# -------------------------------------------------- # global options # -------------------------------------------------- { acme_ca https://acme-v02.api.letsencrypt.org/directory admin :2019 log { output file /var/log/caddy/caddy.log level info } servers { trusted_proxies static private_ranges } crowdsec { api_url http://localhost:8080 api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE ticker_interval 15s #disable_streaming #enable_hard_fails } } # -------------------------------------------------- # cloudflare tls snippet for sites # -------------------------------------------------- (cloudflare) { tls { dns cloudflare BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3 resolvers 1.1.1.1 1.0.0.1 } } # -------------------------------------------------- # auth snippet for authelia # -------------------------------------------------- (auth) { forward_auth localhost:9091 { uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Email Remote-Name } } # -------------------------------------------------- # akanealw.com root domain # -------------------------------------------------- akanealw.com { import cloudflare @akanealwcom host akanealw.com handle @akanealwcom { import auth reverse_proxy 192.168.1.30:3005 } } # -------------------------------------------------- # authelia subdomain # -------------------------------------------------- auth.akanealw.com { import cloudflare reverse_proxy localhost:9091 } # -------------------------------------------------- # *.akanealw.com subdomains # -------------------------------------------------- *.akanealw.com { # -------------------------------------------------- # external subdomains without authelia # # # @ host .akanealw.com # handle @ { # reverse_proxy 192.168.1. # } # # # @ host .akanealw.com # handle @ { # reverse_proxy https://192.168.1. { # transport http { # tls_insecure_skip_verify # } # } # } # # # -------------------------------------------------- @internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 @external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 import cloudflare @bitwarden host bitwarden.akanealw.com handle @bitwarden { reverse_proxy 192.168.1.30:8089 } @giteadocker host gitea-docker.akanealw.com handle @giteadocker { reverse_proxy 192.168.1.30:3100 } @gitea host gitea.akanealw.com handle @gitea { reverse_proxy 192.168.1.50:3000 } @jellyfin host jellyfin.akanealw.com handle @jellyfin { reverse_proxy 192.168.1.30:8096 } @headscale host headscale.akanealw.com handle @headscale { reverse_proxy 192.168.1.95:8888 } @nextcloud host nextcloud.akanealw.com handle @nextcloud { reverse_proxy https://192.168.1.30:443 { transport http { tls_insecure_skip_verify } } } # -------------------------------------------------- # external subdomains with authelia # # # @ host .akanealw.com # handle @ { # import auth # reverse_proxy 192.168.1. # } # # @ host .akanealw.com # handle @ { # import auth # reverse_proxy https://192.168.1. { # transport http { # tls_insecure_skip_verify # } # } # } # # # -------------------------------------------------- @docmost host docmost.akanealw.com handle @docmost { import auth reverse_proxy 192.168.1.30:3300 } @memos host memos.akanealw.com handle @memos { import auth reverse_proxy 192.168.1.30:5230 } @whoami host whoami.akanealw.com handle @whoami { import auth reverse_proxy localhost:80 } @wallos host wallos.akanealw.com handle @wallos { import auth reverse_proxy 192.168.1.30:8389 } @homepage host www.akanealw.com handle @homepage { import auth reverse_proxy 192.168.1.30:3005 } @filebrowser host filebrowser.akanealw.com handle @filebrowser { import auth reverse_proxy 192.168.1.30:8484 } @archive host archive.akanealw.com handle @archive { import auth reverse_proxy 192.168.1.30:8283 } @archivebox host archivebox.akanealw.com handle @archivebox { import auth reverse_proxy 192.168.1.30:8283 } @codeserver host codeserver.akanealw.com handle @codeserver { import auth reverse_proxy 192.168.1.50:3001 } @freshrss host freshrss.akanealw.com handle @freshrss { import auth reverse_proxy 192.168.1.30:8088 } @jackett host jackett.akanealw.com handle @jackett { import auth reverse_proxy 192.168.1.30:9117 } @jdownloader host jdownloader.akanealw.com handle @jdownloader { import auth reverse_proxy 192.168.1.30:5800 } @jellyseerr host jellyseerr.akanealw.com handle @jellyseerr { import auth reverse_proxy 192.168.1.30:5056 } @kavita host kavita.akanealw.com handle @kavita { import auth reverse_proxy 192.168.1.30:5002 } @lidarr host lidarr.akanealw.com handle @lidarr { import auth reverse_proxy 192.168.1.30:8686 } @metube host metube.akanealw.com handle @metube { import auth reverse_proxy 192.168.1.30:8082 } @mstream host mstream.akanealw.com handle @mstream { import auth reverse_proxy 192.168.1.30:3001 } @nzbhydra host nzbhydra.akanealw.com handle @nzbhydra { import auth reverse_proxy 192.168.1.30:5076 } @olivetin host olivetin.akanealw.com handle @olivetin { import auth reverse_proxy 192.168.1.30:1337 } @opengist host opengist.akanealw.com handle @opengist { import auth reverse_proxy 192.168.1.30:6157 } @paperless host paperless.akanealw.com handle @paperless { import auth reverse_proxy 192.168.1.30:8112 } @prowlarr host prowlarr.akanealw.com handle @prowlarr { import auth reverse_proxy 192.168.1.30:9696 } @qbittorrent host qbittorrent.akanealw.com handle @qbittorrent { import auth reverse_proxy 192.168.1.30:8282 } @radarr host radarr.akanealw.com handle @radarr { import auth reverse_proxy 192.168.1.30:7878 } @sabnzbd host sabnzbd.akanealw.com handle @sabnzbd { import auth reverse_proxy 192.168.1.30:8181 } @shlinkweb host shlink.akanealw.com handle @shlinkweb { import auth reverse_proxy 192.168.1.30:8381 } @sonarr host sonarr.akanealw.com handle @sonarr { import auth reverse_proxy 192.168.1.30:8989 } @spdf host spdf.akanealw.com handle @spdf { import auth reverse_proxy 192.168.1.30:8086 } @ittools host it-tools.akanealw.com handle @ittools { import auth reverse_proxy 192.168.1.30:8383 } @wikidocs host wiki.akanealw.com handle @wikidocs { import auth reverse_proxy 192.168.1.30:8022 } # -------------------------------------------------- # internal only subdomains # # # @ host .akanealw.com # handle @ { # handle @internal { # reverse_proxy 192.168.1. # } # respond "ip range not allowed" # } # # # @ host .akanealw.com # handle @ { # handle @internal { # reverse_proxy https://192.168.1. { # transport http { # tls_insecure_skip_verify # } # } # } # respond "ip range not allowed" # } # # # -------------------------------------------------- @localshare host localshare.akanealw.com handle @localshare { handle @internal { reverse_proxy 192.168.1.30:8385 } respond "ip range not allowed" } @checkmk host checkmk.akanealw.com handle @checkmk { handle @internal { reverse_proxy 192.168.1.30:8888 } respond "ip range not allowed" } @linkwarden host linkwarden.akanealw.com handle @linkwarden { handle @internal { reverse_proxy 192.168.1.30:3232 } respond "ip range not allowed" } @adguardhome host adguardhome.akanealw.com handle @adguardhome { handle @internal { reverse_proxy 192.168.1.1:3000 } respond "ip range not allowed" } @adguard1 host adguardserver1.akanealw.com handle @adguard1 { handle @internal { reverse_proxy 192.168.1.2:80 } respond "ip range not allowed" } @adguard2 host adguardserver2.akanealw.com handle @adguard2 { handle @internal { reverse_proxy 192.168.1.3:80 } respond "ip range not allowed" } @bale host bale.akanealw.com handle @bale { handle @internal { reverse_proxy 192.168.1.51:8080 } respond "ip range not allowed" } @cronicle host cronicle.akanealw.com handle @cronicle { handle @internal { reverse_proxy 192.168.1.30:3012 } respond "ip range not allowed" } @devdockge host dev-dockge.akanealw.com handle @devdockge { handle @internal { reverse_proxy 192.168.1.35:5001 } respond "ip range not allowed" } @devdozzle host dev-dozzle.akanealw.com handle @devdozzle { handle @internal { reverse_proxy 192.168.1.35:8080 } respond "ip range not allowed" } @dockerdockge host dockerserver-dockge.akanealw.com handle @dockerdockge { handle @internal { reverse_proxy 192.168.1.30:5001 } respond "ip range not allowed" } @dockerdozzle host dockerserver-dozzle.akanealw.com handle @dockerdozzle { handle @internal { reverse_proxy 192.168.1.30:8080 } respond "ip range not allowed" } @dockertestdockge host dockerservertest-dockge.akanealw.com handle @dockertestdockge { handle @internal { reverse_proxy 192.168.1.33:5001 } respond "ip range not allowed" } @dockertestdozzle host dockerservertest-dozzle.akanealw.com handle @dockertestdozzle { handle @internal { reverse_proxy 192.168.1.33:8080 } respond "ip range not allowed" } @proxyserverdockge host proxyserver-dockge.akanealw.com handle @proxyserverdockge { handle @internal { reverse_proxy 192.168.1.4:5001 } respond "ip range not allowed" } @proxyserverdozzle host proxyserver-dozzle.akanealw.com handle @proxyserverdozzle { handle @internal { reverse_proxy 192.168.1.4:8080 } respond "ip range not allowed" } @files host files.akanealw.com handle @files { handle @internal { redir / /files{uri} reverse_proxy 192.168.1.50:80 } respond "ip range not allowed" } @icons host icons.akanealw.com handle @icons { handle @internal { rewrite * /files/icons{uri} reverse_proxy 192.168.1.50:80 } respond "ip range not allowed" } @peanut host peanut.akanealw.com handle @peanut { handle @internal { reverse_proxy 192.168.1.30:8980 } respond "ip range not allowed" } @photoprism host photoprism.akanealw.com handle @photoprism { handle @internal { reverse_proxy 192.168.1.30:2342 } respond "ip range not allowed" } @photoprismdadandmom host photos.akanealw.com handle @photoprismdadandmom { handle @internal { reverse_proxy 192.168.1.25:2342 } respond "ip range not allowed" } @proxmox1 host proxmox1.akanealw.com handle @proxmox1 { handle @internal { reverse_proxy https://192.168.1.51:8006 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @proxmox2 host proxmox2.akanealw.com handle @proxmox2 { handle @internal { reverse_proxy https://192.168.1.52:8006 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @proxmoxbackup host proxmoxbackup.akanealw.com handle @proxmoxbackup { handle @internal { reverse_proxy https://192.168.1.51:8007 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @router host router.akanealw.com handle @router { handle @internal { reverse_proxy http://192.168.1.1:80 } respond "ip range not allowed" } @rssbridge host rss-bridge.akanealw.com handle @rssbridge { handle @internal { reverse_proxy 192.168.1.30:3006 } respond "ip range not allowed" } @invidious host invidious.akanealw.com handle @invidious { handle @internal { reverse_proxy 192.168.1.30:3000 } respond "ip range not allowed" } @scripts host scripts.akanealw.com handle @scripts { handle @internal { redir / /scripts{uri} reverse_proxy 192.168.1.50:80 } respond "ip range not allowed" } @speedtest host speedtest.akanealw.com handle @speedtest { handle @internal { reverse_proxy 192.168.1.30:8765 } respond "ip range not allowed" } @dockersyncthing host dockerserver-syncthing.akanealw.com handle @dockersyncthing { handle @internal { reverse_proxy https://192.168.1.30:8384 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @gamingpcsyncthing host gamingpc-syncthing.akanealw.com handle @gamingpcsyncthing { handle @internal { reverse_proxy https://192.168.1.11:8384 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @laptoppcsyncthing host laptoppc-syncthing.akanealw.com handle @laptoppcsyncthing { handle @internal { reverse_proxy https://192.168.1.12:8384 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @webmin host webmin.akanealw.com handle @webmin { handle @internal { reverse_proxy https://192.168.1.51:10000 { transport http { tls_insecure_skip_verify } } } respond "ip range not allowed" } @wireguardui host wireguardui.akanealw.com handle @wireguardui { handle @internal { reverse_proxy 192.168.1.4:5000 } respond "ip range not allowed" } @zabbix host zabbix.akanealw.com handle @zabbix { handle @internal { reverse_proxy 192.168.1.44:8080 } respond "ip range not allowed" } @piholewg host pihole-wg.akanealw.com handle @piholewg { handle @internal { redir / /admin{uri} reverse_proxy 192.168.1.4:3000 } respond "ip range not allowed" } } # -------------------------------------------------- # aknlw.com root domain # -------------------------------------------------- aknlw.com { import cloudflare @shlink host aknlw.com handle @shlink { reverse_proxy 192.168.1.30:8380 } } # -------------------------------------------------- # *.aknlw.com subdomains # -------------------------------------------------- repo.aknlw.com { import cloudflare reverse_proxy 192.168.1.50:3000 }