# Atlas OS — Caddyfile Template # Replace {DOMAIN} with your actual domain, {EMAIL} with your admin email { email {EMAIL} admin off } # Authentik SSO snippet — import into every protected site (authentik) { reverse_proxy /outpost.goauthentik.io/* localhost:9000 forward_auth localhost:9000 { uri /outpost.goauthentik.io/auth/caddy copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt } } # SSO-gated service example app.{DOMAIN} { import authentik reverse_proxy localhost:8080 } # Public service (no SSO) public.{DOMAIN} { reverse_proxy localhost:8090 } # Authentik itself (must be public for SSO redirects) auth.{DOMAIN} { reverse_proxy localhost:9000 } # HTTP -> HTTPS http://*.{DOMAIN} { redir https://{host}{uri} permanent }