From 45059a9555e65c4f9b7d276f9bbc3ba524f409ec Mon Sep 17 00:00:00 2001
From: sanj <67624670+iodrift@users.noreply.github.com>
Date: Tue, 25 Jun 2024 21:30:58 -0700
Subject: [PATCH] Auto-update: Tue Jun 25 21:30:58 PDT 2024

---
 Extras/Caddyfile.example | 96 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 Extras/Caddyfile.example

diff --git a/Extras/Caddyfile.example b/Extras/Caddyfile.example
new file mode 100644
index 0000000..024c061
--- /dev/null
+++ b/Extras/Caddyfile.example
@@ -0,0 +1,96 @@
+{
+	log {
+		output file /var/log/caddy/logfile.log
+		level INFO
+	}
+
+	admin localhost:2019
+
+	servers {
+		metrics
+	}
+
+	email !{!{ YOUR EMAIL ADDRESS }!}!
+}
+
+# This is an extremely permissive CORS config. Dial it back as your use case allows.
+(cors) {
+	@cors_preflight method OPTIONS
+	header {
+		Access-Control-Allow-Origin "*"
+		Access-Control-Expose-Headers "Authorization"
+		Access-Control-Allow-Credentials "true"
+		Access-Control-Allow-Headers "Authorization, Content-Type"
+	}
+
+	handle @cors_preflight {
+		header {
+			Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
+			Access-Control-Max-Age "3600"
+		}
+		respond "" 204
+	}
+}
+
+# Specify which endpoints are public, one or more methods of API key authentication, and your load balancing priority (if any)
+!{!{ YOUR SIJAPI SUBDOMAIN }!}! {
+	import cors
+	@public {
+		path /img/* /oauth /oauth/* /o365 /o365/* /ip /health /health* /health/* /id /identity
+	}
+	@apiKeyAuthHeader {
+		header Authorization "Bearer !{!{ YOUR GLOBAL_API_KEY }!}!"
+	}
+	@apiKeyAuthQuery {
+		query api_key=!{!{ YOUR GLOBAL_API_KEY }!}!
+	}
+	handle @public {
+		reverse_proxy {
+			to !{!{ YOUR IP(s) WHERE SIJAPI IS RUNNING, WITH PORTS, e.g. 100.64.64.20:4444 10.13.37.30:4444 localhost:4444 }!}!
+			lb_policy first
+			health_uri /health
+			health_interval 10s
+			health_timeout 5s
+			health_status 2xx
+			header_up X-Forwarded-For {remote}
+			header_up X-Forwarded-Proto {scheme}
+		}
+	}
+	handle @apiKeyAuthHeader {
+		reverse_proxy {
+			to !{!{ YOUR IP(s) WHERE SIJAPI IS RUNNING, WITH PORTS, e.g. 100.64.64.20:4444 10.13.37.30:4444 localhost:4444 }!}!
+			lb_policy first
+			health_uri /health
+			health_interval 10s
+			health_timeout 5s
+			health_status 2xx
+		}
+	}
+	handle @apiKeyAuthQuery {
+		reverse_proxy {
+			to !{!{ YOUR IP(s) WHERE SIJAPI IS RUNNING, WITH PORTS, e.g. 100.64.64.20:4444 10.13.37.30:4444 localhost:4444 }!}!
+			lb_policy first
+			health_uri /health
+			health_interval 10s
+			health_timeout 5s
+			health_status 2xx
+		}
+	}
+	handle {
+		respond "Unauthorized: Valid API key required" 401
+	}
+	tls {
+		dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+	}
+	log {
+		output file /var/log/caddy/sijapi.log {
+			roll_size 100mb
+			roll_keep 5
+			roll_keep_for 720h
+		}
+		format json {
+			time_format "iso8601"
+			message_key "message"
+		}
+	}
+}