feat(vpn): intégration Tailscale/Headscale + URLs publiques par sous-domaine

- Ajout d'un conteneur Tailscale côté serveur pour joindre les agents via IPs Tailscale
- Configuration Headscale exposé en HTTPS via Caddy (headscale.alfrednobel.edudeploy.com)
- Caddy configuré pour les sous-domaines avec TLS on-demand
- Middleware et route proxy Next.js pour router les sous-domaines vers les agents
- Ajout du champ domain sur Establishment et affichage de l'URL publique dans le dashboard
- Agent Windows v0.2.3 avec proxy Tailscale par instance pour contourner Docker Desktop
- Templates WordPress/PrestaShop bindés sur 0.0.0.0 pour être accessibles via Tailscale
This commit is contained in:
root
2026-06-12 21:41:56 +00:00
parent 2dc9ba7b55
commit 852171cc59
18 changed files with 453 additions and 51 deletions
+19 -26
View File
@@ -1,35 +1,28 @@
import { withAuth } from "next-auth/middleware";
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
export default withAuth(
function middleware(req) {
const { pathname } = req.nextUrl;
const role = req.nextauth.token?.role as string;
const MAIN_DOMAIN = process.env.MAIN_DOMAIN || "alfrednobel.edudeploy.com";
if (pathname.startsWith("/superadmin")) {
if (role !== "superadmin") {
return NextResponse.redirect(new URL("/dashboard", req.url));
}
}
if (pathname.startsWith("/dashboard")) {
if (!role || (role !== "admin" && role !== "teacher" && role !== "superadmin")) {
return NextResponse.redirect(new URL("/login", req.url));
}
}
export function middleware(req: NextRequest) {
const host = req.headers.get("host") || "";
const cleanHost = host.split(":")[0];
if (cleanHost === MAIN_DOMAIN || cleanHost === `www.${MAIN_DOMAIN}`) {
return NextResponse.next();
},
{
callbacks: {
authorized({ req, token }) {
if (req.nextUrl.pathname.startsWith("/login")) return true;
return !!token;
},
},
}
);
if (!cleanHost.endsWith(`.${MAIN_DOMAIN}`)) {
return NextResponse.next();
}
const pathname = req.nextUrl.pathname;
const search = req.nextUrl.search;
// Rewrite to the internal proxy API while preserving the original host header
const rewriteUrl = new URL(`/api/proxy${pathname}${search}`, req.url);
return NextResponse.rewrite(rewriteUrl);
}
export const config = {
matcher: ["/dashboard/:path*", "/superadmin/:path*", "/api/protected/:path*"],
matcher: ["/((?!api/proxy|_next|static|favicon.ico|.*\\.).*)"],
};