up&down

Caddyfile

@@ -0,0 +1,15 @@
+{
+	email {$ACME_EMAIL}
+}
+
+git.tvheggland.no {
+	rate_limit {
+		zone git_zone {
+			key {remote_host}
+			events 30
+			window 10s
+		}
+	}
+
+	reverse_proxy gitea:3000
+}

Dockerfile

@@ -0,0 +1,10 @@
+FROM caddy:2-builder AS builder
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    xcaddy build \
+    --with github.com/mholt/caddy-ratelimit
+
+FROM caddy:2
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

docker-compose.yaml

@@ -28,18 +28,33 @@ services:
     networks:
       - gitea_net
 
-  cloudflared:
-    image: cloudflare/cloudflared:latest
-    container_name: cloudflared
+
+  caddy:
+    build: .
+    container_name: caddy
     restart: unless-stopped
-    command: tunnel --no-autoupdate run
-    environment:
-      TUNNEL_TOKEN: "${CLOUDFLARE_TUNNEL_TOKEN}"
     depends_on:
       - gitea
+    ports:
+      - "80:80"
+      - "443:443"
+    env_file:
+      - .env
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
     networks:
       - gitea_net
 
+
+
 networks:
   gitea_net:
     driver: bridge
+
+
+
+volumes:
+  caddy_data:
+  caddy_config:

down.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+docker compose down
+sudo ufw delete allow 80/tcp
+sudo ufw delete allow 443/tcp

up.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+sudo ufw allow 80/tcp
+sudo ufw allow 443/tcp
+docker compose up -d