Change domain and get public ssl

This commit is contained in:
Florian Zirker 2025-03-19 15:11:10 +01:00
parent fff5e468db
commit 8181de3f12
5 changed files with 80 additions and 78 deletions

View file

@ -1,18 +1,76 @@
{
auto_https disable_redirects
local_certs
pki {
ca local {
name "{$LOCAL_CA_NAME}"
}
}
email {env.EMAIL}
log default {
output stdout
format console
}
debug
}
(errorhandler) {
*.{$DOMAIN} {
tls {
dns netcup {
customer_number {env.NETCUP_CUSTOMER_NUMBER}
api_key {env.NETCUP_API_KEY}
api_password {env.NETCUP_API_PASSWORD}
}
propagation_timeout 900s
propagation_delay 600s
resolvers 9.9.9.9
}
#header Strict-Transport-Security "max-age=63072000"
@whoami host whoami.{$DOMAIN}
handle @whoami {
reverse_proxy whoami:80
}
@dashboard host dashboard.{$DOMAIN}
handle @dashboard {
reverse_proxy homer:8080
}
@hassi host hassi.{$DOMAIN}
handle @hassi {
# reverse_proxy homeassistant:8123
reverse_proxy {host}:8123
}
@zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
handle @zigbee2mqtt {
reverse_proxy zigbee2mqtt:8080
}
@jellyfin host jellyfin.{$DOMAIN}
handle @jellyfin {
reverse_proxy jellyfin:8096
}
@paperless host paperless.{$DOMAIN}
handle @paperless {
reverse_proxy paperless-ngx:8000
}
@download host download.{$DOMAIN}
handle @download {
reverse_proxy pyload:8000
}
@uptime host uptime.{$DOMAIN}
handle @uptime {
reverse_proxy uptime-kuma:3001
}
@torrent host torrent.{$DOMAIN}
handle @torrent {
reverse_proxy transmission:9091
}
# Fallback unhandled (sub)domains
handle {
error 404
}
handle_errors {
root * /usr/share/caddy/web
rewrite * /error.html
@ -22,70 +80,3 @@
}
}
}
(localtls) {
tls internal
}
whoami.{$DOMAIN} http://whoami.{$DOMAIN} {
reverse_proxy whoami:80
import errorhandler
}
dashboard.{$DOMAIN} http://dashboard.{$DOMAIN} {
reverse_proxy homer:8080
import errorhandler
}
hassi.{$DOMAIN} http://hassi.{$DOMAIN} {
# reverse_proxy homeassistant:8123
reverse_proxy {host}:8123
import errorhandler
}
zigbee2mqtt.{$DOMAIN} http://zigbee2mqtt.{$DOMAIN} {
reverse_proxy zigbee2mqtt:8080
import errorhandler
}
jellyfin.{$DOMAIN} http://jellyfin.{$DOMAIN} {
reverse_proxy jellyfin:8096
import errorhandler
}
paperless.{$DOMAIN} http://paperless.{$DOMAIN} {
reverse_proxy paperless-ngx:8000
import errorhandler
}
download.{$DOMAIN} http://download.{$DOMAIN} {
reverse_proxy pyload:8000
import errorhandler
}
uptime.{$DOMAIN} http://uptime.{$DOMAIN} {
reverse_proxy uptime-kuma:3001
import errorhandler
}
torrent.{$DOMAIN} http://torrent.{$DOMAIN} {
reverse_proxy transmission:9091
import errorhandler
}
*.{$DOMAIN} http://*.{$DOMAIN} {
error 404
import errorhandler
}
root-ca.{$DOMAIN} http://root-ca.{$DOMAIN} {
file_server * {
root /usr/share/caddy/web
hide .git Readme.md
}
file_server /root.crt {
root /data/caddy/pki/authorities/local/
hide *.key
}
import errorhandler
}

7
proxy/Dockerfile Normal file
View file

@ -0,0 +1,7 @@
FROM caddy:2-builder AS builder
RUN xcaddy build --with github.com/caddy-dns/netcup
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

View file

@ -1,7 +1,7 @@
services:
caddy:
image: caddy:2
build: ./
restart: unless-stopped
ports:
- 80:80
@ -17,6 +17,10 @@ services:
environment:
- DOMAIN=${DOMAIN}
- LOCAL_CA_NAME=${LOCAL_CA_NAME}
- NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER}
- NETCUP_API_KEY=${NETCUP_API_KEY}
- NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD}
- EMAIL=${LETSENCRYPT_MAIL}
cap_add:
- cap_net_bind_service

View file

@ -28,7 +28,7 @@
</body>
<footer>
<a href="http://dashboard.lan/">Dashboard</a>
<a href="http://dashboard.home.florianzirker.de/">Dashboard</a>
</footer>

View file

@ -37,7 +37,7 @@
<li>
Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus:
<pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.lan/</span>root.crt
<pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.home.florianzirker.de/</span>root.crt
sudo mkdir -p /usr/local/share/ca-certificates/extra
sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/
sudo update-ca-certificates