diff --git a/roles/authentik/templates/authentik.caddy.j2 b/roles/authentik/templates/authentik.caddy.j2 index dda6b6e..1cc955b 100644 --- a/roles/authentik/templates/authentik.caddy.j2 +++ b/roles/authentik/templates/authentik.caddy.j2 @@ -1,6 +1,6 @@ # Authentik Authentication Service {{ authentik_domain }} { - reverse_proxy http://{{ authentik_bind_address }}:{{ authentik_http_port }} { + reverse_proxy http://127.0.0.1:{{ authentik_http_port }} { header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-Proto https @@ -19,7 +19,7 @@ # Authentik-specific paths handle_path /outpost.goauthentik.io/* { - reverse_proxy http://{{ authentik_bind_address }}:{{ authentik_http_port }} + reverse_proxy http://127.0.0.1:{{ authentik_http_port }} } # Logging diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml index ef0c46c..2bd5638 100644 --- a/roles/caddy/tasks/main.yml +++ b/roles/caddy/tasks/main.yml @@ -8,7 +8,6 @@ register: caddy_version_check failed_when: false changed_when: false - when: dns_challenge_needed | bool - name: Check if installed Caddy has Cloudflare plugin command: /usr/bin/caddy list-modules --packages @@ -21,7 +20,9 @@ pacman: name: caddy state: present - when: not dns_challenge_needed and not caddy_version_check | bool + when: + - not dns_challenge_needed + - caddy_version_check.rc != 0 notify: restart caddy - name: Download Caddy with Cloudflare plugin (if DNS challenge needed) @@ -40,13 +41,16 @@ mode: '0755' remote_src: yes backup: yes - when: dns_challenge_needed and caddy_version_check | bool + when: + - dns_challenge_needed | bool + - caddy_version_check.rc != 0 or 'github.com/caddy-dns/cloudflare' not in caddy_modules_check.stdout | default('') notify: restart caddy - name: Clean up temporary Caddy binary file: path: /tmp/caddy-with-cloudflare state: absent + when: dns_challenge_needed | bool - name: Create caddy user and group user: