tvh-linux/caddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tocluster

Browse Source
This commit is contained in:
Tord-Vincent Heggland
2026-04-13 16:30:12 +02:00
parent 9cf7a7d12e
commit 6ce55e28f1
3 changed files with 152 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
Caddyfile
View File

@@ -1,7 +1,17 @@
{ {
email {$ACME_EMAIL} email {$ACME_EMAIL}
} }
git.{$DOMENESHOP_DNS} { ### FUNKSJONER ###
(remote-ip) {
@internal remote_ip 10.10.10.0/24 127.0.0.1/8
@external remote_ip 0.0.0.0/0
}
(common-auth) {
basicauth {
tvh $2a$14$9nNDlR6oYiSIX7ENnel.E.pezV8LQpHS3hhzhglXwijMFwgEYMAq2
}
}
(rate-limit) {
rate_limit { rate_limit {
zone git_zone { zone git_zone {
key {remote_host} key {remote_host}
@@ -9,15 +19,25 @@ git.{$DOMENESHOP_DNS} {
window 10s window 10s
} }
} }
}
(read-only) {
@readonly {
method POST PUT DELETE PATCH
}
respond @readonly 403
}
### TJENESTER ###
git.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
import rate-limit
reverse_proxy gitea:3000 reverse_proxy gitea:3000
}
} }
lms.home.{$DOMENESHOP_DNS} { lms.home.{$DOMENESHOP_DNS} {
tls internal tls internal
@internal remote_ip 10.10.10.0/24 127.0.0.1/8 import remote-ip
handle @internal { handle @internal {
basicauth {
tvh $2a$14$9nNDlR6oYiSIX7ENnel.E.pezV8LQpHS3hhzhglXwijMFwgEYMAq2
}
reverse_proxy lms:9000 reverse_proxy lms:9000
} }
respond "Forbidden" 403 respond "Forbidden" 403
@@ -25,11 +45,36 @@ lms.home.{$DOMENESHOP_DNS} {
pihole.home.{$DOMENESHOP_DNS} { pihole.home.{$DOMENESHOP_DNS} {
tls internal tls internal
import remote-ip
handle @internal {
redir / /admin redir / /admin
reverse_proxy pihole:80 reverse_proxy pihole:80
respond "Forbidden" 403 }
} }
nextcloud.{$DOMENESHOP_DNS} { nextcloud.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
import rate-limit
encode gzip zstd encode gzip zstd
reverse_proxy nextcloud-app:80 reverse_proxy nextcloud-app:80
}
} }
portainer.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
import common-auth
import rate-limit
import read-only
reverse_proxy portainer:9000
}
respond "Forbidden" 403
}
portainer.home.{$DOMENESHOP_DNS} {
import remote-ip
handle @internal {
reverse_proxy portainer:9000
}
respond "Forbidden" 403
}

87
Caddyfile.save Normal file
View File

@@ -0,0 +1,87 @@
{
email {$ACME_EMAIL}
}
(remote-ip) {
@internal remote_ip 10.10.10.0/24 127.0.0.1/8
@external remote_ip 0.0.0.0/0
}
(common-auth) {
basicauth {
tvh $2a$14$9nNDlR6oYiSIX7ENnel.E.pezV8LQpHS3hhzhglXwijMFwgEYMAq2
}
}
(rate-limit) {
rate_limit {
zone git_zone {
key {remote_host}
events 30
window 10s
}
}
}
(read-only) {
@readonly {
method POST PUT DELETE PATCH
}
respond @readonly 403
# whitelist login/logout
@auth_ok {
path /api/auth/*
}
respond @readonly 403 {
not path /api/auth/*
}
}
git.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
import rate-limit
reverse_proxy gitea:3000
}
}
lms.home.{$DOMENESHOP_DNS} {
tls internal
import remote-ip
handle @internal {
import common-auth
reverse_proxy lms:9000
}
respond "Forbidden" 403
}
pihole.home.{$DOMENESHOP_DNS} {
tls internal
import remote-ip
import common-auth
handle @internal {
redir / /admin
reverse_proxy pihole:80
}
}
nextcloud.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
encode gzip zstd
reverse_proxy nextcloud-app:80
}
}
portainer.{$DOMENESHOP_DNS} {
import rate-limit
import remote-ip
handle @external {
import common-auth
import read-only
reverse_proxy portainer:9000
}
respond "Forbidden" 403
}
portainer.home.{$DOMENESHOP_DNS} {
import remote-ip
handle @internal {
reverse_proxy portainer:9000
}
respond "Forbidden" 403
}

3
docker-compose.yaml
View File

@@ -15,12 +15,15 @@ services:
networks: networks:
- proxy_net - proxy_net
- edge_net - edge_net
- proxy_swarm
networks: networks:
proxy_net: proxy_net:
external: true external: true
edge_net: edge_net:
external: true external: true
proxy_swarm:
external: true
volumes: volumes:
caddy_data: caddy_data: