https://{$BASE_DOMAIN} { log / stdout "{host} - {common}" errors stdout tls {$TLS_EMAIL} gzip root /srv/homepage git { repo ssh://git@gitlab.csprung.de:vserver/homepage.git path /build/homepage key /root/deploy_keys/caddy hook /__gitlab_hook__ clone_args --recurse-submodules pull_args --recurse-submodules then hugo --cleanDestinationDir --destination /srv/homepage } } http://*.{$BASE_DOMAIN} { redir https://{host}{uri} } https://echo.{$BASE_DOMAIN} { log / stdout "{host} - {common}" errors stdout tls {$TLS_EMAIL} gzip proxy / echo:8000 { transparent } } https://cloud.{$BASE_DOMAIN} { log / stdout "{host} - {common}" errors stdout tls {$TLS_EMAIL} gzip proxy / nextcloud:80 { transparent header_upstream X-Forwarded-Host {host} } redir { /.well-known/carddav /remote.php/dav /.well-known/caldav /remote.php/dav /.well-known/webfinger /public.php?service=webfinger } } https://bitwarden.{$BASE_DOMAIN} { log / stdout "{host} - {common}" errors stdout tls {$TLS_EMAIL} gzip proxy /notifications/hub/negotiate bitwarden:80 { transparent } proxy /notifications/hub bitwarden:3012 { websocket } proxy / bitwarden:80 { transparent } } # https://bitwarden.{$BASE_DOMAIN} { # log / stdout "{host} - {common}" # errors stdout # tls {$TLS_EMAIL} # gzip # proxy / bitwarden-web:5000 { # transparent # header_downstream Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; connect-src 'self' wss://{host} https://api.pwnedpasswords.com https://twofactorauth.org; object-src 'self' blob:;" # header_downstream X-Frame-Options SAMEORIGIN # header_downstream X-Robots-Tag "noindex, nofollow" # } # proxy /app-id.json bitwarden-web:5000/app-id.json { # transparent # } # proxy /duo-connector.html bitwarden-web:5000/duo-connector.html { # transparent # } # proxy /attachments/ bitwarden-attachments:5000 { # transparent # } # proxy /api/ bitwarden-api:5000 { # transparent # } # proxy /identity/ bitwarden-identity:5000 { # transparent # } # proxy /icons/ bitwarden-icons:5000 { # transparent # } # proxy /notifications/hub bitwarden-notifications:5000/hub { # transparent # websocket # } # proxy /events/ bitwarden-events:5000 { # transparent # } # proxy /admin bitwarden-admin:5000 { # transparent # header_downstream X-Frame-Options SAMEORIGIN # } # } https://git.{$BASE_DOMAIN} { log / stdout "{host} - {common}" errors stdout tls {$TLS_EMAIL} gzip proxy / gitea:3000 { transparent } } https://ci.{$BASE_DOMAIN} { log / stdout "{host} - {common}" errors stdout tls {$TLS_EMAIL} gzip proxy / drone:80 { transparent } } https://notes.{$BASE_DOMAIN} { log / stdout "{host} - {common}" errors stdout tls {$TLS_EMAIL} gzip proxy / codimd:3000 { transparent } }