tvh-linux/caddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

firscleancommit

Browse Source
This commit is contained in:
Tord-Vincent Heggland
2026-04-13 16:50:34 +02:00
commit ff7c79409a
4 changed files with 175 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
.gitignore vendored Normal file
View File

@@ -0,0 +1,55 @@
./data
./git
*.save
# -------------------------
# SSH private keys
# -------------------------
id_*
*.pem
*.key
*.private
# -------------------------
# SSH runtime files
# -------------------------
authorized_keys
known_hosts
known_hosts.old
# -------------------------
# Agent / sockets
# -------------------------
ssh-agent*
*.sock
# -------------------------
# Backup / temp
# -------------------------
*.bak
*.tmp
*.swp
*~
# -------------------------
# Logs
# -------------------------
*.log
# -------------------------
# OS files
# -------------------------
.DS_Store
Thumbs.db
# -------------------------
# Editors
# -------------------------
.vscode/
.idea/
# -------------------------
# Git safety
# -------------------------
.env
*.env
*.secret

80
Caddyfile Normal file
View File

@@ -0,0 +1,80 @@
{
email {$ACME_EMAIL}
}
### FUNKSJONER ###
(remote-ip) {
@internal remote_ip 10.10.10.0/24 127.0.0.1/8
@external remote_ip 0.0.0.0/0
}
(common-auth) {
basicauth {
tvh {$HASH}
}
}
(rate-limit) {
rate_limit {
zone git_zone {
key {remote_host}
events 30
window 10s
}
}
}
(read-only) {
@readonly {
method POST PUT DELETE PATCH
}
respond @readonly 403
}
### TJENESTER ###
git.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
import rate-limit
reverse_proxy gitea:3000
}
}
lms.home.{$DOMENESHOP_DNS} {
tls internal
import remote-ip
handle @internal {
reverse_proxy lms:9000
}
respond "Forbidden" 403
}
pihole.home.{$DOMENESHOP_DNS} {
tls internal
import remote-ip
handle @internal {
redir / /admin
reverse_proxy pihole:80
}
}
nextcloud.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
import rate-limit
encode gzip zstd
reverse_proxy nextcloud-app:80
}
}
portainer.{$DOMENESHOP_DNS} {
import remote-ip
handle @external {
import common-auth
import rate-limit
import read-only
reverse_proxy portainer:9000
}
respond "Forbidden" 403
}
portainer.home.{$DOMENESHOP_DNS} {
import remote-ip
handle @internal {
reverse_proxy portainer:9000
}
respond "Forbidden" 403
}

10
Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM caddy:2-builder AS builder
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
xcaddy build \
--with github.com/mholt/caddy-ratelimit
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

30
docker-compose.yaml Normal file
View File

@@ -0,0 +1,30 @@
services:
caddy:
build: .
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
env_file:
- .env
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy_data:/data
- caddy_config:/config
networks:
- proxy_net
- edge_net
- proxy_swarm
networks:
proxy_net:
external: true
edge_net:
external: true
proxy_swarm:
external: true
volumes:
caddy_data:
caddy_config: