37 lines
998 B
Caddyfile
37 lines
998 B
Caddyfile
localhost {
|
|
import auth/setup
|
|
# Only users with myapp:reports and auth admin permissions
|
|
handle_path /reports {
|
|
import auth/require perm=myapp:reports&perm=auth:admin
|
|
respond "Reports area (protected) for {http.request.header.remote-org-name}" 200
|
|
}
|
|
# Public paths (no auth)
|
|
@public path /favicon.ico /.well-known/*
|
|
handle @public {
|
|
root * /var/www/
|
|
file_server
|
|
}
|
|
# Respond with user's display name
|
|
handle_path /hello {
|
|
import auth/require ""
|
|
respond "Hello, {http.request.header.remote-name}! Your permissions: {http.request.header.remote-groups}" 200
|
|
}
|
|
# Default route, requires authentication but no authorization
|
|
handle {
|
|
import auth/require ""
|
|
reverse_proxy :3000
|
|
}
|
|
}
|
|
|
|
example.com {
|
|
# Public endpoints in handle blocks before auth
|
|
@public path /favicon.ico /.well-known/*
|
|
handle @public {
|
|
root * /var/www/
|
|
file_server
|
|
}
|
|
# The rest of the site protected, /auth/ reserved for auth service
|
|
import auth/all perm=auth:admin {
|
|
reverse_proxy :3000
|
|
}
|
|
} |