Working nassella deployment.

make-caddyfile.sh

@@ -26,7 +26,26 @@ declare -A bodys
 bodys["nextcloud"]="  reverse_proxy http://nextcloud:80"
 bodys["wg-easy"]="  reverse_proxy http://wg-easy:80"
 bodys["ghost"]="  reverse_proxy http://ghost:2368"
-bodys["nassella"]="  reverse_proxy http://nassella:8080"
+bodys["nassella"]=$(cat <<EOF
+  route {
+    @authelia path /authelia /authelia/*
+    handle @authelia {
+      reverse_proxy nassella_authelia:9091
+    }
+
+    handle /unsecured/* {
+      reverse_proxy http://nassella:8080
+    }
+
+    forward_auth nassella_authelia:9091 {
+      uri /api/authz/forward-auth
+      copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+    }
+
+    reverse_proxy http://nassella:8080
+  }
+EOF
+)
 bodys["dozzle"]=$(cat <<EOF
   basic_auth {
     $HOST_ADMIN_USER $host_admin_password_encoded
@@ -48,7 +67,16 @@ for config_string in ${APP_CONFIGS[@]}; do
     echo "$fulldomain {"
     echo $body
     echo "}"
+
+    # this is a hack specifically for nassella
+    # because lldap should be on a separate domain
+    # for security but this was not designed for one app
+    # to map to multiple caddy blocks
+    # currently this is hardcoded to prefix the nassella
+    # domain with 'lldap'
+    if [ "$app" = "nassella" ]; then
+       echo "lldap.$subdomain.$ROOT_DOMAIN {"
+       echo "  reverse_proxy nassella_lldap:17170"
+       echo "}"
+    fi
 done
-
-
-