Joey Yakimowich-Payne
1506210a2eAutomate the manual Authentik configuration process using native YAML blueprints that are applied on container startup. Changes: - Add kaboot-setup.yaml blueprint for local development - Add kaboot-setup-production.yaml.example for production with configurable domains - Update docker-compose.yml and docker-compose.prod.yml to mount blueprints - Add AUTHENTIK_BOOTSTRAP_PASSWORD/TOKEN env vars for automated admin setup - Update setup.sh to generate bootstrap credentials and display admin password - Update Caddyfile.example with proper proxy headers for Authentik - Add Caddyfile to .gitignore (user-specific config) - Update docs with Quick Start sections for automated setup The blueprints create: - OAuth2/OIDC provider (public client, client_id: kaboot-spa) - Kaboot application with redirect URIs - kaboot-users group with application binding - Enrollment flow with sign-up capability - Password complexity policy - Test user and service account (passwords set manually)
36 lines
928 B
YAML
36 lines
928 B
YAML
# Caddy Reverse Proxy for Kaboot Production
|
|
#
|
|
# This compose file adds Caddy as a reverse proxy with automatic HTTPS.
|
|
# Use with docker-compose.prod.yml using the -f flag.
|
|
#
|
|
# Usage:
|
|
# docker compose -f docker-compose.prod.yml -f docker-compose.caddy.yml up -d
|
|
#
|
|
# Prerequisites:
|
|
# 1. Copy Caddyfile.example to Caddyfile and update domains
|
|
# 2. Build the frontend: npm run build
|
|
# 3. Update your domain DNS to point to your server
|
|
# 4. See docs/PRODUCTION.md for full instructions
|
|
|
|
services:
|
|
caddy:
|
|
image: caddy:2-alpine
|
|
container_name: kaboot-caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- ./dist:/srv/frontend:ro
|
|
- caddy-data:/data
|
|
- caddy-config:/config
|
|
depends_on:
|
|
- kaboot-backend
|
|
- authentik-server
|
|
networks:
|
|
- kaboot-network
|
|
|
|
volumes:
|
|
caddy-data:
|
|
caddy-config:
|