enable https with caddy root ca

.editorconfig

@@ -22,3 +22,12 @@ end_of_line    = lf
 indent_style   = space
 indent_size    = 4
 tab_width      = 4
+
+[Caddyfile]
+indent_style = tab
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

paperless/docker-compose.yaml

@@ -53,11 +53,13 @@ services:
       - PAPERLESS_OCR_LANGUAGES=deu eng
       - PAPERLESS_URL=http://paperless.${DOMAIN}
       - PAPERLESS_OCR_LANGUAGE=deu
-      - PAPERLESS_FILENAME_FORMAT={correspondent}/{created} {title}
+      #- PAPERLESS_FILENAME_FORMAT={correspondent}/{created} {title}
+      - PAPERLESS_FILENAME_FORMAT={{ correspondent }}/{{ created }} {{ title }}
       - PAPERLESS_CONSUMER_POLLING=60
       - USERMAP_UID=1000
       - USERMAP_GID=1000
       - PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py
+      - PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON}
     labels:
       - "docker.group=paperless"
 
@@ -66,3 +68,4 @@ networks:
   paperless:
   web:
     external: true
+

proxy/Caddyfile

@@ -1,44 +1,86 @@
 {
-  auto_https off
+	auto_https disable_redirects
+	local_certs
+	pki {
+		ca local {
+			name "{$LOCAL_CA_NAME}"
+		}
+	}
+	log default {
+		output stdout
+		format console
+	}
 }
 
-http://whoami.lan {
+(errorhandler) {
-  reverse_proxy whoami:80
+	handle_errors {
+		root * /usr/share/caddy/web
+		rewrite * /error.html
+		templates
+		file_server {
+			status {err.status_code}
+		}
+	}
 }
 
-http://dashboard.lan {
+(localtls) {
-  reverse_proxy homer:8080
+	tls internal
 }
 
-http://hassi.lan {
+whoami.{$DOMAIN} http://whoami.{$DOMAIN} {
-#  reverse_proxy homeassistant:8123
+	reverse_proxy whoami:80
-  reverse_proxy dockerhost-1.lan:8123
+	import errorhandler
 }
 
-http://zigbee2mqtt.lan {
+dashboard.{$DOMAIN}  http://dashboard.{$DOMAIN} {
-  reverse_proxy zigbee2mqtt:8080
+	reverse_proxy homer:8080
+	import errorhandler
 }
 
-http://jellyfin.lan {
+hassi.{$DOMAIN} http://hassi.{$DOMAIN} {
-  reverse_proxy jellyfin:8096
+	# reverse_proxy homeassistant:8123
+	reverse_proxy {host}:8123
+	import errorhandler
 }
 
-http://paperless.lan {
+zigbee2mqtt.{$DOMAIN} http://zigbee2mqtt.{$DOMAIN} {
-  reverse_proxy paperless-ngx:8000
+	reverse_proxy zigbee2mqtt:8080
+	import errorhandler
 }
 
-http://download.lan {
+jellyfin.{$DOMAIN} http://jellyfin.{$DOMAIN} {
-  reverse_proxy pyload:8000
+	reverse_proxy jellyfin:8096
+	import errorhandler
 }
 
-http://uptime.lan {
+paperless.{$DOMAIN} http://paperless.{$DOMAIN} {
-  reverse_proxy uptime-kuma:3001
+	reverse_proxy paperless-ngx:8000
+	import errorhandler
 }
 
-http://torrent.lan {
+download.{$DOMAIN} http://download.{$DOMAIN} {
-  reverse_proxy transmission:9091
+	reverse_proxy pyload:8000
+	import errorhandler
 }
 
-:80, :443 {
+uptime.{$DOMAIN} http://uptime.{$DOMAIN} {
-  respond 404
+	reverse_proxy uptime-kuma:3001
+	import errorhandler
+}
+
+torrent.{$DOMAIN} http://torrent.{$DOMAIN} {
+	reverse_proxy transmission:9091
+	import errorhandler
+}
+
+root-ca.{$DOMAIN} http://root-ca.{$DOMAIN} {
+	file_server * {
+		root /usr/share/caddy/web
+		hide .git Readme.md
+	}
+	file_server /root.crt {
+		root /data/caddy/pki/authorities/local/
+		hide *.key
+	}
+	import errorhandler
 }

proxy/docker-compose.yaml

@@ -5,12 +5,20 @@ services:
     restart: unless-stopped
     ports:
       - 80:80
+      - 443:443
+      - "443:443/udp"
     volumes:
       - ${VOLUMES_PATH}/proxy/caddy/data:/data
       - ${VOLUMES_PATH}/proxy/caddy/config:/config
       - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./web:/usr/share/caddy/web:ro
     networks:
       - web
+    environment:
+      - DOMAIN=${DOMAIN}
+      - LOCAL_CA_NAME=${LOCAL_CA_NAME}
+    cap_add:
+      - cap_net_bind_service
 
 
   whoami:

proxy/web/default.css

@@ -0,0 +1,13 @@
+:root {
+   max-width: 80ch;
+   padding: 3em 1em;
+   margin: auto;
+   font-size: 1.25em;
+   font-family: Arial, Helvetica, sans-serif;
+}
+
+footer {
+   position: absolute;
+   bottom: 0;
+   height: 50px;
+}

proxy/web/index.html

@@ -0,0 +1,72 @@
+<!DOCTYPE html>”
+<html lang="de">
+
+<head>
+   <meta charset="UTF-8">
+   <title>Containerize Root-CA</title>
+   <link rel="stylesheet" href="default.css">
+   <meta name="viewport" content="width=device-width, initial-scale=1">
+</head>
+
+<body>
+   <h1>Containerize Root-CA</h1>
+
+   <p>
+      Caddy dient als lokale Zertifizierungsstelle (CA) um eigene lokale Zertifikate zu signieren.
+      Details siehe <a href="https://caddyserver.com/docs/automatic-https#local-https">Caddy Doku</a>.
+   </p>
+
+   <p>
+      Führe folgendes aus:
+   <ol>
+      <li>
+         Klicken sie <a href="/root.crt" download="caddy-root-ca.crt">hier</a> um das CA-Zertifikat von Caddy herunter
+         zu laden.<br>
+      </li>
+
+      <li>
+         Installiere das caddy-root-ca.crt in den Windwos Truststore. <br>
+         Öffne die Datei mit Doppelklick und drücke "Zertifikat installieren". <br>
+         Wähle "Aktueller Benutzer" und den Zertifikatspeicher "Vertrauenswürdige Stammzertifizierungsstellen"
+      </li>
+
+      <li>
+         Installiere das caddy-root-ca.crt manuell in deinen Browser. Chrome benutzt den Zertifikatsspeicher vom
+         Betriebsystem.
+      </li>
+
+      <li>
+         Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus:
+         <pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.lan/</span>root.crt
+sudo mkdir -p /usr/local/share/ca-certificates/extra
+sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/
+sudo update-ca-certificates
+         </code>
+         </pre>
+         <script>
+            let url = new URL(window.location);
+            url.protocol = 'http:';
+            url.port = '80';
+            document.getElementById("url").innerHTML = url.toString();
+            </script>
+      </li>
+      <li>
+         Fertig.
+         <a>Wechsle jetzt zu https
+            <script>
+               let httpsurl = new URL(window.location);
+               httpsurl.protocol = 'https:';
+               httpsurl.port = '443';
+               document.currentScript.parentElement.href = httpsurl.toString();
+            </script>
+         </a>.
+      </li>
+
+   </ol>
+   </p>
+
+</body>
+
+
+
+</html>

torrent/docker-compose.yaml

@@ -13,7 +13,7 @@ services:
     networks:
       - web
     ports:
-#      - 9091:9091
+      - 9091:9091
       - 51413:51413
       - 51413:51413/udp
     restart: unless-stopped