decentral1se/cerca-rauthy-pmc-thunderdome
1
0
Fork 0
Code Activity
1 Commit 1 Branch 0 Tags
main
Go to file
Clone
Open with vscodium://vscode.git/clone?url
Download ZIP Download TAR.GZ Download BUNDLE
decentral1se 741fc5e93c feat: init
2026-04-18 17:29:00 +02:00
.gitignore
feat: init
2026-04-18 17:29:00 +02:00
Caddyfile
feat: init
2026-04-18 17:29:00 +02:00
cerca.Dockerfile
feat: init
2026-04-18 17:29:00 +02:00
clients.json
feat: init
2026-04-18 17:29:00 +02:00
compose.yml
feat: init
2026-04-18 17:29:00 +02:00
rauthy.toml
feat: init
2026-04-18 17:29:00 +02:00
README.md
feat: init
2026-04-18 17:29:00 +02:00

README.md

PMC THUNDERDOME: CERCA x RAUTHY

Motivation

A DIY test zone for cerca/rauthy integration. If we're gonna do it, let's do it good. This test harness sets up a way to quickly test forward authentication support in cerca as provided by rauthy.

This setup gets all the moving parts up and running locally and automagically. A typical issue with adding SSO support to a software is that the maintainers can't test it later on when there is a bug. This is an attempt to mitigate that.

Here's the general setup in a nutshell.

cerca <-------> |
                |
mailcrab <---> caddy <---> browser
                |
rauthy <------> |

Setup

Install docker compose.

git clone https://git.coopcloud.tech/decentral1se/cerca-rauthy-pmc-thunderdome
cd cerca-rauthy-pmc-thunderdome
git clone https://github.com/cblgh/cerca.git
docker compose up --watch

Rauthy login details are: admin@localhost / 1234test. The admin URL is:

localhost:8080/auth/v1/admin

You can test the Cerca forward authentication protection by visiting:

localhost:1312

Here's a breakdown of all the relevant URLs available:

Hacking

Cerca live reload

The --watch flag allows Docker to automatically pick up when you compile a new ./cerca/cerca and swap that into the container and restart cerca.

It's a bit involved but you'll need musl-tools and watchexec installed. The cerca container is running alpine and you're most likely not running alpine on your workstation. So, we need compile your patched cerca in a specific way to get it to run on the container.

I'm running the docker compose up --watch in one terminal split and this command in another terminal split. Then I can just hack on cerca and it the new binary is built, passed into the container and reloaded.

cd ./cerca
watchexec "CC=$(which musl-gcc) go build -v --ldflags '-w -linkmode external -extldflags \"-static\"' ./cmd/cerca"

Reload Caddy without restart

You can hack the Caddyfile and reload the changes on the fly.

docker compose exec -w /etc/caddy caddy caddy fmt --overwrite && \
  docker compose exec -w /etc/caddy caddy caddy reload
Description
Test harness for forward authentication support in cerca
https://github.com/cblgh/cerca/issues/132
Readme 58 KiB
Languages
Dockerfile 100%