diff --git a/Caddyfile.example b/Caddyfile.example index a0d44bb..182e06c 100644 --- a/Caddyfile.example +++ b/Caddyfile.example @@ -16,11 +16,26 @@ kaboot.example.com { } auth.example.com { - reverse_proxy authentik-server:9000 { - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} - transport http { - keepalive 30s + @oidc path /application/o/* + + handle @oidc { + reverse_proxy authentik-server:9000 { + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + header_down -Access-Control-Allow-Origin + } + header Access-Control-Allow-Origin "https://kaboot.example.com" + header Access-Control-Allow-Methods "GET, POST, OPTIONS" + header Access-Control-Allow-Headers "Content-Type, Authorization" + } + + handle { + reverse_proxy authentik-server:9000 { + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + transport http { + keepalive 30s + } } } } diff --git a/scripts/setup-prod.sh b/scripts/setup-prod.sh index 924a832..1910756 100755 --- a/scripts/setup-prod.sh +++ b/scripts/setup-prod.sh @@ -183,11 +183,26 @@ ${KABOOT_DOMAIN} { } ${AUTH_DOMAIN} { - reverse_proxy authentik-server:9000 { - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} - transport http { - keepalive 30s + @oidc path /application/o/* + + handle @oidc { + reverse_proxy authentik-server:9000 { + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + header_down -Access-Control-Allow-Origin + } + header Access-Control-Allow-Origin "https://${KABOOT_DOMAIN}" + header Access-Control-Allow-Methods "GET, POST, OPTIONS" + header Access-Control-Allow-Headers "Content-Type, Authorization" + } + + handle { + reverse_proxy authentik-server:9000 { + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + transport http { + keepalive 30s + } } } }