diff --git a/.gitignore b/.gitignore index f3249991..4c714531 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ .DS_Store server/.env .env +Caddyfile server/exportdanswer .vercel .env*.local diff --git a/Caddyfile b/Caddyfile.example similarity index 63% rename from Caddyfile rename to Caddyfile.example index e596b82c..ebbaabdf 100644 --- a/Caddyfile +++ b/Caddyfile.example @@ -5,6 +5,7 @@ # For environment variable substitution, set: # FRONTEND_DOMAIN=app.example.com # API_DOMAIN=api.example.com +# AUTHENTIK_DOMAIN=authentik.example.com (optional, for authentication) # Or edit this file directly with your domains. {$FRONTEND_DOMAIN:app.example.com} { @@ -14,3 +15,8 @@ {$API_DOMAIN:api.example.com} { reverse_proxy server:1250 } + +# Uncomment if using Authentik for authentication (see auth-setup.md) +# {$AUTHENTIK_DOMAIN:authentik.example.com} { +# reverse_proxy authentik-server-1:9000 +# } diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 5078b6bb..81e26f81 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -3,7 +3,7 @@ # # Prerequisites: # 1. Copy env.example to .env and configure for both server/ and www/ -# 2. Edit Caddyfile with your domains +# 2. Copy Caddyfile.example to Caddyfile and edit with your domains # 3. Deploy Modal GPU functions (see gpu/modal_deployments/deploy-all.sh) services: diff --git a/docs/docs/installation/auth-setup.md b/docs/docs/installation/auth-setup.md index 7147d47e..b281103a 100644 --- a/docs/docs/installation/auth-setup.md +++ b/docs/docs/installation/auth-setup.md @@ -62,25 +62,22 @@ sudo docker network connect reflector_default authentik-server-1 ### Step 3: Add Authentik to Caddy -Edit your `Caddyfile` to add the Authentik domain: +Uncomment the Authentik section in your `Caddyfile` and set your domain: +```bash +nano Caddyfile ``` -app.example.com { - reverse_proxy web:3000 -} -api.example.com { - reverse_proxy server:1250 -} - -authentik.example.com { +Uncomment and edit: +``` +{$AUTHENTIK_DOMAIN:authentik.example.com} { reverse_proxy authentik-server-1:9000 } ``` Reload Caddy: ```bash -sudo docker exec reflector-caddy-1 caddy reload --config /etc/caddy/Caddyfile +docker compose -f docker-compose.prod.yml exec caddy caddy reload --config /etc/caddy/Caddyfile ``` ### Step 4: Create OAuth2 Provider in Authentik diff --git a/docs/docs/installation/overview.md b/docs/docs/installation/overview.md index 0aca5170..f0e91e53 100644 --- a/docs/docs/installation/overview.md +++ b/docs/docs/installation/overview.md @@ -192,19 +192,18 @@ FEATURE_REQUIRE_LOGIN=false **Location: YOUR SERVER (via SSH)** -Edit Caddyfile with your domains: - ```bash +cp Caddyfile.example Caddyfile nano Caddyfile ``` -Replace example.com: +Replace `example.com` with your domains: ``` -app.example.com { +{$FRONTEND_DOMAIN:app.example.com} { reverse_proxy web:3000 } -api.example.com { +{$API_DOMAIN:api.example.com} { reverse_proxy server:1250 } ``` @@ -254,22 +253,25 @@ curl https://api.example.com/health --- -## Step 8: Optional - Enable Authentication +## Step 8: Enable Authentication (Required for Live Rooms) -By default, Reflector is open (no login required). To add authentication: +By default, Reflector is open (no login required). **Authentication is required if you want to use Live Meeting Rooms (Step 9).** See [Authentication Setup](./auth-setup) for full Authentik OAuth configuration. Quick summary: 1. Deploy Authentik on your server 2. Create OAuth provider in Authentik -3. Update `server/.env`: `AUTH_BACKEND=jwt` -4. Update `www/.env`: `FEATURE_REQUIRE_LOGIN=true` + Authentik credentials -5. Restart services +3. Extract public key for JWT verification +4. Update `server/.env`: `AUTH_BACKEND=jwt` + `AUTH_JWT_AUDIENCE` +5. Update `www/.env`: `FEATURE_REQUIRE_LOGIN=true` + Authentik credentials +6. Mount JWT keys volume and restart services --- -## Step 9: Optional - Enable Live Meeting Rooms +## Step 9: Enable Live Meeting Rooms + +**Requires: Step 8 (Authentication)** Live rooms require Daily.co and AWS S3. Add to `server/.env`: