Skip to content

Instantly share code, notes, and snippets.

@Nicarim

Nicarim/Caddyfile

Created February 19, 2022 21:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Nicarim/0f2309209f2242f58a42881cf70222db to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Nicarim/0f2309209f2242f58a42881cf70222db to your computer and use it in GitHub Desktop.
Download ZIP
caddy LDAP paperless using remote-user auth proxy (DEVELOPMENT version)
Raw
Caddyfile
{
http_port 8080
https_port 8443
debug
order authenticate before respond
security {
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify "test"
backends {
ldap_backend {
method ldap
realm localhost
servers {
ldap://127.0.0.1:389 posix_groups
}
attributes {
name cn
surname sn
username cn
member_of memberOf
email mail
}
username "cn=admin,dc=example,dc=org"
password "admin"
search_base_dn "dc=example,dc=org"
search_filter "(&(|(uid=%s)(cn=%s))(objectclass=person))"
groups {
"ou=groupper,dc=example,dc=org" admin
}
}
}
}
authorization policy mypolicy {
set auth url /auth/
crypto key verify "test"
inject header Remote-User from sub
allow roles admin
}
}
}
localhost:8080 {
route /auth/* {
authenticate * with myportal
}
route /api* {
authorize with mypolicy
reverse_proxy http://localhost:8000
}
route /admin* {
authorize with mypolicy
reverse_proxy http://localhost:8000
}
route /static* {
authorize with mypolicy
reverse_proxy http://localhost:8000
}
route /accounts* {
authorize with mypolicy
reverse_proxy http://localhost:8000
}
route {
authorize with mypolicy
reverse_proxy http://localhost:4200
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment