$DOMAIN} handle @torrent { - reverse_proxy transmission:9091 + route { + import proxy-auth + reverse_proxy transmission:9091 + } } @auth host auth.{$DOMAIN} diff --git a/torrent/docker-compose.yaml b/torrent/docker-compose.yaml index f5b6923..72d8c9b 100644 --- a/torrent/docker-compose.yaml +++ b/torrent/docker-compose.yaml @@ -4,8 +4,6 @@ services: image: lscr.io/linuxserver/transmission:${TRANSMISSION_VERSION} environment: - TZ=Etc/UTC - - USER=${USERNAME} - - PASS=${PASSWORD} volumes: - ${VOLUMES_PATH}/torrent/transmission:/config - ${DOWNLOAD_PATH}:/downloads