diff --git a/reverseproxy2/caddy/Caddyfile b/reverseproxy2/caddy/Caddyfile index 4c90eac..653ca1b 100644 --- a/reverseproxy2/caddy/Caddyfile +++ b/reverseproxy2/caddy/Caddyfile @@ -1,15 +1,8 @@ # -------------------------------------------------- # global options # -------------------------------------------------- - { - acme_ca https://acme-staging-v02.api.letsencrypt.org/directory - -# admin :2019 -# log { -# output file caddy.log -# level info -# } + acme_ca https://acme-v02.api.letsencrypt.org/directory servers { trusted_proxies static private_ranges @@ -22,10 +15,10 @@ # -------------------------------------------------- (cloudflare) { - tls { - dns cloudflare {env.DNS_PROVIDER_TOKEN} - resolvers 1.1.1.1 1.0.0.1 - } + tls { + dns cloudflare + resolvers 1.1.1.1 1.0.0.1 + } } # -------------------------------------------------- @@ -33,200 +26,212 @@ # -------------------------------------------------- (auth) { - forward_auth authelia:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Email Remote-Name - } + forward_auth authelia:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } } # -------------------------------------------------- -# wettsten.com root domain +# akanealw.com root domain # -------------------------------------------------- -wettsten.com { - import cloudflare - @akanealwcom host wettsten.com - handle @akanealwcom { - import auth - reverse_proxy 192.168.1.4:3005 - } +akanealw.com { + import cloudflare + @akanealwcom host akanealw.com + handle @akanealwcom { + import auth + reverse_proxy 192.168.1.4:3005 + } } # -------------------------------------------------- # authelia subdomain # -------------------------------------------------- -auth.wettsten.com { - import cloudflare - reverse_proxy authelia:9091 +auth.akanealw.com { + import cloudflare + reverse_proxy authelia:9091 } # -------------------------------------------------- -# *.wettsten.com subdomains +# *.akanealw.com subdomains # -------------------------------------------------- -*.wettsten.com { -# -------------------------------------------------- -# internal only subdomains -# -# -# @ host .wettsten.com -# handle @ { -# handle @internal { -# reverse_proxy 192.168.1. -# } -# respond "ip range not allowed" -# } -# -# -# @ host .wettsten.com -# handle @ { -# handle @internal { -# reverse_proxy https://192.168.1. { -# transport http { -# tls_insecure_skip_verify -# } -# } -# } -# respond "ip range not allowed" -# } -# -# -# -------------------------------------------------- - @internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 - @external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 - import cloudflare +*.akanealw.com { + # -------------------------------------------------- + # internal only subdomains + # + # + # @ host .akanealw.com + # handle @ { + # handle @internal { + # reverse_proxy 192.168.1. + # } + # respond "ip range not allowed" + # } + # + # + # @ host .akanealw.com + # handle @ { + # handle @internal { + # reverse_proxy https://192.168.1. { + # transport http { + # tls_insecure_skip_verify + # } + # } + # } + # respond "ip range not allowed" + # } + # + # + # -------------------------------------------------- + @internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 + @external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 + import cloudflare - @adguard1 host adguardserver1.wettsten.com - handle @adguard1 { - handle @internal { - reverse_proxy 192.168.1.2:80 - } - respond "ip range not allowed" - } + @adguard1 host adguardserver1.akanealw.com + handle @adguard1 { + handle @internal { + reverse_proxy 192.168.1.2:80 + } + respond "ip range not allowed" + } - @bale host bale.wettsten.com - handle @bale { - handle @internal { - reverse_proxy 192.168.1.51:8080 - } - respond "ip range not allowed" - } + @bale host bale.akanealw.com + handle @bale { + handle @internal { + reverse_proxy 192.168.1.51:8080 + } + respond "ip range not allowed" + } - @dockerdockge host dockerserver-dockge.wettsten.com - handle @dockerdockge { - handle @internal { - reverse_proxy 192.168.1.30:5001 - } - respond "ip range not allowed" - } + @dockerdockge host dockerserver-dockge.akanealw.com + handle @dockerdockge { + handle @internal { + reverse_proxy 192.168.1.30:5001 + } + respond "ip range not allowed" + } - @dockerdozzle host dockerserver-dozzle.wettsten.com - handle @dockerdozzle { - handle @internal { - reverse_proxy 192.168.1.30:8080 - } - respond "ip range not allowed" - } + @dockerdozzle host dockerserver-dozzle.akanealw.com + handle @dockerdozzle { + handle @internal { + reverse_proxy 192.168.1.30:8080 + } + respond "ip range not allowed" + } - @gluetun host gluetun.wettsten.com - handle @gluetun { - handle @internal { - reverse_proxy 192.168.1.30:8777 - } - respond "ip range not allowed" - } + @gluetun host gluetun.akanealw.com + handle @gluetun { + handle @internal { + reverse_proxy 192.168.1.30:8777 + } + respond "ip range not allowed" + } - @proxmox1 host proxmox1.wettsten.com - handle @proxmox1 { - handle @internal { - reverse_proxy https://192.168.1.51:8006 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @proxmox1 host proxmox1.akanealw.com + handle @proxmox1 { + handle @internal { + reverse_proxy https://192.168.1.51:8006 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } - @proxmoxbackup host proxmoxbackup.wettsten.com - handle @proxmoxbackup { - handle @internal { - reverse_proxy https://192.168.1.51:8007 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @proxmoxbackup host proxmoxbackup.akanealw.com + handle @proxmoxbackup { + handle @internal { + reverse_proxy https://192.168.1.51:8007 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } - @router host router.wettsten.com - handle @router { - handle @internal { - reverse_proxy https://192.168.1.1:443 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @router host router.akanealw.com + handle @router { + handle @internal { + reverse_proxy https://192.168.1.1:443 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } - @webmin host webmin.wettsten.com - handle @webmin { - handle @internal { - reverse_proxy https://192.168.1.51:10000 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } + @speedtest host speedtest.akanealw.com + handle @speedtest { + handle @internal { + reverse_proxy 192.168.1.30:8765 + } + respond "ip range not allowed" + } + @webmin host webmin.akanealw.com + handle @webmin { + handle @internal { + reverse_proxy https://192.168.1.51:10000 { + transport http { + tls_insecure_skip_verify + } + } + } + respond "ip range not allowed" + } + # -------------------------------------------------- + # external subdomains without authelia + # + # + # @ host .akanealw.com + # handle @ { + # reverse_proxy 192.168.1. + # } + # + # + # -------------------------------------------------- -# -------------------------------------------------- -# external subdomains without authelia -# -# -# @ host .wettsten.com -# handle @ { -# reverse_proxy 192.168.1. -# } -# -# -# -------------------------------------------------- + @bitwarden host bitwarden.akanealw.com + handle @bitwarden { + reverse_proxy 192.168.1.4:8089 + } - @bitwarden host bitwarden.wettsten.com - handle @bitwarden { - reverse_proxy 192.168.1.4:8089 - } + @jellyfin host jellyfin.akanealw.com + handle @jellyfin { + reverse_proxy 192.168.1.42:8096 + } - @jellyfin host jellyfin.wettsten.com - handle @jellyfin { - reverse_proxy 192.168.1.42:8096 - } - -# -------------------------------------------------- -# external subdomains with authelia -# -# -# @ host .wettsten.com -# handle @ { -# import auth -# reverse_proxy 192.168.1. -# } -# -# -# -------------------------------------------------- - - @whoami host whoami.wettsten.com - handle @whoami { - import auth - reverse_proxy whoami:80 - } + # -------------------------------------------------- + # external subdomains with authelia + # + # + # @ host .akanealw.com + # handle @ { + # import auth + # reverse_proxy 192.168.1. + # } + # + # @ host .akanealw.com + # handle @ { + # handle @external { + # import auth + # } + # reverse_proxy 192.168.1. + # } + # + # -------------------------------------------------- + @docmost host docmost.akanealw.com + handle @docmost { + import auth + reverse_proxy 192.168.1.4:3300 + } }