remove nginx

caddy/Caddyfile

@@ -31,7 +31,6 @@
 rik.veenboer.xyz \
 *.rik.veenboer.xyz \
  {
-	reverse_proxy nginx
 	handle_path /test/* {
 		reverse_proxy host:12345
 	}
@@ -65,6 +64,14 @@ import unprotected homarr host:17575
 import unprotected jellyseerr host:15055
 #import unprotected seafile host:12380
 
+
+seafile.rik.veenboer.xyz {
+	log {
+		output file /var/log/seafile.log
+	}
+	reverse_proxy host:12380
+}
+
 (authentik) {
 	reverse_proxy /outpost.goauthentik.io/* http://host:19000
 	forward_auth http://host:19000 {
@@ -116,6 +123,7 @@ import protected filebrowser host:8002
 
 #import protected app host:12345
 
+
 ha.rik.veenboer.xyz {
 	log {
 		output file /var/log/ha.log

docker-compose.caddy.yml

@@ -3,8 +3,6 @@ services:
         build:
             context: /opt/caddy/
         container_name: caddy
-        depends_on:
-        - nginx
         environment:
         - AWS_REGION=eu-west-1
         - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
@@ -12,8 +10,6 @@ services:
         - GEO_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:?}
         - GEO_API_KEY=${MAXMIND_API_KEY:?}
         image: caddy
-        links:
-        - nginx
         ports:
         - 443:443
         restart: unless-stopped

docker-compose.nginx.yml

@@ -1,15 +0,0 @@
-services:
-    nginx:
-        container_name: nginx
-        extra_hosts:
-        - host:192.168.2.200
-        image: nginx:1.25.4
-        ports:
-        - 20080:80
-        restart: unless-stopped
-        volumes:
-        - /opt/nginx/etc/.htpasswd:/host/etc/.htpasswd
-        - /opt/nginx/etc/nginx/conf:/etc/nginx/conf
-        - /opt/nginx/etc/nginx/conf.d:/etc/nginx/conf.d
-        - /opt/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
-        - /opt/nginx/var/log/nginx:/var/log/nginx

nginx/etc/.htpasswd

@@ -1 +0,0 @@
-user:$apr1$PUlYgSSM$cZbvFGsKVt4SsAsB5Bifr1

nginx/etc/nginx/conf.d/global.conf

@@ -1,19 +0,0 @@
-server {
-    # seafile
-    listen 80;
-    server_name seafile.rik.veenboer.xyz;
-    location / {
-        proxy_pass http://host:8100;
-        include /etc/nginx/conf/proxy.conf;
-    }
-    location /seafhttp {
-        rewrite ^/seafhttp(.*)$ $1 break;
-        proxy_pass http://host:8182;
-        client_max_body_size 0;
-    }
-    location /seafdav {
-        proxy_pass http://host:8180;
-        include /etc/nginx/conf/proxy.conf;
-    }
-}
-

nginx/etc/nginx/conf/headers.conf

@@ -1,13 +0,0 @@
-auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
-auth_request_set $sub                    $upstream_http_x_vouch_idp_claims_sub;
-auth_request_set $name                   $upstream_http_x_vouch_idp_claims_name;
-auth_request_set $email                  $upstream_http_x_vouch_idp_claims_email;
-auth_request_set $email_verified         $upstream_http_x_vouch_idp_claims_email_verified;
-auth_request_set $preferred_username     $upstream_http_x_vouch_idp_claims_preferred_username;
-
-proxy_set_header X-Forwarded-User               $auth_resp_x_vouch_user;
-proxy_set_header X-Forwarded-Sub                $sub;
-proxy_set_header X-Forwarded-Name               $name;
-proxy_set_header X-Forwarded-Email              $email;
-proxy_set_header X-Forwarded-Email-Verified     $email_verified;
-proxy_set_header X-Forwarded-Preferred-Username $preferred_username;

nginx/etc/nginx/conf/proxy.conf

@@ -1,10 +0,0 @@
-# Proxy
-proxy_redirect off;
-proxy_set_header Host $host;
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Ssl on;
-
-# Websocket
-proxy_http_version 1.1;
-proxy_set_header Upgrade $http_upgrade;
-proxy_set_header Connection $http_connection;

nginx/etc/nginx/conf/ssl.conf

@@ -1,20 +0,0 @@
-# Enable SSL
-ssl_certificate /host/etc/certs/certificate+intermediate.pem;
-ssl_certificate_key /host/etc/certs/key.pem;
-ssl_dhparam /host/etc/certs/dh.pem;
-
-# Increased security, from https://cipherli.st/
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-ssl_prefer_server_ciphers on;
-ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-ssl_ecdh_curve secp384r1;
-ssl_session_cache shared:SSL:10m;
-ssl_session_tickets off;
-ssl_stapling on;
-ssl_stapling_verify on;
-resolver_timeout 5s;
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
-
-# Redirect HTTP trafic
-error_page 497 https://$host:$server_port$request_uri;

nginx/etc/nginx/conf/vouch-path.conf

@@ -1,14 +0,0 @@
-location /vouch { # vouch
-    proxy_pass http://host:9093; # must not! have a slash at the end
-    proxy_set_header Host $http_host;
-    proxy_pass_request_body off;
-    proxy_set_header Content-Length "";
-
-    # these return values are used by the @error401 call
-    auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
-    auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
-    auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
-}
-
-# if /vouch/validate returns `401 not authorized` then forward the request to the error401block
-error_page 401 = @error401;

nginx/etc/nginx/conf/vouch.conf

@@ -1,31 +0,0 @@
-# Any request to this server will first be sent to this URL
-auth_request /vouch-validate;
-
-# Get the authorized user name (email address)
-auth_request_set $auth_user $upstream_http_x_vouch_user;
-
-location = /vouch-validate {
-    internal;
-
-    # This address is where Vouch will be listening on
-    proxy_pass http://host:9090/validate;
-    proxy_pass_request_body off; # no need to send the POST body
-
-    proxy_set_header Content-Length "";
-    proxy_set_header Host $http_host; # This is required according to the Vouch-Proxy official example
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-
-    # These return values are passed to the @error401 call
-    auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
-    auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
-    auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
-}
-
-error_page 401 = @error401;
-
-# If the user is not logged in, redirect them to Vouch's login URL
-location @error401 {
-    return 302 https://vouch.rik.veenboer.xyz/login?url=https://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
-}

nginx/etc/nginx/nginx.conf

@@ -1,33 +0,0 @@
-user  nginx;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    client_max_body_size 500M;
-
-    server_tokens off;
-    error_page 401 403 404 /404.html;
-    include /etc/nginx/conf.d/*.conf;
-}

seafile-new/docker-compose.seafile.yml

@@ -1,56 +0,0 @@
-services:
-  db:
-    image: ${SEAFILE_DB_IMAGE:-mariadb:10.11}
-    container_name: seafile-mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:?Variable is not set or empty}
-      - MYSQL_LOG_CONSOLE=true
-      - MARIADB_AUTO_UPGRADE=1
-    volumes:
-      - "${SEAFILE_MYSQL_VOLUME:-/opt/seafile-mysql/db}:/var/lib/mysql"
-
-    healthcheck:
-      test:
-        [
-          "CMD",
-          "/usr/local/bin/healthcheck.sh",
-          "--connect",
-          "--mariadbupgrade",
-          "--innodb_initialized",
-        ]
-      interval: 20s
-      start_period: 30s
-      timeout: 5s
-      retries: 10
-
-  seafile:
-    image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:12.0-latest}
-    container_name: seafile
-    ports:
-      - "12380:80"
-      - "18082:8082"
-    volumes:
-      - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
-    environment:
-      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
-      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
-      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
-      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
-      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
-      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
-      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
-      - TIME_ZONE=${TIME_ZONE:-Etc/UTC}
-      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com}
-      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
-      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
-      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
-      - SITE_ROOT=${SITE_ROOT:-/}
-      - NON_ROOT=${NON_ROOT:-false}
-      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
-      - ENABLE_SEADOC=${ENABLE_SEADOC:-false}
-      - SEADOC_SERVER_URL=${SEADOC_SERVER_URL:-http://example.example.com/sdoc-server}
-    labels:
-      caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
-      caddy.reverse_proxy: "{{upstreams 80}}"
-    depends_on:
-      - db