tocluster

Caddyfile

@@ -1,7 +1,17 @@
 {
 	email {$ACME_EMAIL}
 }
-git.{$DOMENESHOP_DNS} {
+### FUNKSJONER ###
+(remote-ip) {
+	@internal remote_ip 10.10.10.0/24 127.0.0.1/8
+	@external remote_ip 0.0.0.0/0
+}
+(common-auth) {
+	basicauth {
+		tvh $2a$14$9nNDlR6oYiSIX7ENnel.E.pezV8LQpHS3hhzhglXwijMFwgEYMAq2
+	}
+}
+(rate-limit) {
 	rate_limit {
 		zone git_zone {
 			key {remote_host}
@@ -9,27 +19,62 @@ git.{$DOMENESHOP_DNS} {
 			window 10s
 		}
 	}
-	reverse_proxy gitea:3000
+}
+(read-only) {
+	@readonly {
+		method POST PUT DELETE PATCH
+	}
+	respond @readonly 403
+}
+### TJENESTER ###
+git.{$DOMENESHOP_DNS} {
+	import remote-ip
+	handle @external {
+		import rate-limit
+		reverse_proxy gitea:3000
+	}
 }
 lms.home.{$DOMENESHOP_DNS}  {
-    tls internal
-    @internal remote_ip 10.10.10.0/24 127.0.0.1/8
-    handle @internal {
-        basicauth {
-            tvh $2a$14$9nNDlR6oYiSIX7ENnel.E.pezV8LQpHS3hhzhglXwijMFwgEYMAq2
-        }
-        reverse_proxy lms:9000        
-    }
-    respond "Forbidden" 403
+	tls internal
+	import remote-ip
+	handle @internal {
+		reverse_proxy lms:9000        
+	}
+	respond "Forbidden" 403
 }
 
 pihole.home.{$DOMENESHOP_DNS} {
-    tls internal
-    redir / /admin
-    reverse_proxy pihole:80
-    respond "Forbidden" 403
+	tls internal
+	import remote-ip
+	handle @internal {
+		redir / /admin
+		reverse_proxy pihole:80
+	}
 }
 nextcloud.{$DOMENESHOP_DNS}  {
-        encode gzip zstd
-        reverse_proxy nextcloud-app:80
+	import remote-ip
+	handle @external {
+		import rate-limit
+		encode gzip zstd
+		reverse_proxy nextcloud-app:80
+	}
 }
+portainer.{$DOMENESHOP_DNS} {
+	import remote-ip
+	handle @external {
+		import common-auth
+		import rate-limit
+		import read-only
+		reverse_proxy portainer:9000
+	}
+	respond "Forbidden" 403
+}
+portainer.home.{$DOMENESHOP_DNS} {
+	import remote-ip
+	handle @internal {
+		reverse_proxy portainer:9000
+	}
+        respond "Forbidden" 403
+}
+
+