removed authelia and caddy
This commit is contained in:
@@ -1,33 +0,0 @@
|
||||
services:
|
||||
authelia:
|
||||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
environment:
|
||||
TZ: America/Chicago
|
||||
networks:
|
||||
- authelia
|
||||
- reverse-proxy
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
disable: true
|
||||
volumes:
|
||||
- ./config:/config
|
||||
- ./config/users_database.yml:/etc/authelia/users_database.yml
|
||||
- ./authelia.log:/etc/authelia/authelia.log
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
container_name: redis
|
||||
environment:
|
||||
TZ: America/Chicago
|
||||
networks:
|
||||
- authelia
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./redis:/data
|
||||
|
||||
networks:
|
||||
authelia:
|
||||
name: authelia
|
||||
reverse-proxy:
|
||||
external: true
|
||||
@@ -1,111 +0,0 @@
|
||||
---
|
||||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
theme: dark
|
||||
|
||||
server:
|
||||
address: 'tcp://:9091'
|
||||
endpoints:
|
||||
authz:
|
||||
forward-auth:
|
||||
implementation: 'ForwardAuth'
|
||||
|
||||
log:
|
||||
level: 'info'
|
||||
format: 'text'
|
||||
file_path: '/etc/authelia/authelia.log'
|
||||
keep_stdout: false
|
||||
|
||||
totp:
|
||||
issuer: 'authelia.com'
|
||||
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: '2b8a78f3ac1784ef6aab3899c663e1010c60d3a9de694550879da349fe222923'
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: '/etc/authelia/users_database.yml'
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
networks:
|
||||
- name: internal
|
||||
networks:
|
||||
- '10.0.0.0/8'
|
||||
- '172.16.0.0/12'
|
||||
- '192.168.0.0/16'
|
||||
rules:
|
||||
# bypass all domains and subdomains from local ips
|
||||
- domain:
|
||||
- 'aknlw.com'
|
||||
- 'akanealw.com'
|
||||
- '*.akanealw.com'
|
||||
networks:
|
||||
- 'internal'
|
||||
policy: bypass
|
||||
# bypass api for subdomains
|
||||
- domain:
|
||||
- '*.akanealw.com'
|
||||
resources:
|
||||
- '^/api([/?].*)?$'
|
||||
- '^/add([/?].*)?$'
|
||||
- '^/public([/?].*)?$'
|
||||
policy: bypass
|
||||
# bypass specific subdomains
|
||||
- domain:
|
||||
- 'aknlw.com'
|
||||
- 'bitwarden.akanealw.com'
|
||||
- 'gitea.akanealw.com'
|
||||
- 'nextcloud.akanealw.com'
|
||||
policy: bypass
|
||||
# bypass filebrowser shares
|
||||
- domain:
|
||||
- 'filebrowser.akanealw.com'
|
||||
resources:
|
||||
- '^/api([/?].*)?$'
|
||||
- '^/share([/?].*)?$'
|
||||
- '^/static([/?].*)?$'
|
||||
policy: bypass
|
||||
# two_factor subdomains
|
||||
- domain:
|
||||
- 'akanealw.com'
|
||||
- '*.akanealw.com'
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
secret: 'ffc343d98b87910edcddb1f0dac4b492b62e29b5eafa92f1c213f37c4669f243'
|
||||
|
||||
cookies:
|
||||
- name: 'authelia_session'
|
||||
domain: 'akanealw.com'
|
||||
authelia_url: 'https://auth.akanealw.com'
|
||||
default_redirection_url: 'https://akanealw.com'
|
||||
expiration: '1 hour'
|
||||
inactivity: '5 minutes'
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: '2 minutes'
|
||||
ban_time: '5 minutes'
|
||||
|
||||
storage:
|
||||
encryption_key: 'cbd7570c1795cba61f05baf419b7cee23fa144d512bda2ea57ba300afa6b33bf'
|
||||
local:
|
||||
path: '/etc/authelia/db.sqlite3'
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
username: 'akanealw@gmail.com'
|
||||
password: 'hbpusnyzhdlfryor'
|
||||
address: 'smtp://smtp.gmail.com:587'
|
||||
sender: 'akanealw@gmail.com'
|
||||
|
||||
ntp:
|
||||
address: 'udp://time.windows.com:123'
|
||||
version: 3
|
||||
max_desync: '3s'
|
||||
disable_startup_check: false
|
||||
disable_failure: false
|
||||
@@ -1,13 +0,0 @@
|
||||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
akanealw:
|
||||
disabled: false
|
||||
displayname: 'akanealw'
|
||||
password: '$argon2id$v=19$m=65536,t=3,p=4$6AmaGZ36i4TJLeDyEXCVMg$UX7fUbNh5mc1e0hPu+0L1RzlCZJuUQCUp5xViiB7MAc'
|
||||
email: 'akanealw@gmail.com'
|
||||
@@ -1,2 +0,0 @@
|
||||
CROWDSEC_API_KEY=uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
|
||||
DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
|
||||
@@ -1,13 +0,0 @@
|
||||
ARG CADDY_VERSION=2
|
||||
|
||||
FROM caddy:${CADDY_VERSION}-builder-alpine AS builder
|
||||
|
||||
RUN xcaddy build \
|
||||
--with github.com/mholt/caddy-l4 \
|
||||
--with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
|
||||
--with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main \
|
||||
--with github.com/caddy-dns/cloudflare
|
||||
|
||||
FROM caddy:${CADDY_VERSION} AS caddy
|
||||
|
||||
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
|
||||
@@ -1,721 +0,0 @@
|
||||
# --------------------------------------------------
|
||||
# global options
|
||||
# --------------------------------------------------
|
||||
{
|
||||
acme_ca https://acme-v02.api.letsencrypt.org/directory
|
||||
|
||||
admin :2019
|
||||
log {
|
||||
output file /var/log/caddy/caddy.log
|
||||
level info
|
||||
}
|
||||
|
||||
servers {
|
||||
trusted_proxies static private_ranges
|
||||
}
|
||||
|
||||
crowdsec {
|
||||
api_url http://crowdsec:8080
|
||||
api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
|
||||
ticker_interval 15s
|
||||
#disable_streaming
|
||||
#enable_hard_fails
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# cloudflare tls snippet for sites
|
||||
# --------------------------------------------------
|
||||
|
||||
(cloudflare) {
|
||||
tls {
|
||||
dns cloudflare BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
|
||||
resolvers 1.1.1.1 1.0.0.1
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# auth snippet for authelia
|
||||
# --------------------------------------------------
|
||||
|
||||
(auth) {
|
||||
forward_auth authelia:9091 {
|
||||
uri /api/authz/forward-auth
|
||||
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# akanealw.com root domain
|
||||
# --------------------------------------------------
|
||||
|
||||
akanealw.com {
|
||||
import cloudflare
|
||||
@akanealwcom host akanealw.com
|
||||
handle @akanealwcom {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:3005
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# authelia subdomain
|
||||
# --------------------------------------------------
|
||||
|
||||
auth.akanealw.com {
|
||||
import cloudflare
|
||||
reverse_proxy authelia:9091
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# *.akanealw.com subdomains
|
||||
# --------------------------------------------------
|
||||
|
||||
*.akanealw.com {
|
||||
|
||||
# --------------------------------------------------
|
||||
# external subdomains without authelia
|
||||
#
|
||||
#
|
||||
# @ host .akanealw.com
|
||||
# handle @ {
|
||||
# reverse_proxy 192.168.1.
|
||||
# }
|
||||
#
|
||||
#
|
||||
# @ host .akanealw.com
|
||||
# handle @ {
|
||||
# reverse_proxy https://192.168.1. {
|
||||
# transport http {
|
||||
# tls_insecure_skip_verify
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# --------------------------------------------------
|
||||
|
||||
@internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
|
||||
@external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
|
||||
import cloudflare
|
||||
|
||||
|
||||
@bitwarden host bitwarden.akanealw.com
|
||||
handle @bitwarden {
|
||||
reverse_proxy 192.168.1.30:8089
|
||||
}
|
||||
|
||||
@giteadocker host gitea-docker.akanealw.com
|
||||
handle @giteadocker {
|
||||
reverse_proxy 192.168.1.30:3100
|
||||
}
|
||||
|
||||
@gitea host gitea.akanealw.com
|
||||
handle @gitea {
|
||||
reverse_proxy 192.168.1.50:3000
|
||||
}
|
||||
|
||||
@jellyfin host jellyfin.akanealw.com
|
||||
handle @jellyfin {
|
||||
reverse_proxy 192.168.1.30:8096
|
||||
}
|
||||
|
||||
@headscale host headscale.akanealw.com
|
||||
handle @headscale {
|
||||
reverse_proxy 192.168.1.32:8080
|
||||
}
|
||||
|
||||
@nextcloud host nextcloud.akanealw.com
|
||||
handle @nextcloud {
|
||||
reverse_proxy https://192.168.1.30:443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# external subdomains with authelia
|
||||
#
|
||||
#
|
||||
# @ host .akanealw.com
|
||||
# handle @ {
|
||||
# import auth
|
||||
# reverse_proxy 192.168.1.
|
||||
# }
|
||||
#
|
||||
# @ host .akanealw.com
|
||||
# handle @ {
|
||||
# import auth
|
||||
# reverse_proxy https://192.168.1. {
|
||||
# transport http {
|
||||
# tls_insecure_skip_verify
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
#
|
||||
#
|
||||
# --------------------------------------------------
|
||||
|
||||
@docmost host docmost.akanealw.com
|
||||
handle @docmost {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:3300
|
||||
}
|
||||
|
||||
@memos host memos.akanealw.com
|
||||
handle @memos {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:5230
|
||||
}
|
||||
|
||||
@whoami host whoami.akanealw.com
|
||||
handle @whoami {
|
||||
import auth
|
||||
reverse_proxy whoami:80
|
||||
}
|
||||
|
||||
@wallos host wallos.akanealw.com
|
||||
handle @wallos {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8389
|
||||
}
|
||||
|
||||
@homepage host www.akanealw.com
|
||||
handle @homepage {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:3005
|
||||
}
|
||||
|
||||
@filebrowser host filebrowser.akanealw.com
|
||||
handle @filebrowser {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8484
|
||||
}
|
||||
|
||||
@archive host archive.akanealw.com
|
||||
handle @archive {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8283
|
||||
}
|
||||
|
||||
@archivebox host archivebox.akanealw.com
|
||||
handle @archivebox {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8283
|
||||
}
|
||||
|
||||
@codeserver host codeserver.akanealw.com
|
||||
handle @codeserver {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.50:3001
|
||||
}
|
||||
|
||||
@freshrss host freshrss.akanealw.com
|
||||
handle @freshrss {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8088
|
||||
}
|
||||
|
||||
@jackett host jackett.akanealw.com
|
||||
handle @jackett {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:9117
|
||||
}
|
||||
|
||||
@jdownloader host jdownloader.akanealw.com
|
||||
handle @jdownloader {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:5800
|
||||
}
|
||||
|
||||
@jellyseerr host jellyseerr.akanealw.com
|
||||
handle @jellyseerr {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:5056
|
||||
}
|
||||
|
||||
@kavita host kavita.akanealw.com
|
||||
handle @kavita {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:5002
|
||||
}
|
||||
|
||||
@lidarr host lidarr.akanealw.com
|
||||
handle @lidarr {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8686
|
||||
}
|
||||
|
||||
@metube host metube.akanealw.com
|
||||
handle @metube {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8082
|
||||
}
|
||||
|
||||
@mstream host mstream.akanealw.com
|
||||
handle @mstream {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:3001
|
||||
}
|
||||
|
||||
@nzbhydra host nzbhydra.akanealw.com
|
||||
handle @nzbhydra {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:5076
|
||||
}
|
||||
|
||||
@olivetin host olivetin.akanealw.com
|
||||
handle @olivetin {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:1337
|
||||
}
|
||||
|
||||
@opengist host opengist.akanealw.com
|
||||
handle @opengist {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:6157
|
||||
}
|
||||
|
||||
@paperless host paperless.akanealw.com
|
||||
handle @paperless {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8112
|
||||
}
|
||||
|
||||
@prowlarr host prowlarr.akanealw.com
|
||||
handle @prowlarr {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:9696
|
||||
}
|
||||
|
||||
@qbittorrent host qbittorrent.akanealw.com
|
||||
handle @qbittorrent {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8282
|
||||
}
|
||||
|
||||
@radarr host radarr.akanealw.com
|
||||
handle @radarr {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:7878
|
||||
}
|
||||
|
||||
@sabnzbd host sabnzbd.akanealw.com
|
||||
handle @sabnzbd {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8181
|
||||
}
|
||||
|
||||
@shlinkweb host shlink.akanealw.com
|
||||
handle @shlinkweb {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8381
|
||||
}
|
||||
|
||||
@sonarr host sonarr.akanealw.com
|
||||
handle @sonarr {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8989
|
||||
}
|
||||
|
||||
@spdf host spdf.akanealw.com
|
||||
handle @spdf {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8086
|
||||
}
|
||||
|
||||
@ittools host it-tools.akanealw.com
|
||||
handle @ittools {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8383
|
||||
}
|
||||
|
||||
@wikidocs host wiki.akanealw.com
|
||||
handle @wikidocs {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.30:8022
|
||||
}
|
||||
|
||||
|
||||
# --------------------------------------------------
|
||||
# internal only subdomains
|
||||
#
|
||||
#
|
||||
# @ host .akanealw.com
|
||||
# handle @ {
|
||||
# handle @internal {
|
||||
# reverse_proxy 192.168.1.
|
||||
# }
|
||||
# respond "ip range not allowed"
|
||||
# }
|
||||
#
|
||||
#
|
||||
# @ host .akanealw.com
|
||||
# handle @ {
|
||||
# handle @internal {
|
||||
# reverse_proxy https://192.168.1. {
|
||||
# transport http {
|
||||
# tls_insecure_skip_verify
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
# respond "ip range not allowed"
|
||||
# }
|
||||
#
|
||||
#
|
||||
# --------------------------------------------------
|
||||
|
||||
@localshare host localshare.akanealw.com
|
||||
handle @localshare {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:8385
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@checkmk host checkmk.akanealw.com
|
||||
handle @checkmk {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:8888
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@linkwarden host linkwarden.akanealw.com
|
||||
handle @linkwarden {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:3232
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@adguardhome host adguardhome.akanealw.com
|
||||
handle @adguardhome {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.1:3000
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@adguard1 host adguardserver1.akanealw.com
|
||||
handle @adguard1 {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.2:80
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@adguard2 host adguardserver2.akanealw.com
|
||||
handle @adguard2 {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.3:80
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@bale host bale.akanealw.com
|
||||
handle @bale {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.51:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@cronicle host cronicle.akanealw.com
|
||||
handle @cronicle {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:3012
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@devdockge host dev-dockge.akanealw.com
|
||||
handle @devdockge {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.35:5001
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@devdozzle host dev-dozzle.akanealw.com
|
||||
handle @devdozzle {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.35:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@dockerdockge host dockerserver-dockge.akanealw.com
|
||||
handle @dockerdockge {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:5001
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@dockerdozzle host dockerserver-dozzle.akanealw.com
|
||||
handle @dockerdozzle {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@dockertestdockge host dockerservertest-dockge.akanealw.com
|
||||
handle @dockertestdockge {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.33:5001
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@dockertestdozzle host dockerservertest-dozzle.akanealw.com
|
||||
handle @dockertestdozzle {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.33:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@reverseproxydockge host reverseproxy-dockge.akanealw.com
|
||||
handle @reverseproxydockge {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.4:5001
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@reverseproxydozzle host reverseproxy-dozzle.akanealw.com
|
||||
handle @reverseproxydozzle {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.4:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@files host files.akanealw.com
|
||||
handle @files {
|
||||
handle @internal {
|
||||
redir / /files{uri}
|
||||
reverse_proxy 192.168.1.50:80
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@icons host icons.akanealw.com
|
||||
handle @icons {
|
||||
handle @internal {
|
||||
rewrite * /files/icons{uri}
|
||||
reverse_proxy 192.168.1.50:80
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@peanut host peanut.akanealw.com
|
||||
handle @peanut {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:8980
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@photoprism host photoprism.akanealw.com
|
||||
handle @photoprism {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:2342
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@photoprismdadandmom host photos.akanealw.com
|
||||
handle @photoprismdadandmom {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.25:2342
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@proxmox1 host proxmox1.akanealw.com
|
||||
handle @proxmox1 {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.51:8006 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@proxmox2 host proxmox2.akanealw.com
|
||||
handle @proxmox2 {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.52:8006 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@proxmoxbackup host proxmoxbackup.akanealw.com
|
||||
handle @proxmoxbackup {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.51:8007 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@proxmoxbackup2 host proxmoxbackup2.akanealw.com
|
||||
handle @proxmoxbackup2 {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.52:8007 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@router host router.akanealw.com
|
||||
handle @router {
|
||||
handle @internal {
|
||||
reverse_proxy http://192.168.1.1:80
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@rssbridge host rss-bridge.akanealw.com
|
||||
handle @rssbridge {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:3006
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@invidious host invidious.akanealw.com
|
||||
handle @invidious {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:3000
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@scripts host scripts.akanealw.com
|
||||
handle @scripts {
|
||||
handle @internal {
|
||||
redir / /scripts{uri}
|
||||
reverse_proxy 192.168.1.50:80
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@speedtest host speedtest.akanealw.com
|
||||
handle @speedtest {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:8765
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@dockersyncthing host dockerserver-syncthing.akanealw.com
|
||||
handle @dockersyncthing {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.30:8384 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@gamingpcsyncthing host gamingpc-syncthing.akanealw.com
|
||||
handle @gamingpcsyncthing {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.11:8384 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@laptoppcsyncthing host laptoppc-syncthing.akanealw.com
|
||||
handle @laptoppcsyncthing {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.12:8384 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@webmin host webmin.akanealw.com
|
||||
handle @webmin {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.51:10000 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@wireguardui host wireguardui.akanealw.com
|
||||
handle @wireguardui {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.4:5000
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@zabbix host zabbix.akanealw.com
|
||||
handle @zabbix {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.44:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@adguardwg host adguard-wg.akanealw.com
|
||||
handle @adguardwg {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.4:3000
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
# --------------------------------------------------
|
||||
# aknlw.com root domain
|
||||
# --------------------------------------------------
|
||||
|
||||
aknlw.com {
|
||||
import cloudflare
|
||||
@shlink host aknlw.com
|
||||
handle @shlink {
|
||||
reverse_proxy 192.168.1.30:8380
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# *.aknlw.com subdomains
|
||||
# --------------------------------------------------
|
||||
|
||||
repo.aknlw.com {
|
||||
import cloudflare
|
||||
reverse_proxy 192.168.1.50:3000
|
||||
}
|
||||
@@ -1,53 +0,0 @@
|
||||
services:
|
||||
caddy:
|
||||
container_name: caddy
|
||||
build:
|
||||
context: ./
|
||||
target: caddy
|
||||
environment:
|
||||
- DNS_PROVIDER_TOKEN=${DNS_PROVIDER_TOKEN}
|
||||
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
networks:
|
||||
- crowdsec
|
||||
- reverse-proxy
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 2019:2019
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./caddy/data:/data
|
||||
- ./caddy:/etc/caddy
|
||||
- ./caddy/logs:/var/log/caddy
|
||||
|
||||
crowdsec:
|
||||
image: docker.io/crowdsecurity/crowdsec:latest
|
||||
container_name: crowdsec
|
||||
environment:
|
||||
- GID=1000
|
||||
- COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
|
||||
- BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
|
||||
security_opt:
|
||||
- no-new-privileges=true
|
||||
networks:
|
||||
- crowdsec
|
||||
- reverse-proxy
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./crowdsec/db:/var/lib/crowdsec/data/
|
||||
- ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
|
||||
- ./caddy/logs:/var/log/caddy:ro
|
||||
|
||||
whoami:
|
||||
image: traefik/whoami
|
||||
container_name: whoami
|
||||
networks:
|
||||
- reverse-proxy
|
||||
|
||||
networks:
|
||||
crowdsec:
|
||||
name: crowdsec
|
||||
reverse-proxy:
|
||||
external: true
|
||||
@@ -1,4 +0,0 @@
|
||||
filenames:
|
||||
- /var/log/caddy/*.log
|
||||
labels:
|
||||
type: caddy
|
||||
Reference in New Issue
Block a user