104 lines
2 KiB
Caddyfile
104 lines
2 KiB
Caddyfile
{
|
|
email {env.EMAIL}
|
|
log default {
|
|
output stdout
|
|
format console
|
|
}
|
|
}
|
|
|
|
(proxy-auth) {
|
|
reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000
|
|
forward_auth http://authentik-server:9000 {
|
|
uri /outpost.goauthentik.io/auth/caddy
|
|
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
|
|
trusted_proxies private_ranges
|
|
}
|
|
}
|
|
|
|
*.{$DOMAIN} {
|
|
tls {
|
|
dns netcup {
|
|
customer_number {env.NETCUP_CUSTOMER_NUMBER}
|
|
api_key {env.NETCUP_API_KEY}
|
|
api_password {env.NETCUP_API_PASSWORD}
|
|
}
|
|
propagation_timeout 900s
|
|
propagation_delay 600s
|
|
resolvers 9.9.9.9
|
|
}
|
|
#header Strict-Transport-Security "max-age=63072000"
|
|
|
|
@whoami host whoami.{$DOMAIN}
|
|
handle @whoami {
|
|
route {
|
|
import proxy-auth
|
|
reverse_proxy whoami:80
|
|
}
|
|
}
|
|
|
|
@dashboard host dashboard.{$DOMAIN}
|
|
handle @dashboard {
|
|
reverse_proxy homer:8080
|
|
}
|
|
|
|
@hassi host hassi.{$DOMAIN}
|
|
handle @hassi {
|
|
# reverse_proxy homeassistant:8123
|
|
reverse_proxy {host}:8123
|
|
}
|
|
|
|
@zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
|
|
handle @zigbee2mqtt {
|
|
route {
|
|
import proxy-auth
|
|
reverse_proxy zigbee2mqtt:8080
|
|
}
|
|
}
|
|
|
|
@jellyfin host jellyfin.{$DOMAIN}
|
|
handle @jellyfin {
|
|
reverse_proxy jellyfin:8096
|
|
}
|
|
|
|
@paperless host paperless.{$DOMAIN}
|
|
handle @paperless {
|
|
reverse_proxy paperless-ngx:8000
|
|
}
|
|
|
|
@download host download.{$DOMAIN}
|
|
handle @download {
|
|
reverse_proxy pyload:8000
|
|
}
|
|
|
|
@uptime host uptime.{$DOMAIN}
|
|
handle @uptime {
|
|
reverse_proxy uptime-kuma:3001
|
|
}
|
|
|
|
@torrent host torrent.{$DOMAIN}
|
|
handle @torrent {
|
|
route {
|
|
import proxy-auth
|
|
reverse_proxy transmission:9091
|
|
}
|
|
}
|
|
|
|
@auth host auth.{$DOMAIN}
|
|
handle @auth {
|
|
reverse_proxy authentik-server:9000
|
|
}
|
|
|
|
# Fallback unhandled (sub)domains
|
|
handle {
|
|
error 404
|
|
}
|
|
|
|
handle_errors {
|
|
root * /usr/share/caddy/web
|
|
rewrite * /error.html
|
|
templates
|
|
file_server {
|
|
status {err.status_code}
|
|
}
|
|
}
|
|
}
|