firscleancommit

Caddyfile

@@ -0,0 +1,80 @@
+{
+	email {$ACME_EMAIL}
+}
+### FUNKSJONER ###
+(remote-ip) {
+	@internal remote_ip 10.10.10.0/24 127.0.0.1/8
+	@external remote_ip 0.0.0.0/0
+}
+(common-auth) {
+	basicauth {
+		tvh {$HASH}
+	}
+}
+(rate-limit) {
+	rate_limit {
+		zone git_zone {
+			key {remote_host}
+			events 30
+			window 10s
+		}
+	}
+}
+(read-only) {
+	@readonly {
+		method POST PUT DELETE PATCH
+	}
+	respond @readonly 403
+}
+### TJENESTER ###
+git.{$DOMENESHOP_DNS} {
+	import remote-ip
+	handle @external {
+		import rate-limit
+		reverse_proxy gitea:3000
+	}
+}
+lms.home.{$DOMENESHOP_DNS}  {
+	tls internal
+	import remote-ip
+	handle @internal {
+		reverse_proxy lms:9000        
+	}
+	respond "Forbidden" 403
+}
+
+pihole.home.{$DOMENESHOP_DNS} {
+	tls internal
+	import remote-ip
+	handle @internal {
+		redir / /admin
+		reverse_proxy pihole:80
+	}
+}
+nextcloud.{$DOMENESHOP_DNS}  {
+	import remote-ip
+	handle @external {
+		import rate-limit
+		encode gzip zstd
+		reverse_proxy nextcloud-app:80
+	}
+}
+portainer.{$DOMENESHOP_DNS} {
+	import remote-ip
+	handle @external {
+		import common-auth
+		import rate-limit
+		import read-only
+		reverse_proxy portainer:9000
+	}
+	respond "Forbidden" 403
+}
+portainer.home.{$DOMENESHOP_DNS} {
+	import remote-ip
+	handle @internal {
+		reverse_proxy portainer:9000
+	}
+        respond "Forbidden" 403
+}
+
+