Joakim
30a882b1e1
- Fix authentik Caddy template to use localhost instead of variable for consistency - Improve Caddy installation logic with better conditional checks - Fix version checking and plugin detection for more reliable deployments - Add cleanup task condition for DNS challenge installations These changes improve deployment reliability and consistency.
32 lines
905 B
Django/Jinja
32 lines
905 B
Django/Jinja
# Authentik Authentication Service
|
|
{{ authentik_domain }} {
|
|
reverse_proxy http://127.0.0.1:{{ authentik_http_port }} {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-Proto https
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Forwarded-Host {host}
|
|
}
|
|
|
|
# Security headers
|
|
header {
|
|
X-Frame-Options SAMEORIGIN
|
|
X-Content-Type-Options nosniff
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Authentik-specific paths
|
|
handle_path /outpost.goauthentik.io/* {
|
|
reverse_proxy http://127.0.0.1:{{ authentik_http_port }}
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file {{ caddy_log_dir }}/authentik.log
|
|
level INFO
|
|
format json
|
|
}
|
|
}
|