{ email {env.EMAIL} log default { output stdout format console } } (proxy-auth) { reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000 forward_auth http://authentik-server:9000 { uri /outpost.goauthentik.io/auth/caddy copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version trusted_proxies private_ranges } } *.{$DOMAIN} { tls { dns netcup { customer_number {env.NETCUP_CUSTOMER_NUMBER} api_key {env.NETCUP_API_KEY} api_password {env.NETCUP_API_PASSWORD} } propagation_timeout 900s propagation_delay 600s resolvers 9.9.9.9 } #header Strict-Transport-Security "max-age=63072000" @whoami host whoami.{$DOMAIN} handle @whoami { route { import proxy-auth reverse_proxy whoami:80 } } @dashboard host dashboard.{$DOMAIN} handle @dashboard { reverse_proxy homer:8080 } @hassi host hassi.{$DOMAIN} handle @hassi { # reverse_proxy homeassistant:8123 reverse_proxy {host}:8123 } @zigbee2mqtt host zigbee2mqtt.{$DOMAIN} handle @zigbee2mqtt { route { import proxy-auth reverse_proxy zigbee2mqtt:8080 } } @jellyfin host jellyfin.{$DOMAIN} handle @jellyfin { reverse_proxy jellyfin:8096 } @paperless host paperless.{$DOMAIN} handle @paperless { reverse_proxy paperless-ngx:8000 } @download host download.{$DOMAIN} handle @download { reverse_proxy pyload:8000 } @uptime host uptime.{$DOMAIN} handle @uptime { reverse_proxy uptime-kuma:3001 } @torrent host torrent.{$DOMAIN} handle @torrent { route { import proxy-auth reverse_proxy transmission:9091 } } @auth host auth.{$DOMAIN} handle @auth { reverse_proxy authentik-server:9000 } # Fallback unhandled (sub)domains handle { error 404 } handle_errors { root * /usr/share/caddy/web rewrite * /error.html templates file_server { status {err.status_code} } } }