atlas-os/deploy/caddy/Caddyfile.template
Atlas Developer 8c1efe6e30 feat: Atlas OS v2.0 — space-grade animated README, full productified repo
- assets/header.svg: animated SVG header (twinkling stars, orbiting service dots,
  Atlas A logo with glow, float/pulse animations, corner accents)
- README.md: animated banner, full 39-app service catalog, Mermaid architecture,
  AI stack table, tech stack, quick-deploy, repo structure, security model
- ARCHITECTURE.md: one-box philosophy, 5-tier service layers, data flow diagram,
  Caddy SSO pattern, AI mesh topology, Docker Compose topology
- SERVICES.md: all 55 containers + 20 systemd services documented
- CHANGELOG.md: full build history from v0.5 to v2.0
- assets/logo.svg: Atlas A logo with gradient
- deploy/install.sh: one-command installer (Docker + Caddy + Tailscale + stacks)
- deploy/compose/atlas-core.yml: Authentik + Nextcloud + Stalwart + Forgejo + Vaultwarden
- deploy/caddy/Caddyfile.template: Authentik SSO pattern, sanitized
- deploy/README.md: full deployment guide
- server/: sanitized atlas_brain.py, cockpit_shim.py, intelligence.py, meridian.py,
  atlas_router_api.py, cli-atlas.py (all secrets stripped, env var patterns)
- server/systemd/: 6 atlas-* service unit files
- server/README.md: deployment and configuration guide

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 21:33:18 +02:00

37 lines
834 B
Text

# Atlas OS — Caddyfile Template
# Replace {DOMAIN} with your actual domain, {EMAIL} with your admin email
{
email {EMAIL}
admin off
}
# Authentik SSO snippet — import into every protected site
(authentik) {
reverse_proxy /outpost.goauthentik.io/* localhost:9000
forward_auth localhost:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt
}
}
# SSO-gated service example
app.{DOMAIN} {
import authentik
reverse_proxy localhost:8080
}
# Public service (no SSO)
public.{DOMAIN} {
reverse_proxy localhost:8090
}
# Authentik itself (must be public for SSO redirects)
auth.{DOMAIN} {
reverse_proxy localhost:9000
}
# HTTP -> HTTPS
http://*.{DOMAIN} {
redir https://{host}{uri} permanent
}