dlink

.gitignore

@@ -51,5 +51,5 @@ Thumbs.db
 # Git safety
 # -------------------------
 .env
-*.env
+
 *.secret

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Tord-Vincent Heggland
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

caddy/Caddyfile

@@ -1,9 +1,11 @@
+
 {
 	email {$ACME_EMAIL}
 }
 ### FUNKSJONER ###
+import snippets/*.caddy
 (remote-ip) {
-	@internal remote_ip 10.10.10.0/24 172.16.0.0/12 127.0.0.1/8
+	@internal remote_ip 10.10.10.0/24 172.16.0.0/12 127.0.0.1/8 192.168.100.0/24
 	@external remote_ip 0.0.0.0/0
 }
 (common-auth) {
@@ -11,15 +13,6 @@
 		tvh {$HASH}
 	}
 }
-(rate-limit) {
-	rate_limit {
-		zone git_zone {
-			key {remote_host}
-			events 30
-			window 10s
-		}
-	}
-}
 (read-only) {
 	@readonly {
 		method POST PUT DELETE PATCH
@@ -36,9 +29,11 @@
 git.{$DOMENESHOP_DNS} {
 	import remote-ip
 	handle @external {
+		redir / /tvh-linux
 		import rate-limit
 		reverse_proxy gitea:3000
 	}
+	respond "Forbidden" 403
 }
 lms.home.{$DOMENESHOP_DNS}  {
 	import dns-tls
@@ -54,7 +49,10 @@ pihole.home.{$DOMENESHOP_DNS} {
 	import remote-ip
 	handle @internal {
 		redir / /admin
-		reverse_proxy pihole:80
+		reverse_proxy 192.168.100.156:18080
+	}
+	handle {
+		respond "Forbidden" 403
 	}
 }
 nextcloud.{$DOMENESHOP_DNS}  {
@@ -64,6 +62,7 @@ nextcloud.{$DOMENESHOP_DNS}  {
 		encode gzip zstd
 		reverse_proxy nextcloud-app:80
 	}
+	respond "Forbidden" 403
 }
 portainer.{$DOMENESHOP_DNS} {
 	import remote-ip
@@ -83,14 +82,6 @@ portainer.home.{$DOMENESHOP_DNS} {
 	}
         respond "Forbidden" 403
 }
-kuma.home.{$DOMENESHOP_DNS} {
-        import dns-tls
-        import remote-ip
-        handle @internal {
-                reverse_proxy kuma:3001
-        }
-        respond "Forbidden" 403
-}
 vault.home.{$DOMENESHOP_DNS} {
         import dns-tls
         import remote-ip
@@ -101,3 +92,7 @@ vault.home.{$DOMENESHOP_DNS} {
 }
 
 
+
+
+import sites/*.caddy
+	

caddy/sites/kuma.caddy

@@ -0,0 +1,8 @@
+kuma.home.{$DOMENESHOP_DNS} {
+        import dns-tls
+        import remote-ip
+        handle @internal {
+                reverse_proxy kuma:3001
+        }
+        respond "Forbidden" 403
+}

caddy/sites/mailu.caddy

@@ -0,0 +1,29 @@
+mail.home.{$DOMENESHOP_DNS} {
+	import dns-tls
+	import remote-ip
+	handle @internal {
+		import mailu-proxy mail.home.{$DOMENESHOP_DNS}
+	}
+}
+
+mail.srv.{$DOMENESHOP_DNS} {
+	import dns-tls
+	import remote-ip
+	handle @external {
+		import mailu-proxy mail.srv.{$DOMENESHOP_DNS}
+	}
+}
+mailu.privix.no {
+	import dns-tls
+	import remote-ip
+	handle @external {
+		import mailu-proxy mail.srv.{$DOMENESHOP_DNS}
+	}
+}
+mail.{$DOMENESHOP_DNS} {
+        import common-auth
+        import remote-ip
+        handle @internal {
+                respond "mail endpoint" 200
+        }
+}

caddy/sites/whoami.caddy

@@ -0,0 +1,26 @@
+whoami.srv.{$DOMENESHOP_DNS}  {
+	respond <<EOF
+remote_host: {remote_host}
+
+remote_ip: {remote_ip}
+
+client_ip: {client_ip}
+
+host: {host}
+
+x_forwarded_for: {header.X-Forwarded-For}
+
+x_real_ip: {header.X-Real-IP}
+
+proto: {scheme}
+EOF 200
+}
+whoami.home.{$DOMENESHOP_DNS} {
+	import dns-tls
+	respond <<EOF
+remote_host: {remote_host}
+remote_ip: {remote_ip}
+client_ip: {client_ip}
+host: {host}
+EOF 200
+}

caddy/snippets/mail-proxy.caddy

@@ -0,0 +1,15 @@
+(mailu-proxy) {
+	reverse_proxy https://mailu-front:443 {
+		header_up Host {args[0]}
+		header_up X-Forwarded-Host {args[0]}
+		header_up X-Forwarded-Proto https
+		header_up X-Real-IP {remote_host}
+
+		header_down Location https://mailu-front/ https://{args[0]}/
+		header_down Location https://mailu-front https://{args[0]}
+
+		transport http {
+			tls_server_name mail.tvheggland.no
+		}
+	}
+}

caddy/snippets/rate-limit.caddy

@@ -0,0 +1,9 @@
+(rate-limit) {
+        rate_limit {
+                zone git_zone {
+                        key {remote_host}
+                        events 30
+                        window 10s
+                }
+        }
+}

docker-compose.yaml

@@ -9,22 +9,18 @@ services:
     env_file:
       - .env
     volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./caddy:/etc/caddy:ro
       - caddy_data:/data
       - caddy_config:/config
     networks:
-      - proxy_net
-      - edge_net
-      - proxy_swarm
-
+      proxy_net:
+        ipv4_address: 172.19.0.254
+#      proxy_swarm:
 networks:
   proxy_net:
     external: true
-  edge_net:
-    external: true
-  proxy_swarm:
-    external: true
-
+#  proxy_swarm:
+ #   external: true
 volumes:
   caddy_data:
   caddy_config:

example.env

@@ -0,0 +1,6 @@
+ACME_EMAIL=you@example.com
+DOMENESHOP_DNS=example.com
+HASH=YOURHASH
+
+DOMENESHOP_API_TOKEN=YOUR_TOKEN
+DOMENESHOP_API_SECRET=YOUR_SECRET