Backup_Repos/gossa
1
0
Fork 0
mirror of https://github.com/pldubouilh/gossa synced 2025-12-06 08:22:32 +01:00
Code Issues Projects Releases Wiki Activity

Update Caddyfile config examples to caddy v2

Browse source
This commit is contained in:
Valentin Heidelberger 2024-02-08 18:45:33 +01:00 committed by Pierre Dubouilh
parent b5505d4773
commit b92197cf0f
1 changed files with 89 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

118
support/readme.md
View file

@ -40,34 +40,65 @@ a docker-compose example image is also provided. running docker compose should b
## multi-account setup ## multi-account setup
authentication / user routing has been left out of the design of gossa, as simple tools are already available for this purpose. [caddy](https://caddyserver.com/v1/) is used here as an example, but other proxy can be used in a similar fashion. authentication / user routing has been left out of the design of gossa, as simple tools are already available for this purpose. [caddy](https://caddyserver.com) is used here as an example, but other proxy can be used in a similar fashion.
### example 1 root, multiple read-only users ### example 1 root, multiple read-only users
this sample caddy config will this sample caddy config will
+ enable https on the domain myserver.com + enable https on the domain myserver.com (http will be automatically redirected to https)
+ password protect the access + password protect the access
+ route the root user requests to 1 gossa instance + route the root user requests to 1 gossa instance
+ route user1 and user2 requests to a readonly gossa instance + route user1 and user2 requests to a readonly gossa instance
<details>
<summary>legacy caddy v1 config snippet</summary>
```sh
myserver.com
# proxy regular and read only instance
proxy / 127.0.0.1:8001
proxy /ro 127.0.0.1:8002 { without /ro }
# reroute non-root user to read-only
# cm9... is the output of `printf "root:password" | base64`
rewrite {
if {>Authorization} not "Basic cm9vdDpwYXNzd29yZA=="
to /ro/{path}
}
# gate access
basicauth / root password
basicauth / ro_user1 passworduser1
basicauth / ro_user2 passworduser2
```
</details>
Caddy v2 Caddyfile
```sh ```sh
myserver.com myserver.com
# proxy regular and read only instance # gate access
proxy / 127.0.0.1:8001 basicauth {
proxy /ro 127.0.0.1:8002 { without /ro } root $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG # password is "hiccup"
ro_user1 $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG # password is "hiccup"
# reroute non-root user to read-only ro_user2 $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG # password is "hiccup"
# cm9... is the output of `printf "root:password" | base64`
rewrite {
if {>Authorization} not "Basic cm9vdDpwYXNzd29yZA=="
to /ro/{path}
} }
# gate access # named matcher for root user
basicauth / root password @isroot {
basicauth / ro_user1 passworduser1 vars {http.auth.user.id} root
basicauth / ro_user2 passworduser2 }
# proxy regular and read only instance
handle @isroot {
reverse_proxy 127.0.0.1:8001
}
# route non-root user to read only instance
handle {
reverse_proxy 127.0.0.1:8002
}
``` ```
then simply start the 2 gossa instances, and caddy then simply start the 2 gossa instances, and caddy
@ -85,30 +116,59 @@ then simply start the 2 gossa instances, and caddy
### example 2 users on 2 different folders ### example 2 users on 2 different folders
this sample caddy config will this sample caddy v2 config will
+ enable https on the domain myserver.com + enable https on the domain myserver.com (http will be automatically redirected to https)
+ password protect the access + password protect the access
+ route user1 to own folder + route user1 to own folder
+ route user2 to own folder + route user2 to own folder
+ share a folder between 2 users with a symlink + share a folder between 2 users with a symlink
<details>
<summary>Legacy Caddy v1 Caddyfile</summary>
```sh
myserver.com
proxy /user1 127.0.0.1:8001 { without /user1 }
proxy /user2 127.0.0.1:8002 { without /user2 }
basicauth / user1 passworduser1
basicauth / user2 passworduser2
rewrite {
if {>Authorization} is "Basic dXNlcjE6cGFzc3dvcmR1c2VyMQ=="
to /user1/{path}
}
rewrite {
if {>Authorization} is "Basic dXNlcjI6cGFzc3dvcmR1c2VyMg=="
to /user2/{path}
}
```
</details>
Caddy v2 Caddyfile
```sh ```sh
myserver.com myserver.com
proxy /user1 127.0.0.1:8001 { without /user1 } basicauth {
proxy /user2 127.0.0.1:8002 { without /user2 } user1 $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG # password is "hiccup"
user2 $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG # password is "hiccup"
basicauth / user1 passworduser1
basicauth / user2 passworduser2
rewrite {
if {>Authorization} is "Basic dXNlcjE6cGFzc3dvcmR1c2VyMQ=="
to /user1/{path}
} }
rewrite { @user1auth {
if {>Authorization} is "Basic dXNlcjI6cGFzc3dvcmR1c2VyMg==" vars {http.auth.user.id} user1
to /user2/{path} }
handle @user1auth {
reverse_proxy 127.0.0.1:8001
}
@user2auth {
vars {http.auth.user.id} user2
}
handle @user2auth {
reverse_proxy 127.0.0.1:8002
} }
``` ```