fzirker/homeserver
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Change domain and get public ssl

Browse source
This commit is contained in:
Florian Zirker 2025-03-19 15:11:10 +01:00
parent fff5e468db
commit 8181de3f12
5 changed files with 80 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

141
proxy/Caddyfile
View file

@ -1,18 +1,76 @@
{ {
auto_https disable_redirects email {env.EMAIL}
local_certs
pki {
ca local {
name "{$LOCAL_CA_NAME}"
}
}
log default { log default {
output stdout output stdout
format console format console
} }
debug
} }
(errorhandler) { *.{$DOMAIN} {
tls {
dns netcup {
customer_number {env.NETCUP_CUSTOMER_NUMBER}
api_key {env.NETCUP_API_KEY}
api_password {env.NETCUP_API_PASSWORD}
}
propagation_timeout 900s
propagation_delay 600s
resolvers 9.9.9.9
}
#header Strict-Transport-Security "max-age=63072000"
@whoami host whoami.{$DOMAIN}
handle @whoami {
reverse_proxy whoami:80
}
@dashboard host dashboard.{$DOMAIN}
handle @dashboard {
reverse_proxy homer:8080
}
@hassi host hassi.{$DOMAIN}
handle @hassi {
# reverse_proxy homeassistant:8123
reverse_proxy {host}:8123
}
@zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
handle @zigbee2mqtt {
reverse_proxy zigbee2mqtt:8080
}
@jellyfin host jellyfin.{$DOMAIN}
handle @jellyfin {
reverse_proxy jellyfin:8096
}
@paperless host paperless.{$DOMAIN}
handle @paperless {
reverse_proxy paperless-ngx:8000
}
@download host download.{$DOMAIN}
handle @download {
reverse_proxy pyload:8000
}
@uptime host uptime.{$DOMAIN}
handle @uptime {
reverse_proxy uptime-kuma:3001
}
@torrent host torrent.{$DOMAIN}
handle @torrent {
reverse_proxy transmission:9091
}
# Fallback unhandled (sub)domains
handle {
error 404
}
handle_errors { handle_errors {
root * /usr/share/caddy/web root * /usr/share/caddy/web
rewrite * /error.html rewrite * /error.html
@ -22,70 +80,3 @@
} }
} }
} }
(localtls) {
tls internal
}
whoami.{$DOMAIN} http://whoami.{$DOMAIN} {
reverse_proxy whoami:80
import errorhandler
}
dashboard.{$DOMAIN} http://dashboard.{$DOMAIN} {
reverse_proxy homer:8080
import errorhandler
}
hassi.{$DOMAIN} http://hassi.{$DOMAIN} {
# reverse_proxy homeassistant:8123
reverse_proxy {host}:8123
import errorhandler
}
zigbee2mqtt.{$DOMAIN} http://zigbee2mqtt.{$DOMAIN} {
reverse_proxy zigbee2mqtt:8080
import errorhandler
}
jellyfin.{$DOMAIN} http://jellyfin.{$DOMAIN} {
reverse_proxy jellyfin:8096
import errorhandler
}
paperless.{$DOMAIN} http://paperless.{$DOMAIN} {
reverse_proxy paperless-ngx:8000
import errorhandler
}
download.{$DOMAIN} http://download.{$DOMAIN} {
reverse_proxy pyload:8000
import errorhandler
}
uptime.{$DOMAIN} http://uptime.{$DOMAIN} {
reverse_proxy uptime-kuma:3001
import errorhandler
}
torrent.{$DOMAIN} http://torrent.{$DOMAIN} {
reverse_proxy transmission:9091
import errorhandler
}
*.{$DOMAIN} http://*.{$DOMAIN} {
error 404
import errorhandler
}
root-ca.{$DOMAIN} http://root-ca.{$DOMAIN} {
file_server * {
root /usr/share/caddy/web
hide .git Readme.md
}
file_server /root.crt {
root /data/caddy/pki/authorities/local/
hide *.key
}
import errorhandler
}

7
proxy/Dockerfile Normal file
View file

@ -0,0 +1,7 @@
FROM caddy:2-builder AS builder
RUN xcaddy build --with github.com/caddy-dns/netcup
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

6
proxy/docker-compose.yaml
View file

@ -1,7 +1,7 @@
services: services:
caddy: caddy:
image: caddy:2 build: ./
restart: unless-stopped restart: unless-stopped
ports: ports:
- 80:80 - 80:80
@ -17,6 +17,10 @@ services:
environment: environment:
- DOMAIN=${DOMAIN} - DOMAIN=${DOMAIN}
- LOCAL_CA_NAME=${LOCAL_CA_NAME} - LOCAL_CA_NAME=${LOCAL_CA_NAME}
- NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER}
- NETCUP_API_KEY=${NETCUP_API_KEY}
- NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD}
- EMAIL=${LETSENCRYPT_MAIL}
cap_add: cap_add:
- cap_net_bind_service - cap_net_bind_service

2
proxy/web/error.html
View file

@ -28,7 +28,7 @@
</body> </body>
<footer> <footer>
<a href="http://dashboard.lan/">Dashboard</a> <a href="http://dashboard.home.florianzirker.de/">Dashboard</a>
</footer> </footer>

2
proxy/web/index.html
View file

@ -37,7 +37,7 @@
<li> <li>
Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus: Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus:
<pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.lan/</span>root.crt <pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.home.florianzirker.de/</span>root.crt
sudo mkdir -p /usr/local/share/ca-certificates/extra sudo mkdir -p /usr/local/share/ca-certificates/extra
sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/ sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/
sudo update-ca-certificates sudo update-ca-certificates