homeserver/opt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee6a628e23d69910b6b22f8b7ce400a6c004b4d6
opt/caddy/Caddyfile

239 lines
8.0 KiB
Caddyfile
Raw Blame History

{
dynamic_dns {
provider route53
domains {
veenboer.xyz. rik
}
versions ipv4
}
layer4 {
:443 {
@openvpn openvpn
route @openvpn {
proxy host:444 # Proxy OpenVPN traffic to its backend
}
}
}
order geoip2_vars first
geoip2 {
accountId {$GEO_ACCOUNT_ID}
licenseKey {$GEO_API_KEY}
databaseDirectory "/data/caddy/geoip/"
lockFile "/data/caddy/geoip/geoip2.lock"
editionID "GeoLite2-City"
updateUrl "https://updates.maxmind.com"
updateFrequency 86400 # in seconds
}
}
rik.veenboer.xyz \
*.rik.veenboer.xyz \
{
reverse_proxy nginx
handle_path /test/* {
reverse_proxy host:12345
}
handle_path /jellyfin/* {
reverse_proxy host:8097
}
tls {
dns route53 {
access_key_id {$AWS_ACCESS_KEY_ID}
secret_access_key {$AWS_SECRET_ACCESS_KEY}
}
}
log {
output file /var/log/root.log
}
}
(unprotected) {
{args[0]}.rik.veenboer.xyz {
reverse_proxy {args[1]}
}
}
#import unprotected ha host:8123 # homeassistant
import unprotected jellyfin host:8097
import unprotected authentik host:19000
import unprotected jupyter host:9999
import unprotected grafana host:3333
import unprotected pgadmin host:5050
import unprotected homarr host:17575
import unprotected jellyseerr host:15055
(authentik) {
reverse_proxy /outpost.goauthentik.io/* http://host:19000
forward_auth http://host:19000 {
uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
copy_headers {
X-Authentik-Username
X-Authentik-Groups
X-Authentik-Email
X-Authentik-Name
X-Authentik-Uid
X-Authentik-Jwt
X-Authentik-Meta-Jwks
X-Authentik-Meta-Outpost
X-Authentik-Meta-Provider
X-Authentik-Meta-App
X-Authentik-Meta-Version
X-Authentik-Other
X-Authentik-Password
X-Authentik-This
X-Authentik-What
Authorization>X-Custom-Authorization
X-Custom-User
X-Custom-Password
X-User-Header
X-Seafile-User
}
}
}
(protected) {
{args[0]}.rik.veenboer.xyz {
import authentik
reverse_proxy {args[1]}
}
}
import protected sonarr host:18989
import protected radarr host:17878
import protected bazarr host:16767
import protected jackett host:9117
import protected dagster host:3000
import protected photoprism host:2342
import protected qbittorrent host:9092
import protected esp host:6052
import protected dsmr host:8888
import protected transmission host:9091
import protected droppy host:8989
import protected filebrowser host:8002
#import protected app host:12345
ha.rik.veenboer.xyz {
log {
output file /var/log/ha.log
}
route {
@app <<CEL
header({'X-Requested-With': 'io.homeassistant.companion.android'}) ||
header_regexp('User-Agent', '^Home Assistant') ||
header_regexp('User-Agent', 'Android')
CEL
handle @app {
reverse_proxy host:8123
}
handle {
reverse_proxy /outpost.goauthentik.io/* http://host:19000
forward_auth http://host:19000 {
uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
copy_headers {
X-Homeassistant-User
}
}
reverse_proxy host:8123
}
}
}
unused.rik.veenboer.xyz {
handle {
# import authentik
reverse_proxy host:8100
}
handle /seafhttp* {
uri strip_prefix seafhttp
reverse_proxy host:8182
}
handle /seafdav* {
reverse_proxy host:8180
}
}
geo.rik.veenboer.xyz {
log {
output file /var/log/geo.log
}
geoip2_vars wild
# strict: Alway ignore 'X-Forwarded-For' header
# wild: Trust 'X-Forwarded-For' header_up if existed
# trusted_proxies: Trust 'X-Forwarded-For' header_up if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
# default: trusted_proxies
@geofilter expression ({geoip2.country_code} == "NL")
route @geofilter {
reverse_proxy host:12345 {
header_up X-Real-IP {remote_host}
header_up X-Geo-Ip-Address "{geoip2.ip_address}"
header_up X-Geo-Country-Code "{geoip2.country_code}"
header_up X-Geo-Country-Name "{geoip2.country_name}"
header_up X-Geo-Country-Eu "{geoip2.country_eu}"
header_up X-Geo-Country-Locales "{geoip2.country_locales}"
header_up X-Geo-Country-Confidence "{geoip2.country_confidence}"
header_up X-Geo-Country-Names "{geoip2.country_names}"
header_up X-Geo-Country-Geoname-Id "{geoip2.country_geoname_id}"
header_up X-Geo-Continent-Code "{geoip2.continent_code}"
header_up X-Geo-Continent-Locales "{geoip2.continent_locales}"
header_up X-Geo-Continent-Names "{geoip2.continent_names}"
header_up X-Geo-Continent-Geoname-Id "{geoip2.continent_geoname_id}"
header_up X-Geo-Continent-Name "{geoip2.continent_name}"
header_up X-Geo-City-Confidence "{geoip2.city_confidence}"
header_up X-Geo-City-Locales "{geoip2.city_locales}"
header_up X-Geo-City-Names "{geoip2.city_names}"
header_up X-Geo-City-Geoname-Id "{geoip2.city_geoname_id}"
header_up X-Geo-City-Name "{geoip2.city_name}"
header_up X-Geo-Location-Latitude "{geoip2.location_latitude}"
header_up X-Geo-Location-Longitude "{geoip2.location_longitude}"
header_up X-Geo-Location-Time-Zone "{geoip2.location_time_zone}"
header_up X-Geo-Location-Accuracy-Radius "{geoip2.location_accuracy_radius}"
header_up X-Geo-Location-Average-Income "{geoip2.location_average_income}"
header_up X-Geo-Location-Metro-Code "{geoip2.location_metro_code}"
header_up X-Geo-Location-Population-Density "{geoip2.location_population_density}"
header_up X-Geo-Postal-Code "{geoip2.postal_code}"
header_up X-Geo-Postal-Confidence "{geoip2.postal_confidence}"
header_up X-Geo-Registeredcountry-Geoname-Id "{geoip2.registeredcountry_geoname_id}"
header_up X-Geo-Registeredcountry-Is-In-European-Union "{geoip2.registeredcountry_is_in_european_union}"
header_up X-Geo-Registeredcountry-Iso-Code "{geoip2.registeredcountry_iso_code}"
header_up X-Geo-Registeredcountry-Names "{geoip2.registeredcountry_names}"
header_up X-Geo-Registeredcountry-Name "{geoip2.registeredcountry_name}"
header_up X-Geo-RepresentedCountry-Geoname-Id "{geoip2.representedcountry_geoname_id}"
header_up X-Geo-RepresentedCountry-Is-In-European-Union "{geoip2.representedcountry_is_in_european_union}"
header_up X-Geo-RepresentedCountry-Iso-Code "{geoip2.representedcountry_iso_code}"
header_up X-Geo-RepresentedCountry-Names "{geoip2.representedcountry_names}"
header_up X-Geo-RepresentedCountry-Locales "{geoip2.representedcountry_locales}"
header_up X-Geo-RepresentedCountry-Confidence "{geoip2.representedcountry_confidence}"
header_up X-Geo-RepresentedCountry-Type "{geoip2.representedcountry_type}"
header_up X-Geo-RepresentedCountry-Name "{geoip2.representedcountry_name}"
header_up X-Geo-Traits-Is-Anonymous-Proxy "{geoip2.traits_is_anonymous_proxy}"
header_up X-Geo-Traits-Is-Anonymous-Vpn "{geoip2.traits_is_anonymous_vpn}"
header_up X-Geo-Traits-Is-Satellite-Provider "{geoip2.traits_is_satellite_provider}"
header_up X-Geo-Traits-Autonomous-System-Number "{geoip2.traits_autonomous_system_number}"
header_up X-Geo-Traits-Autonomous-System-Organization "{geoip2.traits_autonomous_system_organization}"
header_up X-Geo-Traits-Connection-Type "{geoip2.traits_connection_type}"
header_up X-Geo-Traits-Domain "{geoip2.traits_domain}"
header_up X-Geo-Traits-Is-Hosting-Provider "{geoip2.traits_is_hosting_provider}"
header_up X-Geo-Traits-Is-Legitimate-Proxy "{geoip2.traits_is_legitimate_proxy}"
header_up X-Geo-Traits-Is-Public-Proxy "{geoip2.traits_is_public_proxy}"
header_up X-Geo-Traits-Is-Residential-Proxy "{geoip2.traits_is_residential_proxy}"
header_up X-Geo-Traits-Is-Tor-Exit-Node "{geoip2.traits_is_tor_exit_node}"
header_up X-Geo-Traits-Isp "{geoip2.traits_isp}"
header_up X-Geo-Traits-Mobile-Country-Code "{geoip2.traits_mobile_country_code}"
header_up X-Geo-Traits-Mobile-Network-Code "{geoip2.traits_mobile_network_code}"
header_up X-Geo-Traits-Network "{geoip2.traits_network}"
header_up X-Geo-Traits-Organization "{geoip2.traits_organization}"
header_up X-Geo-Traits-User-Type "{geoip2.traits_user_type}"
header_up X-Geo-Traits-User-Count "{geoip2.traits_userCount}"
header_up X-Geo-Traits-Static-Ip-Score "{geoip2.traits_static_ip_score}"
}
}
Reference in New Issue View Git Blame Copy Permalink