akanealw/reverseproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated files

Browse Source
This commit is contained in:
akanealw
2025-04-12 19:49:11 -05:00
parent 8ab215399a
commit bc0a96874f
6 changed files with 674 additions and 756 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@@ -1,8 +0,0 @@
FROM caddy:builder AS builder
RUN caddy-builder \
github.com/caddy-dns/cloudflare
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

655
caddy/Caddyfile Normal file → Executable file
View File

@@ -1,20 +1,26 @@
# --------------------------------------------------
# global options
# --------------------------------------------------
{
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
admin :2019
# output file caddy.log
# level info
# }
log {
output file /var/log/caddy/caddy.log
level info
}
servers {
trusted_proxies static private_ranges
}
crowdsec {
api_url http://localhost:8080
api_key uok9y/eKet7rhXxxGvgUNmMiKsAxxh2JJd4rsGvCDoE
ticker_interval 15s
#disable_streaming
#enable_hard_fails
}
}
# --------------------------------------------------
@@ -22,30 +28,21 @@
# --------------------------------------------------
(cloudflare) {
dns cloudflare {env.DNS_PROVIDER_TOKEN}
resolvers 1.1.1.1 1.0.0.1
}
}
tls {
dns cloudflare BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
resolvers 1.1.1.1 1.0.0.1
}
}
# --------------------------------------------------
# --------------------------------------------------
# auth snippet for authelia
# --------------------------------------------------
reverse_proxy /outpost.goauthentik.io/* authentik-server:9000
forward_auth authentik-server:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
}
}
(auth) {
(auth) {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
}
# --------------------------------------------------
@@ -53,21 +50,12 @@
# --------------------------------------------------
akanealw.com {
@akanealwcom host akanealw.com
handle @akanealwcom {
import auth
reverse_proxy 192.168.1.4:3005
}
}
# --------------------------------------------------
# authentik subdomain
# --------------------------------------------------
authentik.akanealw.com {
import cloudflare
reverse_proxy authentik-server:9000
}
import cloudflare
@akanealwcom host akanealw.com
handle @akanealwcom {
import auth
reverse_proxy 192.168.1.4:3005
}
}
# --------------------------------------------------
@@ -75,595 +63,26 @@ authentik.akanealw.com {
# --------------------------------------------------
auth.akanealw.com {
reverse_proxy authelia:9091
}
import cloudflare
reverse_proxy localhost:9091
}
# --------------------------------------------------
# *.akanealw.com subdomains
# --------------------------------------------------
# --------------------------------------------------
# internal only subdomains
#
#
# @ host .akanealw.com
# handle @ {
# handle @internal {
# reverse_proxy 192.168.1.
# }
# respond "ip range not allowed"
# }
#
#
# @ host .akanealw.com
# handle @ {
# handle @internal {
# reverse_proxy https://192.168.1. {
# transport http {
# tls_insecure_skip_verify
# }
# }
# }
# respond "ip range not allowed"
# }
#
#
# --------------------------------------------------
@internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
@external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
import cloudflare
@checkmk host checkmk.akanealw.com
handle @checkmk {
handle @internal {
reverse_proxy 192.168.1.4:8888
}
respond "ip range not allowed"
}
@linkwarden host linkwarden.akanealw.com
handle @linkwarden {
handle @internal {
reverse_proxy 192.168.1.4:3232
}
respond "ip range not allowed"
}
@adguard1 host adguardserver1.akanealw.com
handle @adguard1 {
handle @internal {
reverse_proxy 192.168.1.2:80
}
respond "ip range not allowed"
}
@adguard2 host adguardserver2.akanealw.com
handle @adguard2 {
handle @internal {
reverse_proxy 192.168.1.3:80
}
respond "ip range not allowed"
}
@bale host bale.akanealw.com
handle @bale {
handle @internal {
reverse_proxy 192.168.1.51:8080
}
respond "ip range not allowed"
}
@cronicle host cronicle.akanealw.com
handle @cronicle {
handle @internal {
reverse_proxy 192.168.1.30:3012
}
respond "ip range not allowed"
}
@devdockge host dev-dockge.akanealw.com
handle @devdockge {
handle @internal {
reverse_proxy 192.168.1.35:5001
}
respond "ip range not allowed"
}
@devdozzle host dev-dozzle.akanealw.com
handle @devdozzle {
handle @internal {
reverse_proxy 192.168.1.35:8080
}
respond "ip range not allowed"
}
@dockerdockge host dockerserver-dockge.akanealw.com
handle @dockerdockge {
handle @internal {
reverse_proxy 192.168.1.30:5001
}
respond "ip range not allowed"
}
@dockerdozzle host dockerserver-dozzle.akanealw.com
handle @dockerdozzle {
handle @internal {
reverse_proxy 192.168.1.30:8080
}
respond "ip range not allowed"
}
@dockertestdockge host dockerservertest-dockge.akanealw.com
handle @dockertestdockge {
handle @internal {
reverse_proxy 192.168.1.33:5001
}
respond "ip range not allowed"
}
@dockertestdozzle host dockerservertest-dozzle.akanealw.com
handle @dockertestdozzle {
handle @internal {
reverse_proxy 192.168.1.33:8080
}
respond "ip range not allowed"
}
@proxyserverdockge host proxyserver-dockge.akanealw.com
handle @proxyserverdockge {
handle @internal {
reverse_proxy 192.168.1.4:5001
}
respond "ip range not allowed"
}
@proxyserverdozzle host proxyserver-dozzle.akanealw.com
handle @proxyserverdozzle {
handle @internal {
reverse_proxy 192.168.1.4:8080
}
respond "ip range not allowed"
}
@files host files.akanealw.com
handle @files {
handle @internal {
redir / /files{uri}
reverse_proxy 192.168.1.50:80
}
respond "ip range not allowed"
}
@icons host icons.akanealw.com
handle @icons {
handle @internal {
rewrite * /files/icons{uri}
reverse_proxy 192.168.1.50:80
}
respond "ip range not allowed"
}
@gluetun host gluetun.akanealw.com
handle @gluetun {
handle @internal {
reverse_proxy 192.168.1.30:8777
}
respond "ip range not allowed"
}
@peanut host peanut.akanealw.com
handle @peanut {
handle @internal {
reverse_proxy 192.168.1.30:8980
}
respond "ip range not allowed"
}
@photoprism host photoprism.akanealw.com
handle @photoprism {
handle @internal {
reverse_proxy 192.168.1.30:2342
}
respond "ip range not allowed"
}
@photoprismdadandmom host photos.akanealw.com
handle @photoprismdadandmom {
handle @internal {
reverse_proxy 192.168.1.25:2342
}
respond "ip range not allowed"
}
@proxmox1 host proxmox1.akanealw.com
handle @proxmox1 {
handle @internal {
reverse_proxy https://192.168.1.51:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@proxmox2 host proxmox2.akanealw.com
handle @proxmox2 {
handle @internal {
reverse_proxy https://192.168.1.52:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@proxmoxbackup host proxmoxbackup.akanealw.com
handle @proxmoxbackup {
handle @internal {
reverse_proxy https://192.168.1.51:8007 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@router host router.akanealw.com
handle @router {
handle @internal {
reverse_proxy https://192.168.1.1:443 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@rssbridge host rss-bridge.akanealw.com
handle @rssbridge {
handle @internal {
reverse_proxy 192.168.1.30:3006
}
respond "ip range not allowed"
}
@invidious host invidious.akanealw.com
handle @invidious {
handle @internal {
reverse_proxy 192.168.1.30:3000
}
respond "ip range not allowed"
}
@scripts host scripts.akanealw.com
handle @scripts {
handle @internal {
redir / /scripts{uri}
reverse_proxy 192.168.1.50:80
}
respond "ip range not allowed"
}
@speedtest host speedtest.akanealw.com
handle @speedtest {
handle @internal {
reverse_proxy 192.168.1.30:8765
}
respond "ip range not allowed"
}
@dockersyncthing host dockerserver-syncthing.akanealw.com
handle @dockersyncthing {
handle @internal {
reverse_proxy https://192.168.1.30:8384 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@gamingpcsyncthing host gamingpc-syncthing.akanealw.com
handle @gamingpcsyncthing {
handle @internal {
reverse_proxy https://192.168.1.11:8384 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@laptoppcsyncthing host laptoppc-syncthing.akanealw.com
handle @laptoppcsyncthing {
handle @internal {
reverse_proxy https://192.168.1.12:8384 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@webmin host webmin.akanealw.com
handle @webmin {
handle @internal {
reverse_proxy https://192.168.1.51:10000 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@wireguardui host wireguardui.akanealw.com
handle @wireguardui {
handle @internal {
reverse_proxy 192.168.1.4:5000
}
respond "ip range not allowed"
}
@zabbix host zabbix.akanealw.com
handle @zabbix {
handle @internal {
reverse_proxy 192.168.1.44:8080
}
respond "ip range not allowed"
}
@piholewg host pihole-wg.akanealw.com
handle @piholewg {
handle @internal {
redir / /admin{uri}
reverse_proxy 192.168.1.4:3000
}
respond "ip range not allowed"
}
# --------------------------------------------------
# external subdomains without authentik
#
#
# @ host .akanealw.com
# handle @ {
# reverse_proxy 192.168.1.
# }
#
#
# --------------------------------------------------
@bitwarden host bitwarden.akanealw.com
handle @bitwarden {
reverse_proxy 192.168.1.4:8089
}
@giteadocker host gitea-docker.akanealw.com
handle @giteadocker {
reverse_proxy 192.168.1.4:3001
}
@gitea host gitea.akanealw.com
handle @gitea {
reverse_proxy 192.168.1.50:3000
}
@jellyfin host jellyfin.akanealw.com
handle @jellyfin {
reverse_proxy 192.168.1.42:8096
}
# --------------------------------------------------
# external subdomains with authentik
#
#
# @ host .akanealw.com
# handle @ {
# import auth
# reverse_proxy 192.168.1.
# }
#
#
# --------------------------------------------------
@memos host memos.akanealw.com
handle @memos {
handle @external {
import auth
}
reverse_proxy 192.168.1.4:5230
}
@whoami host whoami.akanealw.com
handle @whoami {
import auth
reverse_proxy whoami:80
}
@wallos host wallos.akanealw.com
handle @wallos {
import auth
reverse_proxy 192.168.1.4:8389
}
@homepage host www.akanealw.com
handle @homepage {
import auth
reverse_proxy 192.168.1.4:3005
}
@filebrowser host filebrowser.akanealw.com
handle @filebrowser {
import auth
reverse_proxy 192.168.1.30:8484
}
@archive host archive.akanealw.com
handle @archive {
import auth
reverse_proxy 192.168.1.30:8283
}
@archivebox host archivebox.akanealw.com
handle @archivebox {
import auth
reverse_proxy 192.168.1.30:8283
}
@codeserver host codeserver.akanealw.com
handle @codeserver {
import auth
reverse_proxy 192.168.1.50:3001
}
@freshrss host freshrss.akanealw.com
handle @freshrss {
import auth
reverse_proxy 192.168.1.30:8088
}
@jackett host jackett.akanealw.com
handle @jackett {
import auth
reverse_proxy 192.168.1.30:9117
}
@jdownloader host jdownloader.akanealw.com
handle @jdownloader {
import auth
reverse_proxy 192.168.1.30:5800
}
@jellyseerr host jellyseerr.akanealw.com
handle @jellyseerr {
import auth
reverse_proxy 192.168.1.30:5056
}
@kavita host kavita.akanealw.com
handle @kavita {
import auth
reverse_proxy 192.168.1.30:5002
}
@lidarr host lidarr.akanealw.com
handle @lidarr {
import auth
reverse_proxy 192.168.1.30:8686
}
@metube host metube.akanealw.com
handle @metube {
import auth
reverse_proxy 192.168.1.30:8082
}
@mstream host mstream.akanealw.com
handle @mstream {
import auth
reverse_proxy 192.168.1.30:3001
}
@nzbhydra host nzbhydra.akanealw.com
handle @nzbhydra {
import auth
reverse_proxy 192.168.1.30:5076
}
@olivetin host olivetin.akanealw.com
handle @olivetin {
import auth
reverse_proxy 192.168.1.30:1337
}
@opengist host opengist.akanealw.com
handle @opengist {
import auth
reverse_proxy opengist:6157
}
@paperless host paperless.akanealw.com
handle @paperless {
import auth
reverse_proxy 192.168.1.30:8112
}
@prowlarr host prowlarr.akanealw.com
handle @prowlarr {
import auth
reverse_proxy 192.168.1.30:9696
}
@qbittorrent host qbittorrent.akanealw.com
handle @qbittorrent {
import auth
reverse_proxy 192.168.1.30:8282
}
@radarr host radarr.akanealw.com
handle @radarr {
import auth
reverse_proxy 192.168.1.30:7878
}
@sabnzbd host sabnzbd.akanealw.com
handle @sabnzbd {
import auth
reverse_proxy 192.168.1.30:8181
}
@shlinkweb host shlink.akanealw.com
handle @shlinkweb {
import auth
reverse_proxy 192.168.1.30:8381
}
@sonarr host sonarr.akanealw.com
handle @sonarr {
import auth
reverse_proxy 192.168.1.30:8989
}
@spdf host spdf.akanealw.com
handle @spdf {
import auth
reverse_proxy 192.168.1.30:8086
}
@ittools host it-tools.akanealw.com
handle @ittools {
import auth
reverse_proxy 192.168.1.30:8383
}
@wikidocs host wiki.akanealw.com
handle @wikidocs {
import auth
reverse_proxy 192.168.1.30:8022
}
}
import *.caddy
# --------------------------------------------------
# aknlw.com root domain
# --------------------------------------------------
aknlw.com {
@shlink host aknlw.com
handle @shlink {
reverse_proxy 192.168.1.30:8380
}
}
import cloudflare
@shlink host aknlw.com
handle @shlink {
reverse_proxy 192.168.1.30:8380
}
}
# --------------------------------------------------
@@ -671,6 +90,6 @@ aknlw.com {
# --------------------------------------------------
repo.aknlw.com {
reverse_proxy 192.168.1.50:3000
}
import cloudflare
reverse_proxy 192.168.1.50:3000
}

9
caddy/Dockerfile Normal file
View File

@@ -0,0 +1,9 @@
FROM caddy:builder AS builder
RUN caddy-builder \
github.com/caddy-dns/cloudflare \
github.com/hslatman/caddy-crowdsec-bouncer
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

599
caddy/akanealw-subdomains.caddy Normal file
View File

@@ -0,0 +1,599 @@
*.akanealw.com {
# --------------------------------------------------
# external subdomains without authelia
#
#
# @ host .akanealw.com
# handle @ {
# reverse_proxy 192.168.1.
# }
#
#
# @ host .akanealw.com
# handle @ {
# reverse_proxy https://192.168.1. {
# transport http {
# tls_insecure_skip_verify
# }
# }
# }
#
#
# --------------------------------------------------
@internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
@external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
import cloudflare
@bitwarden host bitwarden.akanealw.com
handle @bitwarden {
reverse_proxy 192.168.1.4:8089
}
@giteadocker host gitea-docker.akanealw.com
handle @giteadocker {
reverse_proxy 192.168.1.4:3001
}
@gitea host gitea.akanealw.com
handle @gitea {
reverse_proxy 192.168.1.50:3000
}
@jellyfin host jellyfin.akanealw.com
handle @jellyfin {
reverse_proxy 192.168.1.42:8096
}
@headscale host headscale.akanealw.com
handle @headscale {
reverse_proxy 192.168.1.95:8888
}
# --------------------------------------------------
# external subdomains with authelia
#
#
# @ host .akanealw.com
# handle @ {
# import auth
# reverse_proxy 192.168.1.
# }
#
# @ host .akanealw.com
# handle @ {
# import auth
# reverse_proxy https://192.168.1. {
# transport http {
# tls_insecure_skip_verify
# }
# }
# }
#
#
# --------------------------------------------------
@docmost host docmost.akanealw.com
handle @docmost {
import auth
reverse_proxy 192.168.1.4:3300
}
@memos host memos.akanealw.com
handle @memos {
import auth
reverse_proxy 192.168.1.4:5230
}
@whoami host whoami.akanealw.com
handle @whoami {
import auth
reverse_proxy localhost:80
}
@wallos host wallos.akanealw.com
handle @wallos {
import auth
reverse_proxy 192.168.1.4:8389
}
@homepage host www.akanealw.com
handle @homepage {
import auth
reverse_proxy 192.168.1.4:3005
}
@filebrowser host filebrowser.akanealw.com
handle @filebrowser {
import auth
reverse_proxy 192.168.1.30:8484
}
@archive host archive.akanealw.com
handle @archive {
import auth
reverse_proxy 192.168.1.30:8283
}
@archivebox host archivebox.akanealw.com
handle @archivebox {
import auth
reverse_proxy 192.168.1.30:8283
}
@codeserver host codeserver.akanealw.com
handle @codeserver {
import auth
reverse_proxy 192.168.1.50:3001
}
@freshrss host freshrss.akanealw.com
handle @freshrss {
import auth
reverse_proxy 192.168.1.30:8088
}
@jackett host jackett.akanealw.com
handle @jackett {
import auth
reverse_proxy 192.168.1.30:9117
}
@jdownloader host jdownloader.akanealw.com
handle @jdownloader {
import auth
reverse_proxy 192.168.1.30:5800
}
@jellyseerr host jellyseerr.akanealw.com
handle @jellyseerr {
import auth
reverse_proxy 192.168.1.30:5056
}
@kavita host kavita.akanealw.com
handle @kavita {
import auth
reverse_proxy 192.168.1.30:5002
}
@lidarr host lidarr.akanealw.com
handle @lidarr {
import auth
reverse_proxy 192.168.1.30:8686
}
@metube host metube.akanealw.com
handle @metube {
import auth
reverse_proxy 192.168.1.30:8082
}
@mstream host mstream.akanealw.com
handle @mstream {
import auth
reverse_proxy 192.168.1.30:3001
}
@nzbhydra host nzbhydra.akanealw.com
handle @nzbhydra {
import auth
reverse_proxy 192.168.1.30:5076
}
@olivetin host olivetin.akanealw.com
handle @olivetin {
import auth
reverse_proxy 192.168.1.30:1337
}
@opengist host opengist.akanealw.com
handle @opengist {
import auth
reverse_proxy 192.168.1.4:6157
}
@paperless host paperless.akanealw.com
handle @paperless {
import auth
reverse_proxy 192.168.1.30:8112
}
@prowlarr host prowlarr.akanealw.com
handle @prowlarr {
import auth
reverse_proxy 192.168.1.30:9696
}
@qbittorrent host qbittorrent.akanealw.com
handle @qbittorrent {
import auth
reverse_proxy 192.168.1.30:8282
}
@radarr host radarr.akanealw.com
handle @radarr {
import auth
reverse_proxy 192.168.1.30:7878
}
@sabnzbd host sabnzbd.akanealw.com
handle @sabnzbd {
import auth
reverse_proxy 192.168.1.30:8181
}
@shlinkweb host shlink.akanealw.com
handle @shlinkweb {
import auth
reverse_proxy 192.168.1.30:8381
}
@sonarr host sonarr.akanealw.com
handle @sonarr {
import auth
reverse_proxy 192.168.1.30:8989
}
@spdf host spdf.akanealw.com
handle @spdf {
import auth
reverse_proxy 192.168.1.30:8086
}
@ittools host it-tools.akanealw.com
handle @ittools {
import auth
reverse_proxy 192.168.1.30:8383
}
@wikidocs host wiki.akanealw.com
handle @wikidocs {
import auth
reverse_proxy 192.168.1.30:8022
}
# --------------------------------------------------
# internal only subdomains
#
#
# @ host .akanealw.com
# handle @ {
# handle @internal {
# reverse_proxy 192.168.1.
# }
# respond "ip range not allowed"
# }
#
#
# @ host .akanealw.com
# handle @ {
# handle @internal {
# reverse_proxy https://192.168.1. {
# transport http {
# tls_insecure_skip_verify
# }
# }
# }
# respond "ip range not allowed"
# }
#
#
# --------------------------------------------------
@checkmk host checkmk.akanealw.com
handle @checkmk {
handle @internal {
reverse_proxy 192.168.1.4:8888
}
respond "ip range not allowed"
}
@linkwarden host linkwarden.akanealw.com
handle @linkwarden {
handle @internal {
reverse_proxy 192.168.1.4:3232
}
respond "ip range not allowed"
}
@adguard1 host adguardserver1.akanealw.com
handle @adguard1 {
handle @internal {
reverse_proxy 192.168.1.2:80
}
respond "ip range not allowed"
}
@adguard2 host adguardserver2.akanealw.com
handle @adguard2 {
handle @internal {
reverse_proxy 192.168.1.3:80
}
respond "ip range not allowed"
}
@bale host bale.akanealw.com
handle @bale {
handle @internal {
reverse_proxy 192.168.1.51:8080
}
respond "ip range not allowed"
}
@cronicle host cronicle.akanealw.com
handle @cronicle {
handle @internal {
reverse_proxy 192.168.1.30:3012
}
respond "ip range not allowed"
}
@devdockge host dev-dockge.akanealw.com
handle @devdockge {
handle @internal {
reverse_proxy 192.168.1.35:5001
}
respond "ip range not allowed"
}
@devdozzle host dev-dozzle.akanealw.com
handle @devdozzle {
handle @internal {
reverse_proxy 192.168.1.35:8080
}
respond "ip range not allowed"
}
@dockerdockge host dockerserver-dockge.akanealw.com
handle @dockerdockge {
handle @internal {
reverse_proxy 192.168.1.30:5001
}
respond "ip range not allowed"
}
@dockerdozzle host dockerserver-dozzle.akanealw.com
handle @dockerdozzle {
handle @internal {
reverse_proxy 192.168.1.30:8080
}
respond "ip range not allowed"
}
@dockertestdockge host dockerservertest-dockge.akanealw.com
handle @dockertestdockge {
handle @internal {
reverse_proxy 192.168.1.33:5001
}
respond "ip range not allowed"
}
@dockertestdozzle host dockerservertest-dozzle.akanealw.com
handle @dockertestdozzle {
handle @internal {
reverse_proxy 192.168.1.33:8080
}
respond "ip range not allowed"
}
@proxyserverdockge host proxyserver-dockge.akanealw.com
handle @proxyserverdockge {
handle @internal {
reverse_proxy 192.168.1.4:5001
}
respond "ip range not allowed"
}
@proxyserverdozzle host proxyserver-dozzle.akanealw.com
handle @proxyserverdozzle {
handle @internal {
reverse_proxy 192.168.1.4:8080
}
respond "ip range not allowed"
}
@files host files.akanealw.com
handle @files {
handle @internal {
redir / /files{uri}
reverse_proxy 192.168.1.50:80
}
respond "ip range not allowed"
}
@icons host icons.akanealw.com
handle @icons {
handle @internal {
rewrite * /files/icons{uri}
reverse_proxy 192.168.1.50:80
}
respond "ip range not allowed"
}
@gluetun host gluetun.akanealw.com
handle @gluetun {
handle @internal {
reverse_proxy 192.168.1.30:8777
}
respond "ip range not allowed"
}
@peanut host peanut.akanealw.com
handle @peanut {
handle @internal {
reverse_proxy 192.168.1.30:8980
}
respond "ip range not allowed"
}
@photoprism host photoprism.akanealw.com
handle @photoprism {
handle @internal {
reverse_proxy 192.168.1.30:2342
}
respond "ip range not allowed"
}
@photoprismdadandmom host photos.akanealw.com
handle @photoprismdadandmom {
handle @internal {
reverse_proxy 192.168.1.25:2342
}
respond "ip range not allowed"
}
@proxmox1 host proxmox1.akanealw.com
handle @proxmox1 {
handle @internal {
reverse_proxy https://192.168.1.51:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@proxmox2 host proxmox2.akanealw.com
handle @proxmox2 {
handle @internal {
reverse_proxy https://192.168.1.52:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@proxmoxbackup host proxmoxbackup.akanealw.com
handle @proxmoxbackup {
handle @internal {
reverse_proxy https://192.168.1.51:8007 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@router host router.akanealw.com
handle @router {
handle @internal {
reverse_proxy http://192.168.1.1:80
}
respond "ip range not allowed"
}
@rssbridge host rss-bridge.akanealw.com
handle @rssbridge {
handle @internal {
reverse_proxy 192.168.1.30:3006
}
respond "ip range not allowed"
}
@invidious host invidious.akanealw.com
handle @invidious {
handle @internal {
reverse_proxy 192.168.1.30:3000
}
respond "ip range not allowed"
}
@scripts host scripts.akanealw.com
handle @scripts {
handle @internal {
redir / /scripts{uri}
reverse_proxy 192.168.1.50:80
}
respond "ip range not allowed"
}
@speedtest host speedtest.akanealw.com
handle @speedtest {
handle @internal {
reverse_proxy 192.168.1.30:8765
}
respond "ip range not allowed"
}
@dockersyncthing host dockerserver-syncthing.akanealw.com
handle @dockersyncthing {
handle @internal {
reverse_proxy https://192.168.1.30:8384 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@gamingpcsyncthing host gamingpc-syncthing.akanealw.com
handle @gamingpcsyncthing {
handle @internal {
reverse_proxy https://192.168.1.11:8384 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@laptoppcsyncthing host laptoppc-syncthing.akanealw.com
handle @laptoppcsyncthing {
handle @internal {
reverse_proxy https://192.168.1.12:8384 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@webmin host webmin.akanealw.com
handle @webmin {
handle @internal {
reverse_proxy https://192.168.1.51:10000 {
transport http {
tls_insecure_skip_verify
}
}
}
respond "ip range not allowed"
}
@wireguardui host wireguardui.akanealw.com
handle @wireguardui {
handle @internal {
reverse_proxy 192.168.1.4:5000
}
respond "ip range not allowed"
}
@zabbix host zabbix.akanealw.com
handle @zabbix {
handle @internal {
reverse_proxy 192.168.1.44:8080
}
respond "ip range not allowed"
}
@piholewg host pihole-wg.akanealw.com
handle @piholewg {
handle @internal {
redir / /admin{uri}
reverse_proxy 192.168.1.4:3000
}
respond "ip range not allowed"
}
}

29
caddy/compose.yml Normal file
View File

@@ -0,0 +1,29 @@
services:
caddy:
container_name: caddy
build: .
environment:
- DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
security_opt:
- no-new-privileges:true
networks:
- reverseproxy
ports:
- 80:80
- 443:443
- 2019:2019
volumes:
- ./data:/data
- ./Caddyfile:/etc/caddy/Caddyfile
- ./logs:/srv/
restart: unless-stopped
whoami:
image: traefik/whoami
container_name: whoami
networks:
- reverseproxy
networks:
reverseproxy:
external: true

130
compose.yml
View File

@@ -1,130 +0,0 @@
services:
authentik-server:
image: ghcr.io/goauthentik/server:2025.2.2
container_name: authentik-server
command: server
environment:
- AUTHENTIK_REDIS__HOST=authentik-redis
- AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
- AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
- AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
- AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
- AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
- AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
- AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
networks:
- reverseproxy
- authentik
volumes:
- ./media:/media
- ./custom-templates:/templates
depends_on:
- authentik-postgres
- authentik-redis
restart: unless-stopped
authentik-worker:
image: ghcr.io/goauthentik/server:2025.2.2
container_name: authentik-worker
command: worker
environment:
- AUTHENTIK_REDIS__HOST=authentik-redis
- AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
- AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
- AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
- AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
- AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
- AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
- AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
networks:
- reverseproxy
- authentik
user: root
volumes:
- /run/docker.sock:/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
depends_on:
- authentik-postgres
- authentik-redis
restart: unless-stopped
authentik-redis:
image: docker.io/library/redis:7.4.2
container_name: authentik-redis
command: --save 60 1 --loglevel warning
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
networks:
- authentik
volumes:
- ./redis:/data
restart: unless-stopped
authentik-postgres:
image: docker.io/library/postgres:17.4
container_name: authentik-postgres
environment:
- POSTGRES_USER=authentik
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=authentik
- TZ=${TZ}
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U "authentik"']
start_period: 30s
interval: 10s
timeout: 10s
retries: 5
networks:
- authentik
volumes:
- ./postgres:/var/lib/postgresql/data
restart: unless-stopped
caddy:
container_name: caddy
build: .
environment:
- DNS_PROVIDER_TOKEN=BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3
security_opt:
- no-new-privileges:true
networks:
- reverseproxy
ports:
- 80:80
- 443:443
- 2019:2019
volumes:
- ./caddy/data:/data
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/logs:/srv/
restart: unless-stopped
whoami:
image: traefik/whoami
container_name: whoami
networks:
- reverseproxy
networks:
authentik:
name: authentik
reverseproxy:
external: true