# -------------------------------------------------- # global options # -------------------------------------------------- { acme_ca https://acme-v02.api.letsencrypt.org/directory admin :2019 # log { # output file caddy.log # level info # } } # -------------------------------------------------- # cloudflare tls snippet for sites # -------------------------------------------------- (cloudflare) { tls { dns cloudflare {env.DNS_PROVIDER_TOKEN} resolvers 1.1.1.1 1.0.0.1 } } # -------------------------------------------------- # auth snippet for authentik # -------------------------------------------------- (auth) { reverse_proxy /outpost.goauthentik.io/* authentik-server:9000 forward_auth authentik-server:9000 { uri /outpost.goauthentik.io/auth/caddy copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version trusted_proxies private_ranges } } # -------------------------------------------------- # akanealw.com root domain # -------------------------------------------------- akanealw.com { import cloudflare @akanealwcom host akanealw.com handle @akanealwcom { import auth reverse_proxy 192.168.1.4:3005 } } # -------------------------------------------------- # authentik subdomain # -------------------------------------------------- authentik.akanealw.com { import cloudflare reverse_proxy authentik-server:9000 } # -------------------------------------------------- # *.akanealw.com subdomains # -------------------------------------------------- *.akanealw.com { # -------------------------------------------------- # internal only subdomains # # # @ host .akanealw.com # handle @ { # handle @allowed { # reverse_proxy 192.168.1. # } # respond "ip range not allowed" # } # # # @ host .akanealw.com # handle @ { # handle @allowed { # reverse_proxy https://192.168.1. { # transport http { # tls_insecure_skip_verify # } # } # } # respond "ip range not allowed" # } # # # -------------------------------------------------- @allowed client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 import cloudflare @linkwarden host linkwarden.akanealw.com handle @linkwarden { handle @allowed { reverse_proxy 192.168.1.4:3232 } respond "ip range not allowed" } @adguard1 host adguardserver1.akanealw.com handle @adguard1 { handle @allowed { reverse_proxy 192.168.1.2:80 } respond "ip range not allowed" } @adguard2 host adguardserver2.akanealw.com handle @adguard2 { handle @allowed { reverse_proxy 192.168.1.3:80 } respond "ip range not allowed" } @adguard3 host adguardserver1.akanealw.com handle @adguard3 { handle @allowed { reverse_proxy 192.168.1.4:3000 } respond "ip range not allowed" } @bale host bale.akanealw.com handle @bale { handle @allowed { reverse_proxy 192.168.1.51:8080 } respond "ip range not allowed" } @cronicle host cronicle.akanealw.com handle @cronicle { handle @allowed { reverse_proxy 192.168.1.30:3012 } respond "ip range not allowed" } @devdockge host dev-dockge.akanealw.com handle @devdockge { handle @allowed { reverse_proxy 192.168.1.35:5001 } respond "ip range not allowed" } @devdozzle host dev-dozzle.akanealw.com handle @devdozzle { handle @allowed { reverse_proxy 192.168.1.35:8080 } respond "ip range not allowed" } @dockerdockge host dockerserver-dockge.akanealw.com handle @dockerdockge { handle @allowed { reverse_proxy 192.168.1.30:5001 } respond "ip range not allowed" } @dockerdozzle host dockerserver-dozzle.akanealw.com handle @dockerdozzle { handle @allowed { reverse_proxy 192.168.1.30:8080 } respond "ip range not allowed" } @dockertestdockge host dockerservertest-dockge.akanealw.com handle @dockertestdockge { handle @allowed { reverse_proxy 192.168.1.33:5001 } respond "ip range not allowed" } @dockertestdozzle host dockerservertest-dozzle.akanealw.com handle @dockertestdozzle { handle @allowed { reverse_proxy 192.168.1.33:8080 } respond "ip range not allowed" } @proxyserverdockge host proxyserver-dockge.akanealw.com handle @proxyserverdockge { handle @allowed { reverse_proxy 192.168.1.4:5001 } respond "ip range not allowed" } @proxyserverdozzle host proxyserver-dozzle.akanealw.com handle @proxyserverdozzle { handle @allowed { reverse_proxy 192.168.1.4:8080 } respond "ip range not allowed" } @files host files.akanealw.com handle @files { handle @allowed { redir / /files{uri} reverse_proxy 192.168.1.50:80 } respond "ip range not allowed" } @icons host icons.akanealw.com handle @icons { handle @allowed { rewrite * /files/icons{uri} reverse_proxy 192.168.1.50:80 } respond "ip range not allowed" } @gluetun host gluetun.akanealw.com handle @gluetun { handle @allowed { reverse_proxy 192.168.1.30:8777 } respond "ip range not allowed" } @peanut host peanut.akanealw.com handle @peanut { handle @allowed { reverse_proxy 192.168.1.30:8980 } respond "ip range not allowed" } @photoprism host photoprism.akanealw.com handle @photoprism { handle @allowed { reverse_proxy 192.168.1.30:2342 } respond "ip range not allowed" } @photoprismdadandmom host photos.akanealw.com handle @photoprismdadandmom { handle @allowed { reverse_proxy 192.168.1.25:2342 } respond "ip range not allowed" } @proxmox1 host proxmox1.akanealw.com handle @proxmox1 { handle @allowed { reverse_proxy https://192.168.1.51:8006 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @proxmox2 host proxmox2.akanealw.com handle @proxmox2 { handle @allowed { reverse_proxy https://192.168.1.52:8006 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @proxmoxbackup host proxmoxbackup.akanealw.com handle @proxmoxbackup { handle @allowed { reverse_proxy https://192.168.1.51:8007 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @router host router.akanealw.com handle @router { handle @allowed { reverse_proxy https://192.168.1.1:443 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @rssbridge host rss-bridge.akanealw.com handle @rssbridge { handle @allowed { reverse_proxy 192.168.1.30:3006 } respond "ip range not allowed" } @invidious host invidious.akanealw.com handle @invidious { handle @allowed { reverse_proxy 192.168.1.30:3000 } respond "ip range not allowed" } @scripts host scripts.akanealw.com handle @scripts { handle @allowed { redir / /scripts{uri} reverse_proxy 192.168.1.50:80 } respond "ip range not allowed" } @speedtest host speedtest.akanealw.com handle @speedtest { handle @allowed { reverse_proxy 192.168.1.30:8765 } respond "ip range not allowed" } @dockersyncthing host dockerserver-syncthing.akanealw.com handle @dockersyncthing { handle @allowed { reverse_proxy https://192.168.1.30:8384 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @gamingpcsyncthing host gamingpc-syncthing.akanealw.com handle @gamingpcsyncthing { handle @allowed { reverse_proxy https://192.168.1.11:8384 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @laptoppcsyncthing host laptoppc-syncthing.akanealw.com handle @laptoppcsyncthing { handle @allowed { reverse_proxy https://192.168.1.12:8384 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @webmin host webmin.akanealw.com handle @webmin { handle @allowed { reverse_proxy https://192.168.1.51:10000 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @wireguardui host wireguardui.akanealw.com handle @wireguardui { handle @allowed { reverse_proxy 192.168.1.4:5000 } respond "ip range not allowed" } @zabbix host zabbix.akanealw.com handle @zabbix { handle @allowed { reverse_proxy 192.168.1.44:8080 } respond "ip range not allowed" } @piholewg host pihole-wg.akanealw.com handle @piholewg { handle @allowed { redir / /admin{uri} reverse_proxy 192.168.1.4:3000 } respond "ip range not allowed" } # -------------------------------------------------- # external subdomains without authentik # # # @ host .akanealw.com # handle @ { # reverse_proxy 192.168.1. # } # # # -------------------------------------------------- @bitwarden host bitwarden.akanealw.com handle @bitwarden { reverse_proxy 192.168.1.4:8089 } @giteadocker host gitea-docker.akanealw.com handle @giteadocker { reverse_proxy 192.168.1.4:3001 } @gitea host gitea.akanealw.com handle @gitea { reverse_proxy 192.168.1.50:3000 } @jellyfin host jellyfin.akanealw.com handle @jellyfin { reverse_proxy 192.168.1.42:8096 } @whoami host whoami.akanealw.com handle @whoami { reverse_proxy whoami:80 } # -------------------------------------------------- # external subdomains with authentik # # # @ host .akanealw.com # handle @ { # import auth # reverse_proxy 192.168.1. # } # # # -------------------------------------------------- @homepage host www.akanealw.com handle @homepage { import auth reverse_proxy 192.168.1.4:3005 } @filebrowser host filebrowser.akanealw.com handle @filebrowser { import auth reverse_proxy 192.168.1.30:8484 } @archive host archive.akanealw.com handle @archive { import auth reverse_proxy 192.168.1.30:8283 } @archivebox host archivebox.akanealw.com handle @archivebox { import auth reverse_proxy 192.168.1.30:8283 } @codeserver host codeserver.akanealw.com handle @codeserver { import auth reverse_proxy 192.168.1.50:3001 } @freshrss host freshrss.akanealw.com handle @freshrss { import auth reverse_proxy 192.168.1.30:8088 } @jackett host jackett.akanealw.com handle @jackett { import auth reverse_proxy 192.168.1.30:9117 } @jdownloader host jdownloader.akanealw.com handle @jdownloader { import auth reverse_proxy 192.168.1.30:5800 } @jellyseerr host jellyseerr.akanealw.com handle @jellyseerr { import auth reverse_proxy 192.168.1.30:5056 } @kavita host kavita.akanealw.com handle @kavita { import auth reverse_proxy 192.168.1.30:5002 } @lidarr host lidarr.akanealw.com handle @lidarr { import auth reverse_proxy 192.168.1.30:8686 } @metube host metube.akanealw.com handle @metube { import auth reverse_proxy 192.168.1.30:8082 } @mstream host mstream.akanealw.com handle @mstream { import auth reverse_proxy 192.168.1.30:3001 } @nzbhydra host nzbhydra.akanealw.com handle @nzbhydra { import auth reverse_proxy 192.168.1.30:5076 } @olivetin host olivetin.akanealw.com handle @olivetin { import auth reverse_proxy 192.168.1.30:1337 } @opengist host opengist.akanealw.com handle @opengist { import auth reverse_proxy 192.168.1.30:6157 } @paperless host paperless.akanealw.com handle @paperless { import auth reverse_proxy 192.168.1.30:8112 } @prowlarr host prowlarr.akanealw.com handle @prowlarr { import auth reverse_proxy 192.168.1.30:9696 } @qbittorrent host qbittorrent.akanealw.com handle @qbittorrent { import auth reverse_proxy 192.168.1.30:8282 } @radarr host radarr.akanealw.com handle @radarr { import auth reverse_proxy 192.168.1.30:7878 } @sabnzbd host sabnzbd.akanealw.com handle @sabnzbd { import auth reverse_proxy 192.168.1.30:8181 } @shlinkweb host shlink.akanealw.com handle @shlinkweb { import auth reverse_proxy 192.168.1.30:8381 } @sonarr host sonarr.akanealw.com handle @sonarr { import auth reverse_proxy 192.168.1.30:8989 } @spdf host spdf.akanealw.com handle @spdf { import auth reverse_proxy 192.168.1.30:8086 } @ittools host it-tools.akanealw.com handle @ittools { import auth reverse_proxy 192.168.1.30:8383 } @wikidocs host wiki.akanealw.com handle @wikidocs { import auth reverse_proxy 192.168.1.30:8022 } } # -------------------------------------------------- # aknlw.com root domain # -------------------------------------------------- aknlw.com { import cloudflare @shlink host aknlw.com handle @shlink { reverse_proxy 192.168.1.30:8380 } } # -------------------------------------------------- # *.aknlw.com subdomains # -------------------------------------------------- repo.aknlw.com { import cloudflare reverse_proxy 192.168.1.50:3000 }