caddy: upgrade configs to caddyv2, run caddyv2

2020-08-23 12:24:28 +02:00 · 2020-08-23 12:24:28 +02:00 · 61c34aa15f
parent 1ce35c70fe
commit 61c34aa15f
7 changed files with 99 additions and 99 deletions
--- a/18
+++ b/18
@ -0,0 +1,18 @@
+https://finallycoffee.eu {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	root * /var/webroot
+	file_server
+	encode zstd gzip
+	route /users/* {
+		uri strip_prefix /users/
+		reverse_proxy web_userspace:80
+	}
+}
+
+# Import all web hosts
+
+import /webhosts/*/Caddyfile
+
+import /sites.d/*/Caddyfile
+
+
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,26 +1,33 @@
 version: "3"
 services:
  web:
-    image: registry.gitlab.com/jcgruenhage/docker-caddy:latest
+    image: docker.io/library/caddy:2-alpine
    container_name: web
    volumes:
-      - /opt/docker/Caddy:/caddy:z
-      - /opt/docker/Caddy/Caddyfile:/etc/caddy/Caddyfile:z
+      - /vault/services/certMgmt/certData/certs:/tls_certs:z
      - /vault/services/web/webhosts:/webhosts:z
      - /vault/services/web/sites.d:/sites.d:z
-      - /vault/services/certMgmt/certData/certs:/tls_certs:z
+      - /vault/services/web/caddy_data:/data:z
+      - /vault/services/web/caddy_config:/config:z
+      - /vault/services/web/homepage:/var/webroot:z
+      - /vault/services/web/Caddyfile:/etc/caddy/Caddyfile:z
      - /vault/services/matrix/static-files:/matrix_static:z
-      - /vault/users/jreichmann/public:/public/transcaffeine:z
-      - /opt/docker/Caddy/webroot:/var/webroot:z
-    environment:
-      - GID=1001
-      - UID=1001
    ports:
+      - "10.42.0.1:443:443"
      - "192.168.0.53:443:443"
    networks:
      - frontend
      - matrix
-
+  web_userspace:
+    image: docker.io/library/caddy:2-alpine
+    container_name: web_userspace
+    volumes:
+      - /vault/services/cloud/nextcloud/data:/webroot:ro
+      - /vault/services/web/userspace/data:/data:z
+      - /vault/services/web/userspace/config:/config:z
+      - /vault/services/web/userspace/Caddyfile:/etc/caddy/Caddyfile:z
+    networks:
+      - frontend
 networks:
  frontend:
    external:
--- a/webhosts/cloud/Caddyfile
+++ b/webhosts/cloud/Caddyfile
@ -1,29 +1,23 @@
 https://cloud.finallycoffee.eu {
-	gzip
+	encode gzip
 	tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
-	header / {
+	header {
 		Referrer-Policy no-referrer
 		Strict-Transport-Security "max-age=15552000;"
 	}
-	redir 301 {
-		/.well-known/carddav /remote.php/dav
-		/.well-known/caldav /remote.php/dav
-	}
-	proxy / nextcloud:80 {
-		transparent
-		websocket
+	redir /.well-known/carddav /remote.php/dav permanent
+	redir /.well-known/caldav /remote.php/dav permanent
+	reverse_proxy nextcloud:80 {
+		header_up X-Forwarded-Proto https
 	}
 }

 https://office.cloud.finallycoffee.eu {
-	gzip
+	encode gzip
 	tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
-	header / {
+	header {
 		Access-Control-Allow-Origin *
 	}
-	proxy / nextcloud_onlyoffice:80 {
-		transparent
-		websocket
-	}
+	reverse_proxy nextcloud_onlyoffice:80
 }

--- a/webhosts/financial_athena7/Caddyfile
+++ b/webhosts/financial_athena7/Caddyfile
@ -1,7 +1,5 @@
 https://financial.athena7.eu {
 	tls /tls_certs/financial.athena7.eu/fullchain.pem /tls_certs/financial.athena7.eu/privkey.pem
-	proxy / firefly_iii:80 {
-		transparent
-		websocket
-	}
+	encode zstd gzip
+	reverse_proxy firefly_iii:80
 }
--- a/webhosts/infra/Caddyfile
+++ b/webhosts/infra/Caddyfile
@ -1,9 +1,9 @@
 https://admin.finallycoffee.eu {
        tls /tls_certs/admin.finallycoffee.eu/fullchain.pem /tls_certs/admin.finallycoffee.eu/privkey.pem
-        proxy / https://172.21.0.1:9090 {
-                transparent
-                websocket
-                insecure_skip_verify
+        reverse_proxy / https://172.21.0.1:9090 {
+		transport http {
+			tls_insecure_skip_verify
+		}
        }
 }

@ -12,26 +12,20 @@ https://gateway.finallycoffee.eu {

 }

-https://dsl.gateway.finallycoffee.eu {
-        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
-        basicauth jdreichmann $pass {
-                realm "Intranet karlsruhe.flauschekatze.space"
-                /
-        }
-        proxy / http://192.168.0.2:80 {
-                transparent
-                websocket
-        }
-}
+#https://dsl.gateway.finallycoffee.eu {
+#        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
+#        basicauth *jdreichmann $pass {
+#                realm "Intranet karlsruhe.flauschekatze.space"
+#                /
+#        }
+#        reverse_proxy / http://192.168.0.2:80
+#}

-https://docsis.gateway.finallycoffee.eu {
-        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
-        basicauth jdreichmann $pass {
-                realm "Intranet karlsruhe.flauschekatze.space"
-                /
-        }
-        proxy / http://192.168.0.1:80 {
-                transparent
-                websocket
-        }
-}
+#https://docsis.gateway.finallycoffee.eu {
+#        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
+#        basicauth jdreichmann $pass {
+#                realm "Intranet karlsruhe.flauschekatze.space"
+#                /
+#        }
+#        proxy / http://192.168.0.1:80
+#}
--- a/webhosts/matrix/Caddyfile
+++ b/webhosts/matrix/Caddyfile
@ -1,68 +1,59 @@
 https://matrix.finallycoffee.eu {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
-	header / {
-		Access-Control-Allow-Origin *
+	encode zstd gzip
+	header {
 		Strict-Transport-Security "max-age=31536000;"
 		X-Frame-Options "DENY"
 		X-XSS-Protection "1; mode=block"
 	}
-	proxy /_matrix/identity matrix-ma1sd:8090 {
-		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
-		header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
-		transparent
+	reverse_proxy /_matrix/identity/* matrix-ma1sd:8090 {
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
 	}
-        proxy /_matrix/client/r0/user_directory/search matrix-ma1sd:8090 {
-		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
-                header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
-                transparent
+        reverse_proxy /_matrix/client/r0/user_directory/search/* matrix-ma1sd:8090 {
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+                header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
 	}
-	proxy /_matrix/federation matrix-synapse:8048 {
-		transparent
+	reverse_proxy /_matrix/federation/* matrix-synapse:8048
+	reverse_proxy /_matrix/key/* matrix-synapse:8048
+	reverse_proxy /_matrix/* matrix-synapse:8008 {
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
 	}
-	proxy /_matrix/key matrix-synapse:8048 {
-		transparent
-	}
-	proxy /_matrix matrix-synapse:8008 {
-		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
-		header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
-		transparent
-	}
-	proxy /_synapse matrix-synapse:8008 {
-		transparent
-	}
-	proxy /metrics http://matrix-synapse:9100/_synapse/metrics
-	proxy /mautrix-telegram http://matrix-mautrix-telegram:8080
-	proxy / https://finallycoffee.eu/.well-known/matrix {
-		except /_matrix
+	reverse_proxy /_synapse/* matrix-synapse:8008
+	route /metrics/* {
+		uri replace /metrics/ /_synapse/metrics/
+		reverse_proxy http://matrix-synapse:9100
 	}
+	reverse_proxy /mautrix-telegram/* http://matrix-mautrix-telegram:8080
 }

 https://dimension.matrix.finallycoffee.eu {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
-	header / {
+	header {
 		Access-Control-Allow-Origin *
 	}
-	proxy / http://matrix-dimension:8184 {
-		transparent
-		header_upstream X-Forwarded-For {remote}
-		header_upstream Host {host}
-		websocket
+	encode zstd gzip
+	reverse_proxy http://matrix-dimension:8184 {
+		header_up X-Forwarded-For {remote}
+		header_up Host {host}
 	}
 }

 https://chat.finallycoffee.eu {
 	tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
-	proxy / http://matrix-client-element:8080 {
-		transparent
-	}
+	encode zstd gzip
+	reverse_proxy http://matrix-client-element:8080
 }

-https://finallycoffee.eu/.well-known/matrix/ {
+https://finallycoffee.eu/.well-known/matrix/* {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
-	root /matrix_static
-	index index index.json
-	mime . application/json
-	header / {
+	route {
+		uri strip_prefix /.well-known/matrix
+		root * /matrix_static
+		file_server
+	}
+	header {
 		Content-Type "application/json"
 		X-Content-Type-Options "nosniff"
 		Access-Control-Allow-Origin *
--- a/webhosts/pass/Caddyfile
+++ b/webhosts/pass/Caddyfile
@ -1,7 +1,5 @@
 https://pass.finallycoffee.eu {
        tls /tls_certs/pass.finallycoffee.eu/fullchain.pem /tls_certs/pass.finallycoffee.eu/privkey.pem
-        proxy / bitwardenrs:80 {
-                transparent
-        }
+        reverse_proxy bitwardenrs:80
 }