Commit d5b251e
Changed files (2)
root
etc
caddy
systemd
system
root/etc/caddy/Caddyfile
@@ -1,7 +1,7 @@
{
debug
- # Configure caddy-security.
+ # Configure caddy-security.
order authenticate before respond
security {
oauth identity provider generic {
@@ -9,7 +9,7 @@
realm generic
driver generic
# TODO: get values from environemnt variables
- client_id 9cc959e7-64cc-429a-8a5e-763e97308698
+ client_id 9cc959e7-64cc-429a-8a5e-763e97308698
client_secret UwtIJ3nhcXzpixfwzyOp9Z07eiHbsu6U
scopes openid email profile
base_auth_url https://id.trustme.click
@@ -34,8 +34,6 @@
}
}
-
-
trustme.click, *.trustme.click {
tls /etc/ssl/certs/trustme.click.crt /etc/ssl/private/trustme.click.key
respond "{host} reached"
@@ -48,7 +46,7 @@ id.trustme.click {
secure.trustme.click {
@auth {
path /caddy-security/*
- }
+ }
route @auth {
authenticate with myportal
@@ -59,3 +57,22 @@ secure.trustme.click {
respond "login {host} reached"
}
}
+
+ttyd.trustme.click {
+ @auth {
+ path /caddy-security/*
+ }
+
+ route @auth {
+ authenticate with myportal
+ }
+
+ route /* {
+ authorize with mypolicy
+ reverse_proxy unix//run/ttyd/ttyd.sock {
+ header_up Host {host}
+ header_up X-Forwarded-Proto {scheme}
+ header_up X-Forwarded-For {remote_host}
+ }
+ }
+}
root/etc/systemd/system/ttyd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=ttyd
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/ttyd --interface /run/ttyd/ttyd.sock --writable --cwd /home/linuxuser /bin/bash
+User=linuxuser
+Group=linuxuser
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+