From 97926774482149a1486aaf09192be11b0eab3090 Mon Sep 17 00:00:00 2001
From: Rik Veenboer <rik.veenboer@gmail.com>
Date: Thu, 21 Nov 2024 17:34:20 +0100
Subject: [PATCH] fix jellyfin, dynamic dns and experiment with header-based
 proxy

---
 caddy/Caddyfile          | 57 +++++++++++++++++++++++++++++++---------
 docker-compose.caddy.yml |  5 ++--
 2 files changed, 47 insertions(+), 15 deletions(-)

diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 22a2c75..ed2e5cb 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -1,10 +1,10 @@
 {
 	dynamic_dns {
 		provider route53
-        domains {
-            veenboer.xyz rik
-        }
-        check_interval 1m
+		domains {
+			veenboer.xyz. rik
+		}
+		versions ipv4
 	}
 }
 
@@ -12,14 +12,20 @@ rik.veenboer.xyz \
 *.rik.veenboer.xyz \
  {
 	reverse_proxy nginx
+	handle_path /test/* {
+		reverse_proxy host:12345
+	}
+	handle_path /jellyfin/* {
+		reverse_proxy host:8097
+	}
 	tls {
 		dns route53 {
 			access_key_id {$AWS_ACCESS_KEY_ID}
 			secret_access_key {$AWS_SECRET_ACCESS_KEY}
 		}
 	}
-	route {
-		reverse_proxy /test/* host:8097
+	log {
+		output file /var/log/root.log
 	}
 }
 
@@ -31,12 +37,13 @@ rik.veenboer.xyz \
 	}
 }
 
+#import unprotected ha host:8123 # homeassistant
+import unprotected jellyfin host:8097
 import unprotected authentik host:19000
 import unprotected jupyter host:9999
 import unprotected grafana host:3333
 import unprotected pgadmin host:5050
 import unprotected homarr host:17575
-import unprotected jellyfin host:8097
 import unprotected jellyseerr host:15055
 
 (authentik) {
@@ -78,7 +85,6 @@ import unprotected jellyseerr host:15055
 	}
 }
 
-import protected ha host:8123 # homeassistant
 import protected sonarr host:18989
 import protected app host:12345
 import protected dagster host:3000
@@ -100,11 +106,36 @@ unused.rik.veenboer.xyz {
 	}
 
 	handle /seafhttp* {
-			uri strip_prefix seafhttp
-			reverse_proxy host:8182
-		}
+		uri strip_prefix seafhttp
+		reverse_proxy host:8182
+	}
 
-		handle /seafdav* {
-			reverse_proxy host:8180
+	handle /seafdav* {
+		reverse_proxy host:8180
+	}
+}
+
+ha.rik.veenboer.xyz {
+	log {
+		output file /var/log/ha.log
+	}
+
+	route {
+		@app {
+			header X-Requested-With io.homeassistant.companion.android
+		}
+		handle @app {
+			reverse_proxy host:8123
+		}
+		handle {
+			reverse_proxy /outpost.goauthentik.io/* http://host:19000
+			forward_auth http://host:19000 {
+				uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
+				copy_headers {
+					X-Homeassistant-User
+				}
+			}
+			reverse_proxy host:8123
 		}
 	}
+}
diff --git a/docker-compose.caddy.yml b/docker-compose.caddy.yml
index d2752da..9025a05 100644
--- a/docker-compose.caddy.yml
+++ b/docker-compose.caddy.yml
@@ -7,8 +7,8 @@ services:
         - nginx
         environment:
         - AWS_REGION=eu-west-1
-        - AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:?}"
-        - AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:?}"
+        - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
+        - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}
         image: caddy
         links:
         - nginx
@@ -18,5 +18,6 @@ services:
         volumes:
         - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile
         - /opt/caddy/data:/data/caddy
+        - /opt/caddy/logs:/var/log
         extra_hosts:
         - host:192.168.2.200