lerko96
3ecb1fbfeb
- scripts/tag.sh: CalVer validation + dual-remote push - scripts/changelog.sh: prepend release entry to CHANGELOG - scripts/lint-public.sh: public IP, .env, and setup file checks - sync.sh: run lint before push - public/assets/: Mermaid diagrams for network topology, DNS chain, auth flow - CLAUDE.md: update current phase to Phase 3
443 B
443 B
Authentication Flow
sequenceDiagram
User->>Caddy: HTTPS request
Caddy->>Authentik: Forward auth check
Authentik-->>Caddy: 401 if unauthenticated
Caddy-->>User: Redirect to auth.lerkolabs.com
User->>Authentik: Login (OIDC or forward auth)
Authentik-->>User: Session cookie
User->>Caddy: HTTPS request + cookie
Caddy->>Authentik: Forward auth check
Authentik-->>Caddy: 200 OK
Caddy->>Service: Proxy request