diff --git a/reverseproxy2/caddy/Caddyfile b/reverseproxy2/caddy/Caddyfile index 2e6dd91..890f4b8 100644 --- a/reverseproxy2/caddy/Caddyfile +++ b/reverseproxy2/caddy/Caddyfile @@ -2,12 +2,11 @@ # global options # -------------------------------------------------- { - acme_ca https://acme-staging-v02.api.letsencrypt.org/directory - - servers { - trusted_proxies static private_ranges - } + acme_ca https://acme-staging-v02.api.letsencrypt.org/directory + servers { + trusted_proxies static private_ranges + } } # -------------------------------------------------- @@ -15,10 +14,10 @@ # -------------------------------------------------- (cloudflare) { - tls { - dns cloudflare {env.DNS_PROVIDER_TOKEN} - resolvers 1.1.1.1 1.0.0.1 - } + tls { + dns cloudflare {env.DNS_PROVIDER_TOKEN} + resolvers 1.1.1.1 1.0.0.1 + } } # -------------------------------------------------- @@ -26,10 +25,10 @@ # -------------------------------------------------- (auth) { - forward_auth authelia:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Email Remote-Name - } + forward_auth authelia:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } } # -------------------------------------------------- @@ -37,12 +36,12 @@ # -------------------------------------------------- wettsten.com { - import cloudflare - @wettsten host wettsten.com - handle @wettsten { - import auth - reverse_proxy 192.168.86.243:8085 - } + import cloudflare + @wettsten host wettsten.com + handle @wettsten { + import auth + reverse_proxy 192.168.86.243:8085 + } } # -------------------------------------------------- @@ -50,8 +49,8 @@ wettsten.com { # -------------------------------------------------- auth.wettsten.com { - import cloudflare - reverse_proxy authelia:9091 + import cloudflare + reverse_proxy authelia:9091 } # -------------------------------------------------- @@ -59,287 +58,286 @@ auth.wettsten.com { # -------------------------------------------------- *.wettsten.com { - # -------------------------------------------------- - # internal only subdomains - # - # - # @ host .wettsten.com - # handle @ { - # handle @internal { - # reverse_proxy 192.168.86. - # } - # respond "ip range not allowed" - # } - # - # - # @ host .wettsten.com - # handle @ { - # handle @internal { - # reverse_proxy https://192.168.86. { - # transport http { - # tls_insecure_skip_verify - # } - # } - # } - # respond "ip range not allowed" - # } - # - # - # -------------------------------------------------- - @internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 - @external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 - import cloudflare + # -------------------------------------------------- + # internal only subdomains + # + # + # @ host .wettsten.com + # handle @ { + # handle @internal { + # reverse_proxy 192.168.86. + # } + # respond "ip range not allowed" + # } + # + # + # @ host .wettsten.com + # handle @ { + # handle @internal { + # reverse_proxy https://192.168.86. { + # transport http { + # tls_insecure_skip_verify + # } + # } + # } + # respond "ip range not allowed" + # } + # + # + # -------------------------------------------------- + @internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 + @external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 + import cloudflare - @adguard host adguard.wettsten.com - handle @adguard { - handle @internal { - reverse_proxy 192.168.86.245:80 - } - respond "ip range not allowed" - } + @adguard host adguard.wettsten.com + handle @adguard { + handle @internal { + reverse_proxy 192.168.86.245:80 + } + respond "ip range not allowed" + } - @bale host bale.wettsten.com - handle @bale { - handle @internal { - reverse_proxy 192.168.86.241:8080 - } - respond "ip range not allowed" - } + @bale host bale.wettsten.com + handle @bale { + handle @internal { + reverse_proxy 192.168.86.241:8080 + } + respond "ip range not allowed" + } - @dozzle host dozzle.wettsten.com - handle @dozzle { - handle @internal { - reverse_proxy 192.168.86.243:9999 - } - respond "ip range not allowed" - } + @dozzle host dozzle.wettsten.com + handle @dozzle { + handle @internal { + reverse_proxy 192.168.86.243:9999 + } + respond "ip range not allowed" + } - @proxmox host proxmox.wettsten.com - handle @proxmox { - handle @internal { - reverse_proxy https://192.168.86.241:8006 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @proxmox host proxmox.wettsten.com + handle @proxmox { + handle @internal { + reverse_proxy https://192.168.86.241:8006 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } - @proxmoxbackup host proxmoxbackup.wettsten.com - handle @proxmoxbackup { - handle @internal { - reverse_proxy https://192.168.86.241:8007 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @proxmoxbackup host proxmoxbackup.wettsten.com + handle @proxmoxbackup { + handle @internal { + reverse_proxy https://192.168.86.241:8007 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } - @router host router.wettsten.com - handle @router { - handle @internal { - reverse_proxy https://192.168.86.1:443 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @router host router.wettsten.com + handle @router { + handle @internal { + reverse_proxy https://192.168.86.1:443 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } - @portainer host portainer.wettsten.com - handle @portainer { - handle @internal { - reverse_proxy 192.168.86.243:9000 - } - respond "ip range not allowed" - } + @portainer host portainer.wettsten.com + handle @portainer { + handle @internal { + reverse_proxy 192.168.86.243:9000 + } + respond "ip range not allowed" + } - @webmin host webmin.wettsten.com - handle @webmin { - handle @internal { - reverse_proxy https://192.168.86.241:10000 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @webmin host webmin.wettsten.com + handle @webmin { + handle @internal { + reverse_proxy https://192.168.86.241:10000 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } - # -------------------------------------------------- - # external subdomains without authelia - # - # - # @ host .wettsten.com - # handle @ { - # reverse_proxy 192.168.86. - # } - # - # - # -------------------------------------------------- + # -------------------------------------------------- + # external subdomains without authelia + # + # + # @ host .wettsten.com + # handle @ { + # reverse_proxy 192.168.86. + # } + # + # + # -------------------------------------------------- - @bitwarden host bitwarden.wettsten.com - handle @bitwarden { - reverse_proxy 192.168.86.243:8089 - } + @bitwarden host bitwarden.wettsten.com + handle @bitwarden { + reverse_proxy 192.168.86.243:8089 + } - @jellyfin host jellyfin.wettsten.com - handle @jellyfin { - reverse_proxy 192.168.86.243:8096 - } + @jellyfin host jellyfin.wettsten.com + handle @jellyfin { + reverse_proxy 192.168.86.243:8096 + } - # -------------------------------------------------- - # external subdomains with authelia - # - # - # @ host .wettsten.com - # handle @ { - # import auth - # reverse_proxy 192.168.86. - # } - # - # @ host .wettsten.com - # handle @ { - # handle @external { - # import auth - # } - # reverse_proxy 192.168.86. - # } - # - # -------------------------------------------------- + # -------------------------------------------------- + # external subdomains with authelia + # + # + # @ host .wettsten.com + # handle @ { + # import auth + # reverse_proxy 192.168.86. + # } + # + # @ host .wettsten.com + # handle @ { + # handle @external { + # import auth + # } + # reverse_proxy 192.168.86. + # } + # + # -------------------------------------------------- - @whoami host whoami.wettsten.com - handle @whoami { - import auth - reverse_proxy whoami:80 - } + @whoami host whoami.wettsten.com + handle @whoami { + import auth + reverse_proxy whoami:80 + } - @archive host archive.wettsten.com - handle @archive { - import auth - reverse_proxy 192.168.86.243:8283 - } + @archive host archive.wettsten.com + handle @archive { + import auth + reverse_proxy 192.168.86.243:8283 + } - @bazarr host bazarr.wettsten.com - handle @bazarr { - import auth - reverse_proxy 192.168.86.243:6767 - } + @bazarr host bazarr.wettsten.com + handle @bazarr { + import auth + reverse_proxy 192.168.86.243:6767 + } - @filebrowser host filebrowser.wettsten.com - handle @filebrowser { - import auth - reverse_proxy 192.168.86.243:8484 - } + @filebrowser host filebrowser.wettsten.com + handle @filebrowser { + import auth + reverse_proxy 192.168.86.243:8484 + } - @jackett host jackett.wettsten.com - handle @jackett { - import auth - reverse_proxy 192.168.86.243:9117 - } + @jackett host jackett.wettsten.com + handle @jackett { + import auth + reverse_proxy 192.168.86.243:9117 + } - @jdownloader host jdownloader.wettsten.com - handle @jdownloader { - import auth - reverse_proxy 192.168.86.243:5800 - } + @jdownloader host jdownloader.wettsten.com + handle @jdownloader { + import auth + reverse_proxy 192.168.86.243:5800 + } - @lidarr host lidarr.wettsten.com - handle @lidarr { - import auth - reverse_proxy 192.168.86.243:8686 - } + @lidarr host lidarr.wettsten.com + handle @lidarr { + import auth + reverse_proxy 192.168.86.243:8686 + } - @metube host metube.wettsten.com - handle @metube { - import auth - reverse_proxy 192.168.86.243:8082 - } + @metube host metube.wettsten.com + handle @metube { + import auth + reverse_proxy 192.168.86.243:8082 + } - @monitorr host monitorr.wettsten.com - handle @monitorr { - import auth - reverse_proxy 192.168.86.243:8084 - } + @monitorr host monitorr.wettsten.com + handle @monitorr { + import auth + reverse_proxy 192.168.86.243:8084 + } - @mstream host mstream.wettsten.com - handle @mstream { - import auth - reverse_proxy 192.168.86.243:3001 - } + @mstream host mstream.wettsten.com + handle @mstream { + import auth + reverse_proxy 192.168.86.243:3001 + } - @nvr host nvr.wettsten.com - handle @nvr { - import auth - reverse_proxy https://192.168.86.100:443 { - transport http { - tls_insecure_skip_verify - } - } - } - - @nzbhydra host nzbhydra.wettsten.com - handle @nzbhydra { - import auth - reverse_proxy 192.168.86.243:5076 - } + @nvr host nvr.wettsten.com + handle @nvr { + import auth + reverse_proxy https://192.168.86.100:443 { + transport http { + tls_insecure_skip_verify + } + } + } - @olivetin host olivetin.wettsten.com - handle @olivetin { - import auth - reverse_proxy 192.168.86.243:1337 - } + @nzbhydra host nzbhydra.wettsten.com + handle @nzbhydra { + import auth + reverse_proxy 192.168.86.243:5076 + } - @prowlarr host prowlarr.wettsten.com - handle @prowlarr { - import auth - reverse_proxy 192.168.86.243:9696 - } + @olivetin host olivetin.wettsten.com + handle @olivetin { + import auth + reverse_proxy 192.168.86.243:1337 + } - @qbittorrent host qbittorrent.wettsten.com - handle @qbittorrent { - import auth - reverse_proxy 192.168.86.243:8282 - } + @prowlarr host prowlarr.wettsten.com + handle @prowlarr { + import auth + reverse_proxy 192.168.86.243:9696 + } - @radarr host radarr.wettsten.com - handle @radarr { - import auth - reverse_proxy 192.168.86.243:7878 - } + @qbittorrent host qbittorrent.wettsten.com + handle @qbittorrent { + import auth + reverse_proxy 192.168.86.243:8282 + } - @sabnzbd host sabnzbd.wettsten.com - handle @sabnzbd { - import auth - reverse_proxy 192.168.86.243:8181 - } + @radarr host radarr.wettsten.com + handle @radarr { + import auth + reverse_proxy 192.168.86.243:7878 + } - @sonarr host sonarr.wettsten.com - handle @sonarr { - import auth - reverse_proxy 192.168.86.243:8989 - } + @sabnzbd host sabnzbd.wettsten.com + handle @sabnzbd { + import auth + reverse_proxy 192.168.86.243:8181 + } - @spdf host spdf.wettsten.com - handle @spdf { - import auth - reverse_proxy 192.168.86.243:8086 - } + @sonarr host sonarr.wettsten.com + handle @sonarr { + import auth + reverse_proxy 192.168.86.243:8989 + } - @uptime host uptime.wettsten.com - handle @uptime { - import auth - reverse_proxy 192.168.86.243:3002 - } + @spdf host spdf.wettsten.com + handle @spdf { + import auth + reverse_proxy 192.168.86.243:8086 + } - @www host www.wettsten.com - handle @www { - import auth - reverse_proxy 192.168.86.243:8085 - } + @uptime host uptime.wettsten.com + handle @uptime { + import auth + reverse_proxy 192.168.86.243:3002 + } + @www host www.wettsten.com + handle @www { + import auth + reverse_proxy 192.168.86.243:8085 + } }