From a1f598c46a247bf70fcea9750a0336d400936104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Domr=C3=B6se?= Date: Thu, 24 Apr 2025 06:36:03 -0500 Subject: [PATCH] add Caddy --- caddy/Caddyfile | 76 ++++++++++++++++++++++++++++++++++++++++ caddy/config/config | 29 +++++++++++++++ caddy/docker-compose.yml | 32 +++++++++++++++++ caddy/reload.sh | 5 +++ 4 files changed, 142 insertions(+) create mode 100644 caddy/Caddyfile create mode 100644 caddy/config/config create mode 100644 caddy/docker-compose.yml create mode 100755 caddy/reload.sh diff --git a/caddy/Caddyfile b/caddy/Caddyfile new file mode 100644 index 0000000..de6285e --- /dev/null +++ b/caddy/Caddyfile @@ -0,0 +1,76 @@ +git.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.194:8418 +} + +guac.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:6080 +} + +rss.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:8884 +} + +morphos.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:8020 +} + +uptimekuma.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:8030 +} + +kopia.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:51515 +} + +jenkins.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:8040 +} + +pihole.home.domroese.eu { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:2000 +} + +paperless.home.domroese.eu:443, +paperless.home.domroese.eu:80 { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:1000 +} + +ittools.home.domroese.eu:443, +ittools.home.domroese.eu:80 { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:9080 +} + +vault.home.domroese.eu:443, +vault.home.domroese.eu:80 { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:4080 +} + +chat.home.domroese.eu:443 { + tls soenke@domroese.eu + reverse_proxy 192.168.1.65:1180 +} + +nas.home.domroese.eu { + tls soenke@domroese.eu { + client_auth { + mode request + } + } + reverse_proxy https://192.168.1.194:5001 { + transport http { + tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas + } + } +} + diff --git a/caddy/config/config b/caddy/config/config new file mode 100644 index 0000000..3f29c2c --- /dev/null +++ b/caddy/config/config @@ -0,0 +1,29 @@ +{ + "admin": { + "disabled": false, + "listen": "*:2019", + "enforce_origin": false, + "origins": [ + "0.0.0.0", + "localhost", + "192.168.0.0/24" + ], + "remote": { + "listen": "", + "access_control": [{ + "public_keys": [ + "" + ], + "permissions": [{ + "paths": [ + "" + ], + "methods": [ + "" + ] + }] + }] + } + } +} + diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml new file mode 100644 index 0000000..1095091 --- /dev/null +++ b/caddy/docker-compose.yml @@ -0,0 +1,32 @@ +services: + web: + image: caddy + container_name: "caddy" + ports: + - "2019:2019" + - "8880:80" + - "8443:443" + - "8443:443/udp" + - "8448:8448" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - caddy-data:/data + - caddy-config:/config + restart: unless-stopped + networks: + - caddy-network + + caddy-ui: + image: qmcgaw/caddy-ui + ports: + - "8881:8000" + environment: + - CADDY_API_ENDPOINT=http://192.168.1.65:2019 + networks: + - caddy-network +networks: + caddy-network: + +volumes: + caddy-data: + caddy-config: diff --git a/caddy/reload.sh b/caddy/reload.sh new file mode 100755 index 0000000..78e39c2 --- /dev/null +++ b/caddy/reload.sh @@ -0,0 +1,5 @@ +!#/bin/bash + +caddy_container_id=$(docker ps | grep caddy | awk '{print $1;}') +docker exec -w /etc/caddy $caddy_container_id caddy reload +