dlink

.gitignore

@@ -51,5 +51,5 @@ Thumbs.db
 # Git safety
 # -------------------------
 .env
-*.env
+
 *.secret

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Tord-Vincent Heggland
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

caddy/Caddyfile

@@ -1,10 +1,11 @@
+{
 	email {$ACME_EMAIL}
 }
 ### FUNKSJONER ###
 import snippets/*.caddy
-import snippets/*
+(remote-ip) {
 	@internal remote_ip 10.10.10.0/24 172.16.0.0/12 127.0.0.1/8 192.168.100.0/24
-	@internal remote_ip 10.10.10.0/24 172.16.0.0/12 127.0.0.1/8
+	@external remote_ip 0.0.0.0/0
 }
 (common-auth) {
 	basicauth {
@@ -12,15 +13,6 @@ import snippets/*
 	}
 }
 (read-only) {
-#(rate-limit) {
-#	rate_limit {
-#		zone git_zone {
-#			key {remote_host}
-#			events 30
-#			window 10s
-#		}
-#	}
-#}
 	@readonly {
 		method POST PUT DELETE PATCH
 	}
@@ -37,9 +29,11 @@ import snippets/*
 	import remote-ip
 	handle @external {
 		redir / /tvh-linux
+		import rate-limit
 		reverse_proxy gitea:3000
 	}
 	respond "Forbidden" 403
+}
 lms.home.{$DOMENESHOP_DNS}  {
 	import dns-tls
 	import remote-ip
@@ -55,7 +49,10 @@ pihole.home.{$DOMENESHOP_DNS} {
 	handle @internal {
 		redir / /admin
 		reverse_proxy 192.168.100.156:18080
-		reverse_proxy pihole:80
+	}
+	handle {
+		respond "Forbidden" 403
+	}
 }
 nextcloud.{$DOMENESHOP_DNS}  {
 	import remote-ip
@@ -65,6 +62,7 @@ nextcloud.{$DOMENESHOP_DNS}  {
 		reverse_proxy nextcloud-app:80
 	}
 	respond "Forbidden" 403
+}
 portainer.{$DOMENESHOP_DNS} {
 	import remote-ip
 	handle @external {
@@ -84,14 +82,6 @@ portainer.home.{$DOMENESHOP_DNS} {
         respond "Forbidden" 403
 }
 vault.home.{$DOMENESHOP_DNS} {
-#kuma.home.{$DOMENESHOP_DNS} {
-#        import dns-tls
-#        import remote-ip
-#        handle @internal {
-#                reverse_proxy kuma:3001
-#        }
-#        respond "Forbidden" 403
-#}
         import dns-tls
         import remote-ip
         handle @internal {
@@ -102,4 +92,7 @@ vault.home.{$DOMENESHOP_DNS} {
 
 
 
-import sites/*
+
+import sites/*.caddy
+	
+	

caddy/sites/mailu.caddy

@@ -0,0 +1,29 @@
+mail.home.{$DOMENESHOP_DNS} {
+	import dns-tls
+	import remote-ip
+	handle @internal {
+		import mailu-proxy mail.home.{$DOMENESHOP_DNS}
+	}
+}
+
+mail.srv.{$DOMENESHOP_DNS} {
+	import dns-tls
+	import remote-ip
+	handle @external {
+		import mailu-proxy mail.srv.{$DOMENESHOP_DNS}
+	}
+}
+mailu.privix.no {
+	import dns-tls
+	import remote-ip
+	handle @external {
+		import mailu-proxy mail.srv.{$DOMENESHOP_DNS}
+	}
+}
+mail.{$DOMENESHOP_DNS} {
+        import common-auth
+        import remote-ip
+        handle @internal {
+                respond "mail endpoint" 200
+        }
+}

caddy/sites/whoami.caddy

@@ -0,0 +1,26 @@
+whoami.srv.{$DOMENESHOP_DNS}  {
+	respond <<EOF
+remote_host: {remote_host}
+
+remote_ip: {remote_ip}
+
+client_ip: {client_ip}
+
+host: {host}
+
+x_forwarded_for: {header.X-Forwarded-For}
+
+x_real_ip: {header.X-Real-IP}
+
+proto: {scheme}
+EOF 200
+}
+whoami.home.{$DOMENESHOP_DNS} {
+	import dns-tls
+	respond <<EOF
+remote_host: {remote_host}
+remote_ip: {remote_ip}
+client_ip: {client_ip}
+host: {host}
+EOF 200
+}

caddy/snippets/mail-proxy.caddy

@@ -0,0 +1,15 @@
+(mailu-proxy) {
+	reverse_proxy https://mailu-front:443 {
+		header_up Host {args[0]}
+		header_up X-Forwarded-Host {args[0]}
+		header_up X-Forwarded-Proto https
+		header_up X-Real-IP {remote_host}
+
+		header_down Location https://mailu-front/ https://{args[0]}/
+		header_down Location https://mailu-front https://{args[0]}
+
+		transport http {
+			tls_server_name mail.tvheggland.no
+		}
+	}
+}

docker-compose.yaml

@@ -13,18 +13,14 @@ services:
       - caddy_data:/data
       - caddy_config:/config
     networks:
-      - proxy_net
+      proxy_net:
-      - edge_net
+        ipv4_address: 172.19.0.254
-      - proxy_swarm
+#      proxy_swarm:
-
 networks:
   proxy_net:
     external: true
-  edge_net:
+#  proxy_swarm:
-    external: true
+ #   external: true
-  proxy_swarm:
-    external: true
-
 volumes:
   caddy_data:
   caddy_config:

example.env

@@ -0,0 +1,6 @@
+ACME_EMAIL=you@example.com
+DOMENESHOP_DNS=example.com
+HASH=YOURHASH
+
+DOMENESHOP_API_TOKEN=YOUR_TOKEN
+DOMENESHOP_API_SECRET=YOUR_SECRET