container-server/services/proxy/Caddyfile

192 lines
3.6 KiB
Text
Raw Normal View History

(logging) {
log {
output stdout
}
}
2022-06-19 13:18:17 +02:00
{
# local_certs
email {$TLS_EMAIL}
acme_ca {$CA_URL}
}
(errorpages) {
handle_errors {
rewrite * /{http.error.status_code}.html
file_server {
root /srv/errorpages
}
}
2022-06-07 22:54:30 +02:00
}
(maintenance) {
@denied not remote_ip forwarded {$CADDY_BYPASS_IP}
handle @denied {
rewrite * /maintenance.html
file_server {
root /srv/errorpages
status 503
}
}
}
2019-11-10 15:22:28 +01:00
2023-12-16 20:41:33 +01:00
(defaultHeaders) {
header {
# enable HSTS
Strict-Transport-Security "max-age=31536000"
2023-12-16 20:41:33 +01:00
}
}
(default) {
import logging
import errorpages
2023-12-16 20:41:33 +01:00
import defaultHeaders
}
{$BASE_DOMAIN} {
import default
@matrix {
path /_matrix/* /_synapse/*
}
reverse_proxy @matrix matrix:8008
2019-12-04 22:00:55 +01:00
2023-09-24 22:47:56 +02:00
reverse_proxy homepage:80
2019-11-10 23:46:12 +01:00
}
{$BASE_DOMAIN}:8448 {
2023-12-16 20:41:33 +01:00
import default
reverse_proxy matrix:8008
}
2019-10-27 16:35:12 +01:00
# needs to be http!
autoconfig.{$BASE_DOMAIN}, autoconfig.{$SECOND_MAIL_DOMAIN} {
file_server {
root /srv/autoconfig
}
}
status.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
redir https://stats.uptimerobot.com/PMoGJHK8W9 permanent
2019-10-27 16:35:12 +01:00
}
post.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
reverse_proxy echo:8000
2022-12-17 19:20:46 +01:00
}
account.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
reverse_proxy authentik:80
}
cloud.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
redir /.well-known/carddav /remote.php/dav
redir /.well-known/caldav /remote.php/dav
2023-06-27 23:38:10 +02:00
redir /.well-known/webfinger /index.php/.well-known/webfinger
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
reverse_proxy nextcloud:80
}
git.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
# Auto redirect the login to SSO provider. Add `?direct=1` for local login.
@login {
path /user/login
not query direct=1
}
redir @login /user/oauth2/SSO
reverse_proxy forgejo:3000
}
home.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
reverse_proxy https://doge6m1146mivr5g789a5tbjo0re3lrv.ui.nabu.casa
}
stuff.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
header {
# headers for godot web export
Cross-Origin-Opener-Policy "same-origin"
Cross-Origin-Embedder-Policy "require-corp"
}
root * /srv/public_html
file_server browse
}
md.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
2022-12-22 18:11:48 +01:00
reverse_proxy hedgedoc:3000
}
hackmd.{$BASE_DOMAIN} {
import default
redir https://md.{$BASE_DOMAIN}{uri} permanent
}
ci.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
reverse_proxy woodpecker:8000
}
passwords.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
reverse_proxy vaultwarden:80 {
header_up X-Real-IP {remote_host}
}
}
2023-10-29 20:22:54 +01:00
games.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
2023-10-29 20:22:54 +01:00
reverse_proxy games:8080
}
2022-06-06 17:13:46 +02:00
2023-10-29 20:22:54 +01:00
mc-map.{$BASE_DOMAIN} {
2023-12-16 20:41:33 +01:00
import default
2023-10-29 20:22:54 +01:00
root * /srv/bluemap
file_server
2023-10-29 20:22:54 +01:00
reverse_proxy /live/* games:8123
@JSONgz {
path *.json
file {
try_files {path}.gz
}
}
route @JSONgz {
rewrite {http.matchers.file.relative}
header Content-Type application/json
header Content-Encoding gzip
}
}
2023-11-01 22:16:00 +01:00
money.{$BASE_DOMAIN} {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://authentik:80
# forward authentication to outpost
forward_auth http://authentik:80 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
# actual site config
reverse_proxy money:5006
2023-11-01 22:16:00 +01:00
}
cars.{$BASE_DOMAIN} {
import default
reverse_proxy cartracker:8080
}