enable https with caddy root ca

2025-03-14 13:45:01 +01:00 · 2025-03-14 13:45:01 +01:00 · e2666bdfad
commit e2666bdfad
parent fc86424caa
4 changed files with 167 additions and 41 deletions
--- a/proxy/Caddyfile
+++ b/proxy/Caddyfile
@ -1,51 +1,86 @@
 {
-	auto_https off
+	auto_https disable_redirects
+	local_certs
+	pki {
+		ca local {
+			name "{$LOCAL_CA_NAME}"
+		}
+	}
 	log default {
 		output stdout
 		format console
 	}
 }

-http://whoami.{$DOMAIN} {
-	reverse_proxy whoami:80
-}
-
-http://dashboard.{$DOMAIN} {
-	reverse_proxy homer:8080
-}
-
-http://hassi.{$DOMAIN} {
-	# reverse_proxy homeassistant:8123
-	reverse_proxy {host}:8123
-}
-
-http://zigbee2mqtt.{$DOMAIN} {
-	reverse_proxy zigbee2mqtt:8080
-}
-
-http://jellyfin.{$DOMAIN} {
-	reverse_proxy jellyfin:8096
-}
-
-http://paperless.{$DOMAIN} {
-	reverse_proxy paperless-ngx:8000
-}
-
-http://download.{$DOMAIN} {
-	reverse_proxy pyload:8000
-}
-
-http://uptime.{$DOMAIN} {
-	reverse_proxy uptime-kuma:3001
-}
-
-http://torrent.{$DOMAIN} {
-	reverse_proxy transmission:9091
-}
-
-:80, :443 {
-	respond "404 Not Found" 404
+(errorhandler) {
 	handle_errors {
-		respond "{err.status_code} {err.status_text}" {err.status_code}
+		root * /usr/share/caddy/web
+		rewrite * /error.html
+		templates
+		file_server {
+			status {err.status_code}
+		}
 	}
 }
+
+(localtls) {
+	tls internal
+}
+
+whoami.{$DOMAIN} http://whoami.{$DOMAIN} {
+	reverse_proxy whoami:80
+	import errorhandler
+}
+
+dashboard.{$DOMAIN}  http://dashboard.{$DOMAIN} {
+	reverse_proxy homer:8080
+	import errorhandler
+}
+
+hassi.{$DOMAIN} http://hassi.{$DOMAIN} {
+	# reverse_proxy homeassistant:8123
+	reverse_proxy {host}:8123
+	import errorhandler
+}
+
+zigbee2mqtt.{$DOMAIN} http://zigbee2mqtt.{$DOMAIN} {
+	reverse_proxy zigbee2mqtt:8080
+	import errorhandler
+}
+
+jellyfin.{$DOMAIN} http://jellyfin.{$DOMAIN} {
+	reverse_proxy jellyfin:8096
+	import errorhandler
+}
+
+paperless.{$DOMAIN} http://paperless.{$DOMAIN} {
+	reverse_proxy paperless-ngx:8000
+	import errorhandler
+}
+
+download.{$DOMAIN} http://download.{$DOMAIN} {
+	reverse_proxy pyload:8000
+	import errorhandler
+}
+
+uptime.{$DOMAIN} http://uptime.{$DOMAIN} {
+	reverse_proxy uptime-kuma:3001
+	import errorhandler
+}
+
+torrent.{$DOMAIN} http://torrent.{$DOMAIN} {
+	reverse_proxy transmission:9091
+	import errorhandler
+}
+
+root-ca.{$DOMAIN} http://root-ca.{$DOMAIN} {
+	file_server * {
+		root /usr/share/caddy/web
+		hide .git Readme.md
+	}
+	file_server /root.crt {
+		root /data/caddy/pki/authorities/local/
+		hide *.key
+	}
+	import errorhandler
+}