From 8181de3f125327fa48b9d494ff142d2f80c47d8f Mon Sep 17 00:00:00 2001
From: Florian Zirker <florian.zirker@kapsweyer.de>
Date: Wed, 19 Mar 2025 15:11:10 +0100
Subject: [PATCH] Change domain and get public ssl
---
proxy/Caddyfile | 141 ++++++++++++++++++--------------------
proxy/Dockerfile | 7 ++
proxy/docker-compose.yaml | 6 +-
proxy/web/error.html | 2 +-
proxy/web/index.html | 2 +-
5 files changed, 80 insertions(+), 78 deletions(-)
create mode 100644 proxy/Dockerfile
diff --git a/proxy/Caddyfile b/proxy/Caddyfile
index 1fff47a..bc24cc5 100644
--- a/proxy/Caddyfile
+++ b/proxy/Caddyfile
@@ -1,18 +1,76 @@
{
- auto_https disable_redirects
- local_certs
- pki {
- ca local {
- name "{$LOCAL_CA_NAME}"
- }
- }
+ email {env.EMAIL}
log default {
output stdout
format console
}
+ debug
}
-(errorhandler) {
+*.{$DOMAIN} {
+ tls {
+ dns netcup {
+ customer_number {env.NETCUP_CUSTOMER_NUMBER}
+ api_key {env.NETCUP_API_KEY}
+ api_password {env.NETCUP_API_PASSWORD}
+ }
+ propagation_timeout 900s
+ propagation_delay 600s
+ resolvers 9.9.9.9
+ }
+ #header Strict-Transport-Security "max-age=63072000"
+
+ @whoami host whoami.{$DOMAIN}
+ handle @whoami {
+ reverse_proxy whoami:80
+ }
+
+ @dashboard host dashboard.{$DOMAIN}
+ handle @dashboard {
+ reverse_proxy homer:8080
+ }
+
+ @hassi host hassi.{$DOMAIN}
+ handle @hassi {
+ # reverse_proxy homeassistant:8123
+ reverse_proxy {host}:8123
+ }
+
+ @zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
+ handle @zigbee2mqtt {
+ reverse_proxy zigbee2mqtt:8080
+ }
+
+ @jellyfin host jellyfin.{$DOMAIN}
+ handle @jellyfin {
+ reverse_proxy jellyfin:8096
+ }
+
+ @paperless host paperless.{$DOMAIN}
+ handle @paperless {
+ reverse_proxy paperless-ngx:8000
+ }
+
+ @download host download.{$DOMAIN}
+ handle @download {
+ reverse_proxy pyload:8000
+ }
+
+ @uptime host uptime.{$DOMAIN}
+ handle @uptime {
+ reverse_proxy uptime-kuma:3001
+ }
+
+ @torrent host torrent.{$DOMAIN}
+ handle @torrent {
+ reverse_proxy transmission:9091
+ }
+
+ # Fallback unhandled (sub)domains
+ handle {
+ error 404
+ }
+
handle_errors {
root * /usr/share/caddy/web
rewrite * /error.html
@@ -22,70 +80,3 @@
}
}
}
-
-(localtls) {
- tls internal
-}
-
-whoami.{$DOMAIN} http://whoami.{$DOMAIN} {
- reverse_proxy whoami:80
- import errorhandler
-}
-
-dashboard.{$DOMAIN} http://dashboard.{$DOMAIN} {
- reverse_proxy homer:8080
- import errorhandler
-}
-
-hassi.{$DOMAIN} http://hassi.{$DOMAIN} {
- # reverse_proxy homeassistant:8123
- reverse_proxy {host}:8123
- import errorhandler
-}
-
-zigbee2mqtt.{$DOMAIN} http://zigbee2mqtt.{$DOMAIN} {
- reverse_proxy zigbee2mqtt:8080
- import errorhandler
-}
-
-jellyfin.{$DOMAIN} http://jellyfin.{$DOMAIN} {
- reverse_proxy jellyfin:8096
- import errorhandler
-}
-
-paperless.{$DOMAIN} http://paperless.{$DOMAIN} {
- reverse_proxy paperless-ngx:8000
- import errorhandler
-}
-
-download.{$DOMAIN} http://download.{$DOMAIN} {
- reverse_proxy pyload:8000
- import errorhandler
-}
-
-uptime.{$DOMAIN} http://uptime.{$DOMAIN} {
- reverse_proxy uptime-kuma:3001
- import errorhandler
-}
-
-torrent.{$DOMAIN} http://torrent.{$DOMAIN} {
- reverse_proxy transmission:9091
- import errorhandler
-}
-
-*.{$DOMAIN} http://*.{$DOMAIN} {
- error 404
- import errorhandler
-}
-
-root-ca.{$DOMAIN} http://root-ca.{$DOMAIN} {
- file_server * {
- root /usr/share/caddy/web
- hide .git Readme.md
- }
- file_server /root.crt {
- root /data/caddy/pki/authorities/local/
- hide *.key
- }
- import errorhandler
-}
diff --git a/proxy/Dockerfile b/proxy/Dockerfile
new file mode 100644
index 0000000..7223e84
--- /dev/null
+++ b/proxy/Dockerfile
@@ -0,0 +1,7 @@
+FROM caddy:2-builder AS builder
+
+RUN xcaddy build --with github.com/caddy-dns/netcup
+
+FROM caddy:2
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml
index 2870b0b..9f0eaac 100644
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@@ -1,7 +1,7 @@
services:
caddy:
- image: caddy:2
+ build: ./
restart: unless-stopped
ports:
- 80:80
@@ -17,6 +17,10 @@ services:
environment:
- DOMAIN=${DOMAIN}
- LOCAL_CA_NAME=${LOCAL_CA_NAME}
+ - NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER}
+ - NETCUP_API_KEY=${NETCUP_API_KEY}
+ - NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD}
+ - EMAIL=${LETSENCRYPT_MAIL}
cap_add:
- cap_net_bind_service
diff --git a/proxy/web/error.html b/proxy/web/error.html
index 2315a15..7a72d86 100644
--- a/proxy/web/error.html
+++ b/proxy/web/error.html
@@ -28,7 +28,7 @@
</body>
<footer>
- <a href="http://dashboard.lan/">Dashboard</a>
+ <a href="http://dashboard.home.florianzirker.de/">Dashboard</a>
</footer>
diff --git a/proxy/web/index.html b/proxy/web/index.html
index 76a3485..2f9cb5e 100644
--- a/proxy/web/index.html
+++ b/proxy/web/index.html
@@ -37,7 +37,7 @@
<li>
Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus:
- <pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.lan/</span>root.crt
+ <pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.home.florianzirker.de/</span>root.crt
sudo mkdir -p /usr/local/share/ca-certificates/extra
sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/
sudo update-ca-certificates