Quick Start
Get the Productify Proxy running quickly with custom Caddy plugins for authentication and authorization.
Prerequisites
- Docker and Docker Compose
- Productify Manager instance running
- Identity Provider (OAuth2/OIDC compatible, e.g., PocketID)
Build Custom Caddy
The Productify Proxy requires custom Caddy plugins. Build from source:
bash
cd proxy
docker build -t ghcr.io/productifyfw/proxy:latest .This builds Caddy with:
- Caddy Security plugin (OAuth2/OIDC)
- Productify custom plugins
Quick Start with Docker
bash
docker run -d \
--name productify-proxy \
-p 80:80 \
-p 443:443 \
-v ./Caddyfile:/etc/caddy/Caddyfile \
-v caddy_data:/data \
-v caddy_config:/config \
ghcr.io/productifyfw/proxy:latestBasic Caddyfile
Create a minimal Caddyfile:
nginx
{
security {
oauth identity provider generic {
realm generic
driver generic
client_id YOUR_CLIENT_ID
client_secret YOUR_CLIENT_SECRET
scopes openid email profile
base_auth_url http://your-idp.localhost
metadata_url http://your-idp.localhost/.well-known/openid-configuration
}
authentication portal myportal {
crypto default token lifetime 3600
enable identity provider generic
cookie insecure on
}
authorization policy mypolicy {
set auth url /auth/oauth2/generic
allow roles user
validate bearer header
inject headers with claims
}
}
productify {
manager http://manager:8080
token YOUR_MANAGER_TOKEN
}
}
http://app.localhost {
@auth {
path /auth/*
}
route @auth {
authenticate with myportal
}
route /* {
authorize with mypolicy
productify with 123 # Application ID
reverse_proxy backend:8080
}
}With HTTPS
nginx
{
email admin@example.com
security {
# ... same as above
}
productify {
manager http://manager:8080
token YOUR_MANAGER_TOKEN
}
}
manager.example.com {
reverse_proxy manager:8080
}
app.example.com {
@auth {
path /auth/*
}
route @auth {
authenticate with myportal
}
route /* {
authorize with mypolicy
productify with 123
reverse_proxy backend:8080
}
}Docker Compose
yaml
version: "3.8"
services:
proxy:
build: ./proxy
ports:
- "80:80"
- "443:443"
- "2112:2112" # Prometheus metrics
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy_data:/data
- caddy_config:/config
environment:
- MANAGER_URL=http://manager:8080
restart: unless-stopped
depends_on:
- manager
manager:
image: ghcr.io/productifyfw/manager:latest
ports:
- "8080:8080"
environment:
- DATABASE_URL=postgresql://...
restart: unless-stopped
volumes:
caddy_data:
caddy_config:Verify Installation
Test Proxy
bash
curl http://localhostCheck Metrics
bash
curl http://localhost:2112/metricsTest Authentication
Navigate to http://app.localhost - should redirect to identity provider login.
Next Steps
Troubleshooting
Proxy Not Starting
Check:
- Caddyfile syntax is valid
- Port 80/443 availability
- Docker container logs:
docker logs productify-proxy - Custom plugins compiled correctly
Authentication Not Working
Verify:
- Identity provider is accessible
- Client ID and secret are correct
- OAuth2 metadata URL is reachable
- Cookie settings match environment (insecure for local dev)
Manager Integration Errors
Ensure:
- Manager URL is correct and accessible
- Manager token is valid
- Application ID exists in Manager
- Network connectivity between proxy and manager
TLS Certificate Errors
Ensure:
- DNS points to proxy
- Email configured for Let's Encrypt
- Ports 80/443 are publicly accessible