opt/caddy/Caddyfile

rik.veenboer.xyz \
*.rik.veenboer.xyz \
 {
	reverse_proxy nginx
	tls {
		dns route53 {
			access_key_id {$AWS_ACCESS_KEY_ID}
			secret_access_key {$AWS_SECRET_ACCESS_KEY}
		}
	}
}

authentik.rik.veenboer.xyz {
	route {
		reverse_proxy host:19000
	}
}

(authentik) {
	reverse_proxy /outpost.goauthentik.io/* http://host:19000
	forward_auth http://host:19000 {
		uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
		copy_headers {
			X-Authentik-Username
			X-Authentik-Groups
			X-Authentik-Email
			X-Authentik-Name
			X-Authentik-Uid
			X-Authentik-Jwt
			X-Authentik-Meta-Jwks
			X-Authentik-Meta-Outpost
			X-Authentik-Meta-Provider
			X-Authentik-Meta-App
			X-Authentik-Meta-Version
			X-Authentik-Other
			X-Authentik-Password
			X-Authentik-This
			X-Authentik-What
			Authorization>X-Custom-Authorization
			X-Custom-User
			X-Custom-Password
			X-User-Header
			X-Homeassistant-User
			X-Seafile-User
		}
	}
}

(proxy) {
	{args[0]}.rik.veenboer.xyz {
		route {
			import authentik
			reverse_proxy {args[1]}
		}
	}
}

import proxy app host:12345
import proxy dagster host:3000
import proxy photoprism host:2342
import proxy qbittorrent host:9092
import proxy esp host:6052
import proxy dsmr host:8888
import proxy ha host:8123 # homeassistant

insecure.rik.veenboer.xyz {
	route {
		reverse_proxy host:12345
	}
}

seafile.rik.veenboer.xyz {
	handle {
		# import authentik
		reverse_proxy http://host:8100
	}

	handle_path /seafhttp* {
		reverse_proxy http://host:8100
	}

	handle /seafdav* {
		reverse_proxy http://host:8180
	}