configpolicy/roles/victoria-logs/templates/Caddyfile.j2

{# vim: set sw=4 ts=4 sts=4 et : #}
{{ victoria_logs_caddy_server_name }} {
{% if victoria_logs_tls_client_auth %}
    tls {
        client_auth {
            mode verify_if_given
            trust_pool file /etc/caddy/victoria-logs-ca.crt
        }
    }
    @nocert {
        expression {tls_client_subject} == null
    }
{% if victoria_logs_caddy_forward_auth|d %}
    handle @nocert {
        forward_auth /select/* {{ victoria_logs_caddy_forward_auth.url }} {
            uri {{ victoria_logs_caddy_forward_auth.path }}
            header_up Host {upstream_hostport}

            @unauthorized status 401
            handle_response @unauthorized {
                respond "" 303
                header Location {{ victoria_logs_caddy_forward_auth.url }}{{ victoria_logs_caddy_forward_auth.location }}
             }
        }
    }
{% endif %}
{% elif victoria_logs_caddy_forward_auth|d %}
    forward_auth /select/* {{ victoria_logs_caddy_forward_auth.url }} {
        uri {{ victoria_logs_caddy_forward_auth.path }}
        header_up Host {upstream_hostport}

        @unauthorized status 401
        handle_response @unauthorized {
            respond "" 303
            header Location {{ victoria_logs_caddy_forward_auth.url }}{{ victoria_logs_caddy_forward_auth.location }}
         }
    }

{% endif %}
    reverse_proxy 127.0.0.1:9428
{% if victoria_logs_caddy_acme|d %}

    tls {{ victoria_logs_caddy_acme.email }} {
        ca {{ victoria_logs_caddy_acme.url }}
    }
{% endif %}
}