(logging) { log { output stdout } } { # local_certs email {$TLS_EMAIL} acme_ca {$CA_URL} } (errorpages) { handle_errors { rewrite * /{http.error.status_code}.html file_server { root /srv/errorpages } } } (maintenance) { @denied not remote_ip forwarded {$CADDY_BYPASS_IP} handle @denied { rewrite * /maintenance.html file_server { root /srv/errorpages status 503 } } } (defaultHeaders) { header { # enable HSTS Strict-Transport-Security "max-age=31536000" } } (default) { import logging import errorpages import defaultHeaders } {$BASE_DOMAIN} { import default @matrix { path /_matrix/* /_synapse/* } reverse_proxy @matrix matrix:8008 reverse_proxy homepage:80 } {$BASE_DOMAIN}:8448 { import default reverse_proxy matrix:8008 } # needs to be http! autoconfig.{$BASE_DOMAIN}, autoconfig.{$SECOND_MAIL_DOMAIN} { file_server { root /srv/autoconfig } } status.{$BASE_DOMAIN} { import default redir https://stats.uptimerobot.com/PMoGJHK8W9 permanent } post.{$BASE_DOMAIN} { import default reverse_proxy echo:8000 } account.{$BASE_DOMAIN} { import default reverse_proxy authentik:80 } cloud.{$BASE_DOMAIN} { import default redir /.well-known/carddav /remote.php/dav redir /.well-known/caldav /remote.php/dav redir /.well-known/webfinger /index.php/.well-known/webfinger redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo reverse_proxy nextcloud:80 } git.{$BASE_DOMAIN} { import default # Auto redirect the login to SSO provider. Add `?direct=1` for local login. @login { path /user/login not query direct=1 } redir @login /user/oauth2/SSO reverse_proxy forgejo:3000 } stuff.{$BASE_DOMAIN} { import default header { # headers for godot web export Cross-Origin-Opener-Policy "same-origin" Cross-Origin-Embedder-Policy "require-corp" } root * /srv/public_html file_server browse } md.{$BASE_DOMAIN} { import default reverse_proxy hedgedoc:3000 } hackmd.{$BASE_DOMAIN} { import default redir https://md.{$BASE_DOMAIN}{uri} permanent } ci.{$BASE_DOMAIN} { import default reverse_proxy woodpecker:8000 } passwords.{$BASE_DOMAIN} { import default reverse_proxy vaultwarden:80 { header_up X-Real-IP {remote_host} } } games.{$BASE_DOMAIN} { import default reverse_proxy games:8080 } mc-map.{$BASE_DOMAIN} { import default root * /srv/bluemap file_server reverse_proxy /live/* games:8123 @JSONgz { path *.json file { try_files {path}.gz } } route @JSONgz { rewrite {http.matchers.file.relative} header Content-Type application/json header Content-Encoding gzip } } money.{$BASE_DOMAIN} { import default # using proxy auth reverse_proxy authentik:80 } cars.{$BASE_DOMAIN} { import default reverse_proxy cartracker:8080 } dozzle.{$BASE_DOMAIN} { import default # using proxy auth reverse_proxy authentik:80 }