2022-12-10 18:16:50 +01:00
|
|
|
(logging) {
|
2022-06-19 23:46:55 +02:00
|
|
|
log {
|
|
|
|
output stdout
|
|
|
|
}
|
2022-06-19 13:35:26 +02:00
|
|
|
}
|
2022-06-19 13:18:17 +02:00
|
|
|
|
2022-12-10 18:16:50 +01:00
|
|
|
{
|
2023-09-13 22:33:47 +02:00
|
|
|
# local_certs
|
|
|
|
email {$TLS_EMAIL}
|
|
|
|
acme_ca {$CA_URL}
|
2022-12-10 18:16:50 +01:00
|
|
|
}
|
|
|
|
|
2022-06-19 13:35:26 +02:00
|
|
|
(errorpages) {
|
2022-06-19 23:46:55 +02:00
|
|
|
handle_errors {
|
|
|
|
rewrite * /{http.error.status_code}.html
|
2022-12-03 21:06:19 +01:00
|
|
|
file_server {
|
|
|
|
root /srv/errorpages
|
|
|
|
}
|
2022-06-19 23:46:55 +02:00
|
|
|
}
|
2022-06-07 22:54:30 +02:00
|
|
|
}
|
|
|
|
|
2022-12-03 21:06:19 +01:00
|
|
|
(maintenance) {
|
|
|
|
@denied not remote_ip forwarded {$CADDY_BYPASS_IP}
|
|
|
|
handle @denied {
|
|
|
|
rewrite * /maintenance.html
|
|
|
|
file_server {
|
|
|
|
root /srv/errorpages
|
|
|
|
status 503
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2019-11-10 15:22:28 +01:00
|
|
|
|
2023-12-16 20:41:33 +01:00
|
|
|
(defaultHeaders) {
|
|
|
|
header {
|
|
|
|
# enable HSTS
|
2024-09-03 23:33:08 +02:00
|
|
|
Strict-Transport-Security "max-age=31536000"
|
2023-12-16 20:41:33 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
(default) {
|
2022-12-10 18:16:50 +01:00
|
|
|
import logging
|
2023-09-13 22:33:47 +02:00
|
|
|
import errorpages
|
2023-12-16 20:41:33 +01:00
|
|
|
import defaultHeaders
|
|
|
|
}
|
|
|
|
|
|
|
|
{$BASE_DOMAIN} {
|
|
|
|
import default
|
2023-09-13 22:33:47 +02:00
|
|
|
@matrix {
|
|
|
|
path /_matrix/* /_synapse/*
|
|
|
|
}
|
|
|
|
reverse_proxy @matrix matrix:8008
|
2019-12-04 22:00:55 +01:00
|
|
|
|
2023-09-24 22:47:56 +02:00
|
|
|
reverse_proxy homepage:80
|
2019-11-10 23:46:12 +01:00
|
|
|
}
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
{$BASE_DOMAIN}:8448 {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-09-13 22:33:47 +02:00
|
|
|
reverse_proxy matrix:8008
|
|
|
|
}
|
2019-10-27 16:35:12 +01:00
|
|
|
|
2022-12-10 18:16:50 +01:00
|
|
|
# needs to be http!
|
2023-09-13 22:33:47 +02:00
|
|
|
autoconfig.{$BASE_DOMAIN}, autoconfig.{$SECOND_MAIL_DOMAIN} {
|
2022-12-10 18:16:50 +01:00
|
|
|
file_server {
|
|
|
|
root /srv/autoconfig
|
|
|
|
}
|
|
|
|
}
|
2022-12-03 21:06:19 +01:00
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
status.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-09-13 22:33:47 +02:00
|
|
|
redir https://stats.uptimerobot.com/PMoGJHK8W9 permanent
|
2019-10-27 16:35:12 +01:00
|
|
|
}
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
post.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-09-13 22:33:47 +02:00
|
|
|
reverse_proxy echo:8000
|
2022-12-17 19:20:46 +01:00
|
|
|
}
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
account.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-09-13 22:33:47 +02:00
|
|
|
reverse_proxy authentik:80
|
2022-12-10 18:16:50 +01:00
|
|
|
}
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
cloud.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2022-12-10 18:16:50 +01:00
|
|
|
redir /.well-known/carddav /remote.php/dav
|
|
|
|
redir /.well-known/caldav /remote.php/dav
|
2023-06-27 23:38:10 +02:00
|
|
|
redir /.well-known/webfinger /index.php/.well-known/webfinger
|
|
|
|
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
|
2022-12-10 18:16:50 +01:00
|
|
|
reverse_proxy nextcloud:80
|
|
|
|
}
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
git.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2024-10-25 20:45:14 +02:00
|
|
|
|
|
|
|
# Auto redirect the login to SSO provider. Add `?direct=1` for local login.
|
|
|
|
@login {
|
|
|
|
path /user/login
|
|
|
|
not query direct=1
|
|
|
|
}
|
|
|
|
redir @login /user/oauth2/SSO
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
reverse_proxy forgejo:3000
|
|
|
|
}
|
|
|
|
|
|
|
|
stuff.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2024-09-03 23:33:08 +02:00
|
|
|
header {
|
|
|
|
# headers for godot web export
|
|
|
|
Cross-Origin-Opener-Policy "same-origin"
|
|
|
|
Cross-Origin-Embedder-Policy "require-corp"
|
|
|
|
}
|
2023-09-13 22:33:47 +02:00
|
|
|
root * /srv/public_html
|
|
|
|
file_server browse
|
|
|
|
}
|
|
|
|
|
|
|
|
md.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2022-12-22 18:11:48 +01:00
|
|
|
reverse_proxy hedgedoc:3000
|
|
|
|
}
|
|
|
|
|
2024-09-03 23:33:08 +02:00
|
|
|
hackmd.{$BASE_DOMAIN} {
|
|
|
|
import default
|
|
|
|
redir https://md.{$BASE_DOMAIN}{uri} permanent
|
|
|
|
}
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
ci.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-09-13 22:33:47 +02:00
|
|
|
reverse_proxy woodpecker:8000
|
|
|
|
}
|
|
|
|
|
|
|
|
passwords.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-09-13 22:33:47 +02:00
|
|
|
reverse_proxy vaultwarden:80 {
|
|
|
|
header_up X-Real-IP {remote_host}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-10-29 20:22:54 +01:00
|
|
|
games.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-10-29 20:22:54 +01:00
|
|
|
reverse_proxy games:8080
|
|
|
|
}
|
2022-06-06 17:13:46 +02:00
|
|
|
|
2023-10-29 20:22:54 +01:00
|
|
|
mc-map.{$BASE_DOMAIN} {
|
2023-12-16 20:41:33 +01:00
|
|
|
import default
|
2023-10-29 20:22:54 +01:00
|
|
|
root * /srv/bluemap
|
|
|
|
file_server
|
2022-06-19 23:46:55 +02:00
|
|
|
|
2023-10-29 20:22:54 +01:00
|
|
|
reverse_proxy /live/* games:8123
|
|
|
|
|
|
|
|
@JSONgz {
|
|
|
|
path *.json
|
|
|
|
file {
|
|
|
|
try_files {path}.gz
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
route @JSONgz {
|
|
|
|
rewrite {http.matchers.file.relative}
|
|
|
|
header Content-Type application/json
|
|
|
|
header Content-Encoding gzip
|
|
|
|
}
|
|
|
|
}
|
2023-11-01 22:16:00 +01:00
|
|
|
|
|
|
|
money.{$BASE_DOMAIN} {
|
2024-10-25 23:04:24 +02:00
|
|
|
import default
|
|
|
|
# using proxy auth
|
|
|
|
reverse_proxy authentik:80
|
2023-11-01 22:16:00 +01:00
|
|
|
}
|
2024-09-30 19:33:36 +02:00
|
|
|
|
|
|
|
cars.{$BASE_DOMAIN} {
|
|
|
|
import default
|
|
|
|
reverse_proxy cartracker:8080
|
|
|
|
}
|
2024-10-25 23:20:20 +02:00
|
|
|
|
|
|
|
dozzle.{$BASE_DOMAIN} {
|
|
|
|
import default
|
|
|
|
# using proxy auth
|
|
|
|
reverse_proxy authentik:80
|
|
|
|
}
|