container-server/services/proxy/Caddyfile

167 lines
2.7 KiB
Caddyfile

(logging) {
log {
output stdout
}
}
{
# local_certs
email {$TLS_EMAIL}
acme_ca {$CA_URL}
}
(errorpages) {
handle_errors {
rewrite * /{http.error.status_code}.html
file_server {
root /srv/errorpages
}
}
}
(maintenance) {
@denied not remote_ip forwarded {$CADDY_BYPASS_IP}
handle @denied {
rewrite * /maintenance.html
file_server {
root /srv/errorpages
status 503
}
}
}
(defaultHeaders) {
header {
# enable HSTS
Strict-Transport-Security max-age=31536000;
}
}
(default) {
import logging
import errorpages
import defaultHeaders
}
{$BASE_DOMAIN} {
import default
@matrix {
path /_matrix/* /_synapse/*
}
reverse_proxy @matrix matrix:8008
reverse_proxy homepage:80
}
{$BASE_DOMAIN}:8448 {
import default
reverse_proxy matrix:8008
}
# needs to be http!
autoconfig.{$BASE_DOMAIN}, autoconfig.{$SECOND_MAIL_DOMAIN} {
file_server {
root /srv/autoconfig
}
}
status.{$BASE_DOMAIN} {
import default
redir https://stats.uptimerobot.com/PMoGJHK8W9 permanent
}
post.{$BASE_DOMAIN} {
import default
reverse_proxy echo:8000
}
account.{$BASE_DOMAIN} {
import default
reverse_proxy authentik:80
}
cloud.{$BASE_DOMAIN} {
import default
redir /.well-known/carddav /remote.php/dav
redir /.well-known/caldav /remote.php/dav
redir /.well-known/webfinger /index.php/.well-known/webfinger
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
reverse_proxy nextcloud:80
}
git.{$BASE_DOMAIN} {
import default
reverse_proxy forgejo:3000
}
home.{$BASE_DOMAIN} {
import default
reverse_proxy https://doge6m1146mivr5g789a5tbjo0re3lrv.ui.nabu.casa
}
stuff.{$BASE_DOMAIN} {
import default
root * /srv/public_html
file_server browse
}
md.{$BASE_DOMAIN} {
import default
reverse_proxy hedgedoc:3000
}
ci.{$BASE_DOMAIN} {
import default
reverse_proxy woodpecker:8000
}
# echo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy echo:8000
# }
passwords.{$BASE_DOMAIN} {
import default
reverse_proxy vaultwarden:80 {
header_up X-Real-IP {remote_host}
}
}
# ci-demo.{$BASE_DOMAIN} {
# import logging
# import errorpages
# reverse_proxy docker-ci-demo:8000
# }
games.{$BASE_DOMAIN} {
import default
reverse_proxy games:8080
}
mc-map.{$BASE_DOMAIN} {
import default
root * /srv/bluemap
file_server
reverse_proxy /live/* games:8123
@JSONgz {
path *.json
file {
try_files {path}.gz
}
}
route @JSONgz {
rewrite {http.matchers.file.relative}
header Content-Type application/json
header Content-Encoding gzip
}
}
money.{$BASE_DOMAIN} {
import default
# using extra auth via proxy in authentik
reverse_proxy authentik:80
}