--- title: description: date: 2023-04-19 lang: zh-tw tags: - 樹莓派 - Linux - docker --- # 樹莓派筆記-Caddy Security 由於私人服務是暴露在公網上，這非常不安全 總會有有心人想要竊取私人資訊 為了讓私人服務更安全 因此需要Caddy自帶的擴展Caddy Security :::info 有找到更好用的 **Authelia** Caddy Security的文檔太少，太難理解了 ::: ## 更新Dockerfile `caddy.Dockerfile` ```Dockerfile= FROM caddy:2.6.4-builder AS builder RUN xcaddy build \ --with github.com/caddy-dns/cloudflare \ --with github.com/greenpau/caddy-security FROM caddy:2.6.4 COPY --from=builder /usr/bin/caddy /usr/bin/caddy ``` ## docker-compose `docker-compose.yml` ```yml= version: '3.3' networks: default: name: ${DOCKER_MY_NETWORK} external: true services: caddy: container_name: caddy build: context: . dockerfile: Dockerfile.caddy hostname: caddy restart: unless-stopped ports: - "80:80" - "443:443" - "443:443/udp" volumes: #讀取Host主機時間 - /etc/localtime:/etc/localtime:ro - ${HOME_PATH}/caddy/Caddyfile:/etc/caddy/Caddyfile:ro - ${HOME_PATH}:/data - ${HOME_PATH}:/config env_file: - stack.env ``` ## 更新 .env `stack.env` ```env= # common.env: Set development environment DOCKER_MY_NETWORK=caddy_net MY_DOMAIN=example.com CLOUDFLARE_API_TOKEN=<cloudflare api token goes here> HOME_PATH=<your path> AUTHP_ADMIN_USER=<your username> AUTHP_ADMIN_EMAIL=<your email> AUTHP_ADMIN_SECRET=<your password> ``` ## 更新 Caddyfile `Caddyfile` ```Caddyfile= { acme_dns cloudflare {$CLOUDFLARE_API_TOKEN} security { local identity store localdb { realm local path /data/caddy/users.json } authentication portal myportal { enable identity store localdb } } } auth.{$MY_DOMAIN} { log { output file /var/log/caddy/access.log } route { authenticate with myportal } } portainer.{$MY_DOMAIN} { log { output file /var/log/caddy/access.log } reverse_proxy portainer:9000 } ``` ## 使用 因為使用本地資料庫 因此會有`user.josn`儲存帳號密碼 到`auth.{$MY_DOMAIN}/setting`會出現登入介面  用`stack.env`中的帳號密碼，登入後 會進入使用者設定介面  到`auth.{$MY_DOMAIN}/whoami` 會有個whoami可以看  ## 結尾 目前完成了基礎登入實現 但還有很多東西沒有完成，例如:使用者註冊，登入權限控管等 接下來會慢慢補全 ## Ref * https://authp.github.io/ * https://authp.github.io/docs/authenticate/local/local