From 694a3ca2f42db95036c0f3ed40578388f10de815 Mon Sep 17 00:00:00 2001 From: madereddy <49539048+madereddy@users.noreply.github.com> Date: Mon, 11 Dec 2023 14:31:08 -0500 Subject: [PATCH] Add CaddyFile --- docker/caddy/Caddyfile | 90 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 docker/caddy/Caddyfile diff --git a/docker/caddy/Caddyfile b/docker/caddy/Caddyfile new file mode 100644 index 0000000..ca0b9a5 --- /dev/null +++ b/docker/caddy/Caddyfile @@ -0,0 +1,90 @@ +{ + # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory + #servers { + # trusted_proxies cloudflare { + # interval 12h + # timeout 15s + # } + # client_ip_headers Cf-Connecting-Ip + #} +} + +outsideuptimedev.madereddy.com { + reverse_proxy uptime:3001 +} + +oracledev.madereddy.com { + log { + level INFO + output file "/data/oracleaccess.log" { + roll_size 10MB + roll_keep 10 + } + } + + reverse_proxy syncthing:8384 { + transport http { + tls_insecure_skip_verify + } + } + + route /hook* { + rewrite /hook/ / + reverse_proxy webhook:8080 + } +} + +bitwardenhome.madereddy.com { + log { + level INFO + output file "/data/access.log" { + roll_size 10MB + roll_keep 10 + } + } + + # Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL). + #tls { + # dns cloudflare "KOVqE-q6TxjLRofG1rDVRR3KoI0SLVxLyA8QefHZ" + #} + # Or uncomment this if you're providing your own cert. You would also use this option + # if you're running behind Cloudflare. + # tls {$SSL_CERT_PATH} {$SSL_KEY_PATH} + + # This setting may have compatibility issues with some browsers + # (e.g., attachment downloading on Firefox). Try disabling this + # if you encounter issues. + encode gzip + + # Uncomment to improve security (WARNING: only use if you understand the implications!) + # header { + # # Enable HTTP Strict Transport Security (HSTS) + # Strict-Transport-Security "max-age=31536000;" + # # Enable cross-site filter (XSS) and tell browser to block detected attacks + # X-XSS-Protection "1; mode=block" + # # Disallow the site to be rendered within a frame (clickjacking protection) + # X-Frame-Options "DENY" + # # Prevent search engines from indexing (optional) + # X-Robots-Tag "none" + # # Server name removing + # -Server + # } + + # Uncomment to allow access to the admin interface only from local networks + # @insecureadmin { + # not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 + # path /admin* + # } + # redir @insecureadmin / + + # Proxy everything else to Rocket + reverse_proxy bitwarden:8080 { + # Send the true remote IP to Rocket, so that vaultwarden can put this in the + # log, so that fail2ban can ban the correct IP. + header_up X-Real-IP {http.request.header.CF-Connecting-IP} + } +} + +foundrydev.madereddy.com { + reverse_proxy foundry-dr:30000 +} \ No newline at end of file