212 lines
4.9 KiB
Caddyfile
212 lines
4.9 KiB
Caddyfile
{
|
|
dynamic_dns {
|
|
provider route53
|
|
domains {
|
|
veenboer.xyz. rik
|
|
}
|
|
versions ipv4
|
|
}
|
|
<<<<<<< HEAD
|
|
#order geoip before respond
|
|
|
|
|
|
order geoip2_vars first
|
|
|
|
# Only configure databaseDirectory and editionID when autoupdate is not desired.
|
|
geoip2 {
|
|
accountId {$GEO_ACCOUNT_ID}
|
|
databaseDirectory "/data/caddy/geoip/"
|
|
licenseKey {$GEO_API_KEY}
|
|
lockFile "/data/caddy/geoip/geoip2.lock"
|
|
editionID "GeoLite2-City"
|
|
updateUrl "https://updates.maxmind.com"
|
|
updateFrequency 86400 # in seconds
|
|
}
|
|
=======
|
|
order geo_ip first
|
|
>>>>>>> e0b5673 (experiment with geoip in caddy)
|
|
}
|
|
|
|
rik.veenboer.xyz \
|
|
*.rik.veenboer.xyz \
|
|
{
|
|
reverse_proxy nginx
|
|
handle_path /test/* {
|
|
reverse_proxy host:12345
|
|
}
|
|
handle_path /jellyfin/* {
|
|
reverse_proxy host:8097
|
|
}
|
|
tls {
|
|
dns route53 {
|
|
access_key_id {$AWS_ACCESS_KEY_ID}
|
|
secret_access_key {$AWS_SECRET_ACCESS_KEY}
|
|
}
|
|
}
|
|
log {
|
|
output file /var/log/root.log
|
|
}
|
|
}
|
|
|
|
(unprotected) {
|
|
{args[0]}.rik.veenboer.xyz {
|
|
reverse_proxy {args[1]}
|
|
}
|
|
}
|
|
|
|
#import unprotected ha host:8123 # homeassistant
|
|
import unprotected jellyfin host:8097
|
|
import unprotected authentik host:19000
|
|
import unprotected jupyter host:9999
|
|
import unprotected grafana host:3333
|
|
import unprotected pgadmin host:5050
|
|
import unprotected homarr host:17575
|
|
import unprotected jellyseerr host:15055
|
|
|
|
(authentik) {
|
|
reverse_proxy /outpost.goauthentik.io/* http://host:19000
|
|
forward_auth http://host:19000 {
|
|
uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
|
|
copy_headers {
|
|
X-Authentik-Username
|
|
X-Authentik-Groups
|
|
X-Authentik-Email
|
|
X-Authentik-Name
|
|
X-Authentik-Uid
|
|
X-Authentik-Jwt
|
|
X-Authentik-Meta-Jwks
|
|
X-Authentik-Meta-Outpost
|
|
X-Authentik-Meta-Provider
|
|
X-Authentik-Meta-App
|
|
X-Authentik-Meta-Version
|
|
X-Authentik-Other
|
|
X-Authentik-Password
|
|
X-Authentik-This
|
|
X-Authentik-What
|
|
Authorization>X-Custom-Authorization
|
|
X-Custom-User
|
|
X-Custom-Password
|
|
X-User-Header
|
|
X-Seafile-User
|
|
}
|
|
}
|
|
}
|
|
|
|
(protected) {
|
|
{args[0]}.rik.veenboer.xyz {
|
|
import authentik
|
|
reverse_proxy {args[1]}
|
|
}
|
|
}
|
|
|
|
import protected sonarr host:18989
|
|
import protected app host:12345
|
|
import protected dagster host:3000
|
|
import protected photoprism host:2342
|
|
import protected qbittorrent host:9092
|
|
import protected esp host:6052
|
|
import protected dsmr host:8888
|
|
|
|
insecure.rik.veenboer.xyz {
|
|
reverse_proxy host:12345
|
|
}
|
|
|
|
unused.rik.veenboer.xyz {
|
|
handle {
|
|
# import authentik
|
|
reverse_proxy host:8100
|
|
}
|
|
|
|
handle /seafhttp* {
|
|
uri strip_prefix seafhttp
|
|
reverse_proxy host:8182
|
|
}
|
|
|
|
handle /seafdav* {
|
|
reverse_proxy host:8180
|
|
}
|
|
}
|
|
|
|
ha.rik.veenboer.xyz {
|
|
log {
|
|
output file /var/log/ha.log
|
|
}
|
|
route {
|
|
@app <<CEL
|
|
header({'X-Requested-With': 'io.homeassistant.companion.android'}) ||
|
|
header_regexp('User-Agent', '^Home Assistant') ||
|
|
header_regexp('User-Agent', 'Android')
|
|
CEL
|
|
handle @app {
|
|
reverse_proxy host:8123
|
|
}
|
|
handle {
|
|
reverse_proxy /outpost.goauthentik.io/* http://host:19000
|
|
forward_auth http://host:19000 {
|
|
uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
|
|
copy_headers {
|
|
X-Homeassistant-User
|
|
}
|
|
}
|
|
reverse_proxy host:8123
|
|
}
|
|
}
|
|
}
|
|
|
|
geo.rik.veenboer.xyz {
|
|
log {
|
|
output file /var/log/geo.log
|
|
}
|
|
|
|
<<<<<<< HEAD
|
|
geoip2_vars strict
|
|
# strict: Alway ignore 'X-Forwarded-For' header
|
|
# wild: Trust 'X-Forwarded-For' header if existed
|
|
# trusted_proxies: Trust 'X-Forwarded-For' header if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
|
|
# default: trusted_proxies
|
|
|
|
# Add country and state code to the header
|
|
header geoip-country "{geoip2.country_code}"
|
|
header geoip-subdivision "{geoip2.subdivisions_1_iso_code}"
|
|
|
|
# Respond to anyone in the US and Canada, but not from Ohio
|
|
@geofilter expression ({geoip2.country_code} != "US" || {geoip2.country_code} == "NL") && {geoip2.subdivisions_1_iso_code} != "OH"
|
|
|
|
respond @geofilter "hello local:
|
|
geoip2.country_code:{geoip2.country_code}
|
|
geoip2.country_name:{geoip2.country_name}
|
|
geoip2.city_geoname_id:{geoip2.city_geoname_id}
|
|
geoip2.city_name:{geoip2.city_name}
|
|
geoip2.location_latitude:{geoip2.location_latitude}
|
|
geoip2.location_longitude:{geoip2.location_longitude}
|
|
geoip2.location_time_zone:{geoip2.location_time_zone}"
|
|
=======
|
|
geo_ip {
|
|
db_path /data/caddy/GeoLite2-Country.mmdb
|
|
}
|
|
|
|
@local {
|
|
maxmind_geolocation {
|
|
db_path /data/caddy/GeoLite2-Country.mmdb
|
|
allow_countries IT FR
|
|
}
|
|
}
|
|
|
|
route {
|
|
header X-GeoIP-Country-Code {geoip.country_code}
|
|
header X-GeoIP-Country-Name {geoip.country_name}
|
|
header X-GeoIP-Region {geoip.region_name}
|
|
header X-GeoIP-City {geoip.city_name}
|
|
header X-GeoIP-Latitude {geoip.latitude}
|
|
header X-GeoIP-Longitude {geoip.longitude}
|
|
header X-GeoIP-Postal-Code {geoip.postal_code}
|
|
header X-GeoIP-Timezone {geoip.time_zone}
|
|
|
|
reverse_proxy host:12345 {
|
|
header_up X-Test "{geoip_country_name}"
|
|
header_down X-Client-IP "{remote_host}"
|
|
}
|
|
}
|
|
>>>>>>> e0b5673 (experiment with geoip in caddy)
|
|
}
|