Comments (8)
jmattheis
commented on May 24, 2024
Post your full caddy config.
from server.
joshoram80
commented on May 24, 2024
This is literally it, the rest is created at runtime by caddy-docker-proxy and labels, producing
gotify.my.domain {
reverse_proxy 172.25.0.11:80
}
or if I want Auth
service.my.domain {
import auth
reverse_proxy <container_ip>:<port>
}
(tls) {
import auth
tls {
dns cloudflare <token>
resolvers 1.1.1.1
}
}
(authentik) {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://authentik_server:9000 {
#header_up Host {http.reverse_proxy.upstream.hostport}
}
# forward authentication to outpost
forward_auth http://authentik_server:9000 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version authorization
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
}
(auth) {
@internal_network {
not remote_ip 192.168.0.0/24 172.25.0.0/24
}
handle @internal_network {
import authentik
}
}
my.domain {
import auth
reverse_proxy homepage:3000
}
Gotify is the only service I seem to have issues with. I did previously use Traefik and didn't have a problem, but i'm testing Caddy out as I may move everything over to it.
from server.
jmattheis
commented on May 24, 2024
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version authorization
Gotify uses the authorization header to transmit credentials for login. This setting overrides the authorization header with the header given by the forward auth server.
from server.
joshoram80
commented on May 24, 2024
Gotify is not including the (auth) snipper so that header should not be used.
from server.
jmattheis
commented on May 24, 2024
The (tls) isn't referenced in the config you listed, but it's likely used and it imports (auth). The simple examples listed in https://gotify.net/docs/caddy work fine. So must be related to your config.
from server.
joshoram80
commented on May 24, 2024
I'm not sure how it would be used for Gotify though. For other services, I use
- caddy.import=tls
in my docker compose file, but not for gotify. Would having it for another service somehow affect Gotify?
from server.
jmattheis
commented on May 24, 2024
I don't know the proxy you use. This config works fine.
$ docker network create caddy
version: "3.7"
services:
caddy:
image: lucaslorentz/caddy-docker-proxy:ci-alpine
ports:
- 8000:80
- 8443:443
networks:
- caddy
environment:
- CADDY_INGRESS_NETWORKS=caddy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- caddy_data:/data
restart: unless-stopped
gotify:
image: gotify/server:2.4.0
networks:
- caddy
labels:
caddy: http://localhost
caddy.reverse_proxy: "{{upstreams}}"
networks:
caddy:
external: true
volumes:
caddy_data: {}logs
gotify-1 | 2024-04-08T11:09:02Z | 200 | 89.739509ms | 172.24.0.1 | POST "/client"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 4.384848ms | 172.24.0.1 | GET "/current/user"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 246.072µs | 172.24.0.1 | GET "/stream?token=[masked]"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 366.304µs | 172.24.0.1 | GET "/application"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 521.115µs | 172.24.0.1 | GET "/message?since=0"
from server.
joshoram80
commented on May 24, 2024
That's the same one I use, but I have a caddy image with that proxy plugin,
as well as crowdsec and CloudFlare DNS built with xcaddy, and almost
exactly the same configuration. It has started to work now after restarting
all my containers. Maybe there was something being cached in the browser or
something, I'm not sure.
…On Mon, 8 Apr 2024, 9:18 pm Jannis Mattheis, ***@***.***> wrote:
I don't know the proxy you use. This config works fine.
$ docker network create caddy
version: "3.7"services:
caddy:
image: lucaslorentz/caddy-docker-proxy:ci-alpine
ports:
- 8000:80
- 8443:443
networks:
- caddy
environment:
- CADDY_INGRESS_NETWORKS=caddy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- caddy_data:/data
restart: unless-stopped
gotify:
image: gotify/server:2.4.0
networks:
- caddy
labels:
caddy: http://localhost
caddy.reverse_proxy: "{{upstreams}}"
networks:
caddy:
external: true
volumes:
caddy_data: {}
logs
gotify-1 | 2024-04-08T11:09:02Z | 200 | 89.739509ms | 172.24.0.1 | POST "/client"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 4.384848ms | 172.24.0.1 | GET "/current/user"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 246.072µs | 172.24.0.1 | GET "/stream?token=[masked]"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 366.304µs | 172.24.0.1 | GET "/application"
gotify-1 | 2024-04-08T11:09:02Z | 200 | 521.115µs | 172.24.0.1 | GET "/message?since=0"
—
Reply to this email directly, view it on GitHub
<#644 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAP7FG2RPWE5SOLOT7BISFTY4J4JHAVCNFSM6AAAAABF3WW4QGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANBSGQ4DMNJSGQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
from server.
Related Issues (20)
- Clickable notification title when click.url is set HOT 1
- Removal of disabled flag on Refresh button
- Can't get Apache 2.4.38 proxy with sub path to upgrade to websocket HOT 13
- Cannot login behind Traefik, but ip:port works fine HOT 4
- Unable to Login with default credentials HOT 4
- Assistance with json format for multiple message extras HOT 3
- Accept priority as string HOT 7
- Is it Possible to Only Use a URL to Forward Messages? HOT 2
- Use gotify as 2FA with messages extras HOT 1
- Configure app graylog to use gotify for notifcations HOT 5
- Filter by Message HOT 1
- Websocket stream per application HOT 1
- Support for X-Forwarded-Prefix HOT 2
- Android App Notification: Could not connect / Bad Request HOT 7
- curl syntax to verify application token HOT 3
- Plugins messages not displayed upon refresh of the message page, nor can they be deleted HOT 4
- Copy to clipboard not working with http HOT 1
- how about a new release? HOT 2
- [Enhancement]: Logging to show login attempts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.