Carsten Sprung
0b0472eeba
+ Update forward for actualbudget + Add headers to make godot web exports work + add hackmd redirect Reviewed-on: #64
178 lines
3.4 KiB
Caddyfile
178 lines
3.4 KiB
Caddyfile
(logging) {
|
|
log {
|
|
output stdout
|
|
}
|
|
}
|
|
|
|
{
|
|
# local_certs
|
|
email {$TLS_EMAIL}
|
|
acme_ca {$CA_URL}
|
|
}
|
|
|
|
(errorpages) {
|
|
handle_errors {
|
|
rewrite * /{http.error.status_code}.html
|
|
file_server {
|
|
root /srv/errorpages
|
|
}
|
|
}
|
|
}
|
|
|
|
(maintenance) {
|
|
@denied not remote_ip forwarded {$CADDY_BYPASS_IP}
|
|
handle @denied {
|
|
rewrite * /maintenance.html
|
|
file_server {
|
|
root /srv/errorpages
|
|
status 503
|
|
}
|
|
}
|
|
}
|
|
|
|
(defaultHeaders) {
|
|
header {
|
|
# enable HSTS
|
|
Strict-Transport-Security "max-age=31536000"
|
|
}
|
|
}
|
|
|
|
(default) {
|
|
import logging
|
|
import errorpages
|
|
import defaultHeaders
|
|
}
|
|
|
|
{$BASE_DOMAIN} {
|
|
import default
|
|
@matrix {
|
|
path /_matrix/* /_synapse/*
|
|
}
|
|
reverse_proxy @matrix matrix:8008
|
|
|
|
reverse_proxy homepage:80
|
|
}
|
|
|
|
{$BASE_DOMAIN}:8448 {
|
|
import default
|
|
reverse_proxy matrix:8008
|
|
}
|
|
|
|
# needs to be http!
|
|
autoconfig.{$BASE_DOMAIN}, autoconfig.{$SECOND_MAIL_DOMAIN} {
|
|
file_server {
|
|
root /srv/autoconfig
|
|
}
|
|
}
|
|
|
|
status.{$BASE_DOMAIN} {
|
|
import default
|
|
redir https://stats.uptimerobot.com/PMoGJHK8W9 permanent
|
|
}
|
|
|
|
post.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy echo:8000
|
|
}
|
|
|
|
account.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy authentik:80
|
|
}
|
|
|
|
cloud.{$BASE_DOMAIN} {
|
|
import default
|
|
redir /.well-known/carddav /remote.php/dav
|
|
redir /.well-known/caldav /remote.php/dav
|
|
redir /.well-known/webfinger /index.php/.well-known/webfinger
|
|
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
|
|
reverse_proxy nextcloud:80
|
|
}
|
|
|
|
git.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy forgejo:3000
|
|
}
|
|
|
|
home.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy https://doge6m1146mivr5g789a5tbjo0re3lrv.ui.nabu.casa
|
|
}
|
|
|
|
stuff.{$BASE_DOMAIN} {
|
|
import default
|
|
header {
|
|
# headers for godot web export
|
|
Cross-Origin-Opener-Policy "same-origin"
|
|
Cross-Origin-Embedder-Policy "require-corp"
|
|
}
|
|
root * /srv/public_html
|
|
file_server browse
|
|
}
|
|
|
|
md.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy hedgedoc:3000
|
|
}
|
|
|
|
hackmd.{$BASE_DOMAIN} {
|
|
import default
|
|
redir https://md.{$BASE_DOMAIN}{uri} permanent
|
|
}
|
|
|
|
ci.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy woodpecker:8000
|
|
}
|
|
|
|
passwords.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy vaultwarden:80 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|
|
|
|
games.{$BASE_DOMAIN} {
|
|
import default
|
|
reverse_proxy games:8080
|
|
}
|
|
|
|
mc-map.{$BASE_DOMAIN} {
|
|
import default
|
|
root * /srv/bluemap
|
|
file_server
|
|
|
|
reverse_proxy /live/* games:8123
|
|
|
|
@JSONgz {
|
|
path *.json
|
|
file {
|
|
try_files {path}.gz
|
|
}
|
|
}
|
|
|
|
route @JSONgz {
|
|
rewrite {http.matchers.file.relative}
|
|
header Content-Type application/json
|
|
header Content-Encoding gzip
|
|
}
|
|
}
|
|
|
|
money.{$BASE_DOMAIN} {
|
|
# always forward outpost path to actual outpost
|
|
reverse_proxy /outpost.goauthentik.io/* http://authentik:80
|
|
|
|
# forward authentication to outpost
|
|
forward_auth http://authentik:80 {
|
|
uri /outpost.goauthentik.io/auth/caddy
|
|
|
|
# capitalization of the headers is important, otherwise they will be empty
|
|
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
|
|
|
|
# optional, in this config trust all private ranges, should probably be set to the outposts IP
|
|
trusted_proxies private_ranges
|
|
}
|
|
|
|
# actual site config
|
|
reverse_proxy money:5006
|
|
}
|