From ea78fdcbabcf2d5eec3a01f934806678174d6e7e Mon Sep 17 00:00:00 2001 From: Tord-Vincent Heggland Date: Fri, 8 May 2026 22:41:02 +0200 Subject: [PATCH] piholennetworkisolatfromtherestofthewebservices --- caddy/Caddyfile | 29 +++-------------------------- caddy/sites/mailu.caddy | 29 +++++++++++++++++++++++++++++ caddy/snippets/mail-proxy.caddy | 15 +++++++++++++++ docker-compose.yaml | 8 +++----- 4 files changed, 50 insertions(+), 31 deletions(-) create mode 100644 caddy/sites/mailu.caddy create mode 100644 caddy/snippets/mail-proxy.caddy diff --git a/caddy/Caddyfile b/caddy/Caddyfile index 3e8e7b6..f6026ab 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -83,32 +83,9 @@ vault.home.{$DOMENESHOP_DNS} { } respond "Forbidden" 403 } -mail.home.{$DOMENESHOP_DNS} { - import dns-tls - import remote-ip - handle @internal { - reverse_proxy https://mailu-front:443 { - header_up Host mail.home.{$DOMENESHOP_DNS} - header_up X-Forwarded-Host mail.home.{$DOMENESHOP_DNS} - header_up X-Forwarded-Proto https - header_up X-Real-IP {remote_host} - header_down Location https://mailu-front/ https://mail.home.{$DOMENESHOP_DNS}/ - header_down Location https://mailu-front https://mail.home.{$DOMENESHOP_DNS} - transport http { - tls_server_name mail.tvheggland.no - } - } -# reverse_proxy mailu-front:80 - } - respond "Forbidden" 403 -} -mail.tvheggland.no { - import common-auth - import remote-ip - handle @internal { - respond "mail endpoint" 200 - } -} + + + import sites/*.caddy diff --git a/caddy/sites/mailu.caddy b/caddy/sites/mailu.caddy new file mode 100644 index 0000000..667638e --- /dev/null +++ b/caddy/sites/mailu.caddy @@ -0,0 +1,29 @@ +mail.home.{$DOMENESHOP_DNS} { + import dns-tls + import remote-ip + handle @internal { + import mailu-proxy mail.home.{$DOMENESHOP_DNS} + } +} + +mail.srv.{$DOMENESHOP_DNS} { + import dns-tls + import remote-ip + handle @external { + import mailu-proxy mail.srv.{$DOMENESHOP_DNS} + } +} +mailu.privix.no { + import dns-tls + import remote-ip + handle @external { + import mailu-proxy mail.srv.{$DOMENESHOP_DNS} + } +} +mail.{$DOMENESHOP_DNS} { + import common-auth + import remote-ip + handle @internal { + respond "mail endpoint" 200 + } +} diff --git a/caddy/snippets/mail-proxy.caddy b/caddy/snippets/mail-proxy.caddy new file mode 100644 index 0000000..4c53c55 --- /dev/null +++ b/caddy/snippets/mail-proxy.caddy @@ -0,0 +1,15 @@ +(mailu-proxy) { + reverse_proxy https://mailu-front:443 { + header_up Host {args[0]} + header_up X-Forwarded-Host {args[0]} + header_up X-Forwarded-Proto https + header_up X-Real-IP {remote_host} + + header_down Location https://mailu-front/ https://{args[0]}/ + header_down Location https://mailu-front https://{args[0]} + + transport http { + tls_server_name mail.tvheggland.no + } + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml index 1c5eb50..106fdc1 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -16,8 +16,7 @@ services: - proxy_net - edge_net - proxy_swarm -# - dns_net - + - dns_internal networks: proxy_net: external: true @@ -25,9 +24,8 @@ networks: external: true proxy_swarm: external: true - # dns_net: - # external: true - + dns_internal: + external: true volumes: caddy_data: caddy_config: