Created
October 31, 2025 18:43
-
-
Save aldoborrero/f1d352f4c5b7b95d62ecfe6278f9629b to your computer and use it in GitHub Desktop.
Caddy + Netbird + Authentik
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| # Colors | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| BLUE='\033[0;34m' | |
| NC='\033[0m' | |
| msg_info() { echo -e "${BLUE}[INFO]${NC} $1"; } | |
| msg_ok() { echo -e "${GREEN}[OK]${NC} $1"; } | |
| msg_error() { echo -e "${RED}[ERROR]${NC} $1"; } | |
| if [[ $EUID -ne 0 ]]; then | |
| msg_error "This script must be run as root" | |
| exit 1 | |
| fi | |
| msg_info "Updating system" | |
| apt-get update >/dev/null 2>&1 | |
| apt-get upgrade -y >/dev/null 2>&1 | |
| msg_ok "System updated" | |
| msg_info "Installing Dependencies" | |
| apt-get install -y curl sudo mc debian-keyring debian-archive-keyring apt-transport-https gnupg2 wget >/dev/null 2>&1 | |
| msg_ok "Installed Dependencies" | |
| msg_info "Installing Caddy" | |
| curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg | |
| curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list >/dev/null | |
| apt-get update >/dev/null 2>&1 | |
| apt-get install -y caddy >/dev/null 2>&1 | |
| systemctl enable -q --now caddy | |
| msg_ok "Installed Caddy" | |
| msg_info "Installing Go" | |
| GO_VERSION=$(curl -s https://go.dev/VERSION?m=text | head -n1) | |
| cd /tmp | |
| wget -q "https://go.dev/dl/${GO_VERSION}.linux-amd64.tar.gz" | |
| rm -rf /usr/local/go | |
| tar -C /usr/local -xzf "${GO_VERSION}.linux-amd64.tar.gz" | |
| rm "${GO_VERSION}.linux-amd64.tar.gz" | |
| export PATH=$PATH:/usr/local/go/bin | |
| echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile | |
| msg_ok "Installed Go ${GO_VERSION}" | |
| msg_info "Installing xcaddy" | |
| curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg | |
| curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-xcaddy.list >/dev/null | |
| apt-get update >/dev/null 2>&1 | |
| apt-get install -y xcaddy >/dev/null 2>&1 | |
| msg_ok "Installed xcaddy" | |
| msg_info "Building Caddy with Cloudflare DNS plugin" | |
| cd /opt | |
| systemctl stop caddy | |
| xcaddy build --with github.com/caddy-dns/cloudflare >/dev/null 2>&1 | |
| if [[ -f ./caddy ]]; then | |
| mv /usr/bin/caddy /usr/bin/caddy.original | |
| mv ./caddy /usr/bin/caddy | |
| chmod +x /usr/bin/caddy | |
| setcap cap_net_bind_service=+ep /usr/bin/caddy | |
| systemctl start caddy | |
| msg_ok "Built Caddy with Cloudflare DNS plugin" | |
| echo -e "\nConfigure Cloudflare token in /etc/caddy/caddy.env" | |
| echo "Example: export CLOUDFLARE_API_TOKEN=\"your-token\"" | |
| else | |
| msg_error "Failed to build Caddy with Cloudflare plugin" | |
| systemctl start caddy | |
| fi | |
| msg_info "Installing Authentik Proxy" | |
| cd /opt | |
| AUTHENTIK_VERSION=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/version\///') | |
| wget -q "https://github.com/goauthentik/authentik/releases/download/version/${AUTHENTIK_VERSION}/authentik-proxy-linux-amd64" -O authentik-proxy | |
| if [[ -f authentik-proxy ]]; then | |
| mv authentik-proxy /usr/local/bin/authentik-proxy | |
| chmod +x /usr/local/bin/authentik-proxy | |
| msg_ok "Installed Authentik Proxy ${AUTHENTIK_VERSION}" | |
| mkdir -p /etc/authentik | |
| cat > /etc/authentik/proxy.env << 'EOF' | |
| AUTHENTIK_HOST=https://your-authentik-domain.com | |
| AUTHENTIK_TOKEN=your-outpost-token-here | |
| AUTHENTIK_INSECURE=false | |
| EOF | |
| chmod 600 /etc/authentik/proxy.env | |
| cat > /etc/systemd/system/authentik-proxy.service << 'EOF' | |
| [Unit] | |
| Description=Authentik Proxy Outpost | |
| After=network.target | |
| [Service] | |
| Type=simple | |
| User=root | |
| EnvironmentFile=/etc/authentik/proxy.env | |
| ExecStart=/usr/local/bin/authentik-proxy | |
| Restart=always | |
| RestartSec=5 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| systemctl daemon-reload | |
| systemctl enable authentik-proxy | |
| msg_ok "Created Authentik Proxy service" | |
| echo -e "\nConfigure /etc/authentik/proxy.env before starting" | |
| echo "Start with: systemctl start authentik-proxy" | |
| else | |
| msg_error "Failed to download Authentik Proxy" | |
| fi | |
| msg_info "Installing NetBird" | |
| curl -fsSL https://pkgs.netbird.io/debian/public.key | gpg --dearmor -o /usr/share/keyrings/netbird-archive-keyring.gpg | |
| echo "deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main" | tee /etc/apt/sources.list.d/netbird.list >/dev/null | |
| apt-get update >/dev/null 2>&1 | |
| apt-get install -y netbird >/dev/null 2>&1 | |
| msg_ok "Installed NetBird" | |
| echo -e "\nConnect with: netbird up --setup-key YOUR_KEY" | |
| msg_info "Cleaning up" | |
| apt-get -y autoremove >/dev/null 2>&1 | |
| apt-get -y autoclean >/dev/null 2>&1 | |
| msg_ok "Cleaned" | |
| msg_ok "Installation complete!" | |
| echo -e "\nCaddy: http://$(hostname -I | awk '{print $1}'):80" | |
| echo "Config: /etc/caddy/Caddyfile" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment