No description
| example | ||
| README.md | ||
YY API Gateway
Caddy is used as the API Gateway to provide a common entry point for interacting with the YY microservices, handling routing and authentication.
Security concerns
- The microservices should only be reachable from the gateway.
- Async key/shared secret should be used as a fallback to disable direct access.
Example caddyfile
gateway.caddyfile
# Auth function
(auth_protected) {
forward_auth <host>:<port> {
uri /api/auth/authenticate
header_up Authorization {http.request.header.Authorization}
copy_headers X-User-Id X-User-Username X-User-Role X-User-TokenType
}
}
api.<domain_name>.com {
# Gateway caddy health check endpoint for monitoring services
handle /api/health {
responde "OK" 200
}
# Public non-protected login
handle /api/auth/login {
reverse_proxy <host>:<port> {
header_up <host>
}
}
# Public registration - no auth required
handle /api/auth/register {
reverse_proxy <host>:<port> {
header_up <host>
}
}
# Protected microservices endpoints
handle /api/content/* {
import auth_protected
reverse_proxy <host>:<port> {
header_up <host>
}
}
handle /api/auth/* {
import auth_protected
reverse_proxy <host>:<port> {
header_up <host>
}
}
handle /api/data/* {
import auth_protected
reverse_proxy <host>:<port> {
header_up <host>
}
}
# Catch all
handle {
respond "Not Found" 404
}
}