450f50ddf4
- Replace ubuntu-26.04 (unreleased) with ubuntu-24.04 LTS throughout - Add file provisioner to Packer HCL to copy overlays/ into VM before provisioning (fixes missing zroc-setup binary in 03-setup-wizard.sh) - Rebuild root docker-compose.yaml: full stack with env vars — Caddy, zroc-ui, Authentik (server + worker + postgres + redis), Prometheus, Grafana, Zerto exporter, Watchtower; no hardcoded credentials - Add caddy/Caddyfile to repo root for reverse proxy / TLS - Update 02-zroc.sh to pre-pull all service images during OVA build - Update GitHub Actions workflow to reference ubuntu-2404.pkr.hcl Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
48 lines
1.0 KiB
Caddyfile
48 lines
1.0 KiB
Caddyfile
{
|
|
admin off
|
|
auto_https off
|
|
log {
|
|
format json
|
|
}
|
|
}
|
|
|
|
:443 {
|
|
tls internal
|
|
|
|
handle /auth/* {
|
|
reverse_proxy authentik-server:9000 {
|
|
header_up X-Forwarded-Proto https
|
|
header_up X-Forwarded-For {remote_host}
|
|
}
|
|
}
|
|
|
|
handle /outpost.goauthentik.io/* {
|
|
reverse_proxy authentik-server:9000 {
|
|
header_up X-Forwarded-Proto https
|
|
}
|
|
}
|
|
|
|
handle {
|
|
reverse_proxy zroc-ui:3001 {
|
|
header_up X-Forwarded-Proto https
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Real-IP {remote_host}
|
|
health_uri /api/health
|
|
health_interval 15s
|
|
}
|
|
}
|
|
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
-Server
|
|
}
|
|
}
|
|
|
|
:80 {
|
|
redir https://{host}{uri} permanent
|
|
}
|