Joey Yakimowich-Payne
1506210a2eAutomate the manual Authentik configuration process using native YAML blueprints that are applied on container startup. Changes: - Add kaboot-setup.yaml blueprint for local development - Add kaboot-setup-production.yaml.example for production with configurable domains - Update docker-compose.yml and docker-compose.prod.yml to mount blueprints - Add AUTHENTIK_BOOTSTRAP_PASSWORD/TOKEN env vars for automated admin setup - Update setup.sh to generate bootstrap credentials and display admin password - Update Caddyfile.example with proper proxy headers for Authentik - Add Caddyfile to .gitignore (user-specific config) - Update docs with Quick Start sections for automated setup The blueprints create: - OAuth2/OIDC provider (public client, client_id: kaboot-spa) - Kaboot application with redirect URIs - kaboot-users group with application binding - Enrollment flow with sign-up capability - Password complexity policy - Test user and service account (passwords set manually)
26 lines
543 B
Text
26 lines
543 B
Text
# Kaboot Production Caddyfile
|
|
# Copy this file to Caddyfile and update the domain names
|
|
|
|
kaboot.example.com {
|
|
root * /srv/frontend
|
|
file_server
|
|
try_files {path} /index.html
|
|
|
|
handle /api/* {
|
|
reverse_proxy kaboot-backend:3001
|
|
}
|
|
|
|
handle /health {
|
|
reverse_proxy kaboot-backend:3001
|
|
}
|
|
}
|
|
|
|
auth.example.com {
|
|
reverse_proxy authentik-server:9000 {
|
|
header_up X-Forwarded-Proto {scheme}
|
|
header_up X-Forwarded-Host {host}
|
|
transport http {
|
|
keepalive 30s
|
|
}
|
|
}
|
|
}
|