diff --git a/internal/suites/Caddy/configuration.yml b/internal/suites/Caddy/configuration.yml new file mode 100644 index 000000000..31c5d75ba --- /dev/null +++ b/internal/suites/Caddy/configuration.yml @@ -0,0 +1,52 @@ +--- +############################################################### +# Authelia minimal configuration # +############################################################### + +jwt_secret: unsecure_secret + +server: + port: 9091 + asset_path: /config/assets/ + tls: + certificate: /config/ssl/cert.pem + key: /config/ssl/key.pem + +log: + level: debug + +authentication_backend: + file: + path: /config/users.yml + +session: + secret: unsecure_session_secret + domain: example.com + expiration: 3600 # 1 hour + inactivity: 300 # 5 minutes + remember_me_duration: 1y + +storage: + encryption_key: a_not_so_secure_encryption_key + local: + path: /config/db.sqlite + +access_control: + default_policy: bypass + rules: + - domain: "public.example.com" + policy: bypass + - domain: "admin.example.com" + policy: two_factor + - domain: "secure.example.com" + policy: two_factor + - domain: "singlefactor.example.com" + policy: one_factor + +notifier: + smtp: + host: smtp + port: 1025 + sender: admin@example.com + disable_require_tls: true +... diff --git a/internal/suites/Caddy/docker-compose.yml b/internal/suites/Caddy/docker-compose.yml new file mode 100644 index 000000000..cc2b579b4 --- /dev/null +++ b/internal/suites/Caddy/docker-compose.yml @@ -0,0 +1,9 @@ +--- +version: '3' +services: + authelia-backend: + volumes: + - './Caddy/configuration.yml:/config/configuration.yml:ro' + - './Caddy/users.yml:/config/users.yml' + - './common/ssl:/config/ssl:ro' +... diff --git a/internal/suites/Caddy/users.yml b/internal/suites/Caddy/users.yml new file mode 100644 index 000000000..a52978b20 --- /dev/null +++ b/internal/suites/Caddy/users.yml @@ -0,0 +1,35 @@ +--- +############################################################### +# Users Database # +############################################################### + +# This file can be used if you do not have an LDAP set up. + +# List of users +users: + john: + displayname: "John Doe" + password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length + email: john.doe@authelia.com + groups: + - admins + - dev + + harry: + displayname: "Harry Potter" + password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length + email: harry.potter@authelia.com + groups: [] + + bob: + displayname: "Bob Dylan" + password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length + email: bob.dylan@authelia.com + groups: + - dev + + james: + displayname: "James Dean" + password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length + email: james.dean@authelia.com +... diff --git a/internal/suites/example/compose/caddy/Caddyfile b/internal/suites/example/compose/caddy/Caddyfile new file mode 100644 index 000000000..85af2c803 --- /dev/null +++ b/internal/suites/example/compose/caddy/Caddyfile @@ -0,0 +1,65 @@ +(tls-transport) { + transport http { + tls + tls_insecure_skip_verify + } +} + +:8085 { + log + reverse_proxy authelia-backend:9091 { + import tls-transport + } +} + +login.example.com:8080 { + tls internal + log + route { + reverse_proxy /.well-known/* authelia-backend:9091 { + import tls-transport + } + + reverse_proxy /api/* authelia-backend:9091 { + import tls-transport + } + + reverse_proxy /locales/* authelia-backend:9091 { + import tls-transport + } + + reverse_proxy /jwks.json authelia-backend:9091 { + import tls-transport + } + + reverse_proxy authelia-frontend:3000 :8085 { + lb_policy first + lb_try_duration 5s + lb_try_interval 250ms + + fail_duration 10s + max_fails 1 + unhealthy_status 5xx + unhealthy_request_count 1 + } + } +} + +mail.example.com:8080 { + tls internal + log + reverse_proxy smtp:1080 +} + +*.example.com:8080 { + tls internal + log + forward_auth authelia-backend:9091 { + uri /api/verify?rd=https://login.example.com:8080 + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + import tls-transport + } + + reverse_proxy /headers httpbin:8000 + reverse_proxy nginx-backend +} diff --git a/internal/suites/example/compose/caddy/docker-compose.yml b/internal/suites/example/compose/caddy/docker-compose.yml new file mode 100644 index 000000000..f84ae14f5 --- /dev/null +++ b/internal/suites/example/compose/caddy/docker-compose.yml @@ -0,0 +1,11 @@ +--- +version: '3' +services: + caddy: + image: caddy:2.5.1-alpine + volumes: + - ./example/compose/caddy/Caddyfile:/etc/caddy/Caddyfile + networks: + authelianet: + ipv4_address: 192.168.240.100 +... diff --git a/internal/suites/suite_caddy.go b/internal/suites/suite_caddy.go new file mode 100644 index 000000000..f7d64270d --- /dev/null +++ b/internal/suites/suite_caddy.go @@ -0,0 +1,84 @@ +package suites + +import ( + "fmt" + "os" + "time" +) + +var caddySuiteName = "Caddy" + +func init() { + dockerEnvironment := NewDockerEnvironment([]string{ + "internal/suites/docker-compose.yml", + "internal/suites/Caddy/docker-compose.yml", + "internal/suites/example/compose/authelia/docker-compose.backend.{}.yml", + "internal/suites/example/compose/authelia/docker-compose.frontend.{}.yml", + "internal/suites/example/compose/nginx/backend/docker-compose.yml", + "internal/suites/example/compose/caddy/docker-compose.yml", + "internal/suites/example/compose/smtp/docker-compose.yml", + "internal/suites/example/compose/httpbin/docker-compose.yml", + }) + + if os.Getenv("CI") == t { + dockerEnvironment = NewDockerEnvironment([]string{ + "internal/suites/docker-compose.yml", + "internal/suites/Caddy/docker-compose.yml", + "internal/suites/example/compose/authelia/docker-compose.backend.{}.yml", + "internal/suites/example/compose/nginx/backend/docker-compose.yml", + "internal/suites/example/compose/caddy/docker-compose.yml", + "internal/suites/example/compose/smtp/docker-compose.yml", + "internal/suites/example/compose/httpbin/docker-compose.yml", + }) + } + + setup := func(suitePath string) error { + if err := dockerEnvironment.Up(); err != nil { + return err + } + + return waitUntilAutheliaIsReady(dockerEnvironment, caddySuiteName) + } + + displayAutheliaLogs := func() error { + backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) + if err != nil { + return err + } + + fmt.Println(backendLogs) + + if os.Getenv("CI") != t { + frontendLogs, err := dockerEnvironment.Logs("authelia-frontend", nil) + if err != nil { + return err + } + + fmt.Println(frontendLogs) + } + + caddyLogs, err := dockerEnvironment.Logs("caddy", nil) + if err != nil { + return err + } + + fmt.Println(caddyLogs) + + return nil + } + + teardown := func(suitePath string) error { + err := dockerEnvironment.Down() + return err + } + + GlobalRegistry.Register(caddySuiteName, Suite{ + SetUp: setup, + SetUpTimeout: 5 * time.Minute, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, + TestTimeout: 2 * time.Minute, + TearDown: teardown, + TearDownTimeout: 2 * time.Minute, + }) +} diff --git a/internal/suites/suite_caddy_test.go b/internal/suites/suite_caddy_test.go new file mode 100644 index 000000000..a366dd220 --- /dev/null +++ b/internal/suites/suite_caddy_test.go @@ -0,0 +1,39 @@ +package suites + +import ( + "testing" + + "github.com/stretchr/testify/suite" +) + +type CaddySuite struct { + *RodSuite +} + +func NewCaddySuite() *CaddySuite { + return &CaddySuite{RodSuite: new(RodSuite)} +} + +func (s *CaddySuite) Test1FAScenario() { + suite.Run(s.T(), New1FAScenario()) +} + +func (s *CaddySuite) Test2FAScenario() { + suite.Run(s.T(), New2FAScenario()) +} + +func (s *CaddySuite) TestCustomHeaders() { + suite.Run(s.T(), NewCustomHeadersScenario()) +} + +func (s *CaddySuite) TestResetPasswordScenario() { + suite.Run(s.T(), NewResetPasswordScenario()) +} + +func TestCaddySuite(t *testing.T) { + if testing.Short() { + t.Skip("skipping suite test in short mode") + } + + suite.Run(t, NewCaddySuite()) +}