akanealw/proxyserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c4a44422a2e30bc92287649b4aef356e0d955eae
proxyserver/reverseproxy/caddy/Caddyfile

176 lines
4.9 KiB
Caddyfile
Raw Blame History

# --------------------------------------------------
# global options
# --------------------------------------------------
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
# log {
# output file caddy.log
# level info
# }
}
# --------------------------------------------------
# cloudflare tls snippet for sites
# --------------------------------------------------
(cloudflare) {
tls {
dns cloudflare {env.DNS_PROVIDER_TOKEN}
resolvers 1.1.1.1 8.8.8.8
}
}
# --------------------------------------------------
# auth snippet for authentik
# --------------------------------------------------
(auth) {
reverse_proxy /outpost.goauthentik.io/* authentik-server:9000
forward_auth authentik-server:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
}
}
# --------------------------------------------------
# akanealw.com root domain
# --------------------------------------------------
akanealw.com {
import cloudflare
@homepage host akanealw.com
handle @homepage {
import auth
reverse_proxy 192.168.1.30:3005
}
}
# --------------------------------------------------
# authentik subdomain
# --------------------------------------------------
authentik.akanealw.com {
import cloudflare
reverse_proxy authentik-server:9000
}
# --------------------------------------------------
# *.akanealw.com subdomains
# --------------------------------------------------
*.akanealw.com {
# --------------------------------------------------
# internal only subdomains
# --------------------------------------------------
@allowed client_ip private_ranges
import cloudflare
@dockge host dockge.akanealw.com
handle @dockge {
handle @allowed {
reverse_proxy dockge:5001
}
respond "ip range not allowed"
}
@dozzle host dozzle.akanealw.com
handle @dozzle {
handle @allowed {
reverse_proxy dozzle:8080
}
respond "ip range not allowed"
}
@adguard1 host adguard1.akanealw.com
handle @adguard1 {
handle @allowed {
reverse_proxy 192.168.1.2:80
}
respond "ip range not allowed"
}
# --------------------------------------------------
# external subdomains without authentik
# --------------------------------------------------
@bitwarden host bitwarden.akanealw.com
handle @bitwarden {
reverse_proxy 192.168.1.4:8089
}
@giteadocker host gitea-docker.akanealw.com
handle @giteadocker {
reverse_proxy 192.168.1.4:3001
}
@gitea host gitea.akanealw.com
handle @gitea {
reverse_proxy 192.168.1.50:3000
}
# --------------------------------------------------
# external subdomains with authentik
# --------------------------------------------------
@adguard2 host adguard2.akanealw.com
handle @adguard2 {
import auth
reverse_proxy 192.168.1.3:80
}
@filebrowser host filebrowser.akanealw.com
@bypassfilebrowser {
path /api/*
path /share/*
path /static/*
path /assets/*
}
@loginfilebrowser {
path /login*
}
handle @filebrowser {
handle @bypassfilebrowser {
reverse_proxy 192.168.1.30:8484
}
}
handle @filebrowser {
handle @loginfilebrowser {
import auth
reverse_proxy 192.168.1.30:8484
}
}
handle @filebrowser {
import auth
reverse_proxy 192.168.1.30:8484
}
}
# --------------------------------------------------
# aknlw.com root domain
# --------------------------------------------------
aknlw.com {
import cloudflare
@shlink host aknlw.com
handle @shlink {
reverse_proxy 192.168.1.30:8380
}
}
# --------------------------------------------------
# *.aknlw.com subdomains
# --------------------------------------------------
repo.aknlw.com {
import cloudflare
reverse_proxy 192.168.1.50:3000
}
Reference in New Issue View Git Blame Copy Permalink