piholennetworkisolatfromtherestofthewebservices

2026-05-08 22:41:02 +02:00
parent 0a40956981
commit ea78fdcbab
4 changed files with 50 additions and 31 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -83,32 +83,9 @@ vault.home.{$DOMENESHOP_DNS} {
        }
        respond "Forbidden" 403
 }
-mail.home.{$DOMENESHOP_DNS} {
-        import dns-tls
-        import remote-ip
-        handle @internal {
-		reverse_proxy https://mailu-front:443 {
-			header_up Host mail.home.{$DOMENESHOP_DNS}
-			header_up X-Forwarded-Host mail.home.{$DOMENESHOP_DNS}
-			header_up X-Forwarded-Proto https
-			header_up X-Real-IP {remote_host}
-			header_down Location https://mailu-front/ https://mail.home.{$DOMENESHOP_DNS}/
-			header_down Location https://mailu-front https://mail.home.{$DOMENESHOP_DNS}
-			transport http {
-				tls_server_name mail.tvheggland.no
-			}
-		}

-#                reverse_proxy mailu-front:80
-        }
-        respond "Forbidden" 403
-}
-mail.tvheggland.no {
-	import common-auth
-	import remote-ip
-	handle @internal {
-		respond "mail endpoint" 200
-	}
-}
+
+
+
 import sites/*.caddy
 	
--- a/caddy/sites/mailu.caddy
+++ b/caddy/sites/mailu.caddy
@@ -0,0 +1,29 @@
+mail.home.{$DOMENESHOP_DNS} {
+	import dns-tls
+	import remote-ip
+	handle @internal {
+		import mailu-proxy mail.home.{$DOMENESHOP_DNS}
+	}
+}
+
+mail.srv.{$DOMENESHOP_DNS} {
+	import dns-tls
+	import remote-ip
+	handle @external {
+		import mailu-proxy mail.srv.{$DOMENESHOP_DNS}
+	}
+}
+mailu.privix.no {
+	import dns-tls
+	import remote-ip
+	handle @external {
+		import mailu-proxy mail.srv.{$DOMENESHOP_DNS}
+	}
+}
+mail.{$DOMENESHOP_DNS} {
+        import common-auth
+        import remote-ip
+        handle @internal {
+                respond "mail endpoint" 200
+        }
+}
--- a/caddy/snippets/mail-proxy.caddy
+++ b/caddy/snippets/mail-proxy.caddy
@@ -0,0 +1,15 @@
+(mailu-proxy) {
+	reverse_proxy https://mailu-front:443 {
+		header_up Host {args[0]}
+		header_up X-Forwarded-Host {args[0]}
+		header_up X-Forwarded-Proto https
+		header_up X-Real-IP {remote_host}
+
+		header_down Location https://mailu-front/ https://{args[0]}/
+		header_down Location https://mailu-front https://{args[0]}
+
+		transport http {
+			tls_server_name mail.tvheggland.no
+		}
+	}
+}
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -16,8 +16,7 @@ services:
      - proxy_net
      - edge_net
      - proxy_swarm
-#      - dns_net
-
+      - dns_internal
 networks:
  proxy_net:
    external: true
@@ -25,9 +24,8 @@ networks:
    external: true
  proxy_swarm:
    external: true
- # dns_net:
-  #  external: true
-
+  dns_internal:
+    external: true
 volumes:
  caddy_data:
  caddy_config: