navidrome: auth workaround
This commit is contained in:
+40
-8
@@ -62,6 +62,31 @@ configs:
|
|||||||
root * /data/caddy/pki/authorities/local/
|
root * /data/caddy/pki/authorities/local/
|
||||||
file_server browse
|
file_server browse
|
||||||
}
|
}
|
||||||
|
music.home.arpa {
|
||||||
|
@ui_redirect {
|
||||||
|
not path /api/* /share/* /rest/*
|
||||||
|
}
|
||||||
|
|
||||||
|
# 1. API Auth: Use the new replace_status directive
|
||||||
|
forward_auth /api/* authentik-server:9000 {
|
||||||
|
uri /outpost.goauthentik.io/auth/caddy
|
||||||
|
copy_headers X-Authentik-Username
|
||||||
|
|
||||||
|
# Define a matcher for the 302 redirect from Authentik
|
||||||
|
@redir status 302
|
||||||
|
# Use the new Caddy 2.8 directive to swap it for a 401
|
||||||
|
replace_status @redir 401
|
||||||
|
}
|
||||||
|
|
||||||
|
# 2. Main UI Auth: Standard 302 redirects for human login
|
||||||
|
forward_auth @ui_redirect authentik-server:9000 {
|
||||||
|
uri /outpost.goauthentik.io/auth/caddy
|
||||||
|
copy_headers X-Authentik-Username
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy navidrome:4533
|
||||||
|
}
|
||||||
|
|
||||||
dnsmasq:
|
dnsmasq:
|
||||||
content: |
|
content: |
|
||||||
log-facility=-
|
log-facility=-
|
||||||
@@ -355,7 +380,7 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
navidrome:
|
navidrome:
|
||||||
image: deluan/navidrome:0.61.2
|
image: ghcr.io/navidrome/navidrome:pr-5459
|
||||||
container_name: navidrome
|
container_name: navidrome
|
||||||
user: "${PUID}:${PGID}"
|
user: "${PUID}:${PGID}"
|
||||||
volumes:
|
volumes:
|
||||||
@@ -364,13 +389,20 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
public:
|
public:
|
||||||
ipv4_address: 192.168.240.14
|
ipv4_address: 192.168.240.14
|
||||||
labels:
|
# labels:
|
||||||
caddy: music.${DOMAIN_LOCAL}
|
# caddy: music.${DOMAIN_LOCAL}
|
||||||
caddy.reverse_proxy: "{{ upstreams 4533 }}"
|
# caddy.reverse_proxy: "{{ upstreams 4533 }}"
|
||||||
caddy.@protected.not.path: "/share/* /rest/*"
|
# caddy.@protected.not.path: "/share/* /rest/*"
|
||||||
caddy.forward_auth_0: "@protected authentik-server:9000"
|
# caddy.@authredir.path: "/api/*"
|
||||||
caddy.forward_auth_0.uri: "/outpost.goauthentik.io/auth/caddy"
|
# caddy.@authredir.path: "/api/*"
|
||||||
caddy.forward_auth_0.copy_headers: "X-Authentik-Username"
|
# caddy.forward_auth_0: "@protected authentik-server:9000"
|
||||||
|
# caddy.forward_auth_0.uri: "/outpost.goauthentik.io/auth/caddy"
|
||||||
|
# caddy.forward_auth_0.copy_headers: "X-Authentik-Username"
|
||||||
|
# caddy.intercept: "/api/*"
|
||||||
|
# caddy.@api_expiry.path: "/api/*"
|
||||||
|
# caddy.@api_expiry.status: "3xx"
|
||||||
|
# caddy.forward_auth_0.handle_response_0: "path /api/*"
|
||||||
|
# caddy.forward_auth_0.handle_response_1: "replace_status 401"
|
||||||
environment:
|
environment:
|
||||||
ND_LASTFM_APIKEY: 29e22ee836a0cb51cfaacb72d605e30d
|
ND_LASTFM_APIKEY: 29e22ee836a0cb51cfaacb72d605e30d
|
||||||
ND_LASTFM_SECRET: 10aa58294eeffa142685e78a0cd78ad6
|
ND_LASTFM_SECRET: 10aa58294eeffa142685e78a0cd78ad6
|
||||||
|
|||||||
Reference in New Issue
Block a user