caddy: upgrade configs to caddyv2, run caddyv2

Caddyfile

@@ -0,0 +1,18 @@
+https://finallycoffee.eu {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	root * /var/webroot
+	file_server
+	encode zstd gzip
+	route /users/* {
+		uri strip_prefix /users/
+		reverse_proxy web_userspace:80
+	}
+}
+
+# Import all web hosts
+
+import /webhosts/*/Caddyfile
+
+import /sites.d/*/Caddyfile
+
+

docker-compose.yml

@@ -1,26 +1,33 @@
 version: "3"
 services:
   web:
-    image: registry.gitlab.com/jcgruenhage/docker-caddy:latest
+    image: docker.io/library/caddy:2-alpine
     container_name: web
     volumes:
-      - /opt/docker/Caddy:/caddy:z
+      - /vault/services/certMgmt/certData/certs:/tls_certs:z
-      - /opt/docker/Caddy/Caddyfile:/etc/caddy/Caddyfile:z
       - /vault/services/web/webhosts:/webhosts:z
       - /vault/services/web/sites.d:/sites.d:z
-      - /vault/services/certMgmt/certData/certs:/tls_certs:z
+      - /vault/services/web/caddy_data:/data:z
+      - /vault/services/web/caddy_config:/config:z
+      - /vault/services/web/homepage:/var/webroot:z
+      - /vault/services/web/Caddyfile:/etc/caddy/Caddyfile:z
       - /vault/services/matrix/static-files:/matrix_static:z
-      - /vault/users/jreichmann/public:/public/transcaffeine:z
-      - /opt/docker/Caddy/webroot:/var/webroot:z
-    environment:
-      - GID=1001
-      - UID=1001
     ports:
+      - "10.42.0.1:443:443"
       - "192.168.0.53:443:443"
     networks:
       - frontend
       - matrix
-
+  web_userspace:
+    image: docker.io/library/caddy:2-alpine
+    container_name: web_userspace
+    volumes:
+      - /vault/services/cloud/nextcloud/data:/webroot:ro
+      - /vault/services/web/userspace/data:/data:z
+      - /vault/services/web/userspace/config:/config:z
+      - /vault/services/web/userspace/Caddyfile:/etc/caddy/Caddyfile:z
+    networks:
+      - frontend
 networks:
   frontend:
     external:

webhosts/cloud/Caddyfile

@@ -1,29 +1,23 @@
 https://cloud.finallycoffee.eu {
-	gzip
+	encode gzip
 	tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
-	header / {
+	header {
 		Referrer-Policy no-referrer
 		Strict-Transport-Security "max-age=15552000;"
 	}
-	redir 301 {
+	redir /.well-known/carddav /remote.php/dav permanent
-		/.well-known/carddav /remote.php/dav
+	redir /.well-known/caldav /remote.php/dav permanent
-		/.well-known/caldav /remote.php/dav
+	reverse_proxy nextcloud:80 {
-	}
+		header_up X-Forwarded-Proto https
-	proxy / nextcloud:80 {
-		transparent
-		websocket
 	}
 }
 
 https://office.cloud.finallycoffee.eu {
-	gzip
+	encode gzip
 	tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
-	header / {
+	header {
 		Access-Control-Allow-Origin *
 	}
-	proxy / nextcloud_onlyoffice:80 {
+	reverse_proxy nextcloud_onlyoffice:80
-		transparent
-		websocket
-	}
 }
 

webhosts/financial_athena7/Caddyfile

@@ -1,7 +1,5 @@
 https://financial.athena7.eu {
 	tls /tls_certs/financial.athena7.eu/fullchain.pem /tls_certs/financial.athena7.eu/privkey.pem
-	proxy / firefly_iii:80 {
+	encode zstd gzip
-		transparent
+	reverse_proxy firefly_iii:80
-		websocket
-	}
 }

webhosts/infra/Caddyfile

@@ -1,9 +1,9 @@
 https://admin.finallycoffee.eu {
         tls /tls_certs/admin.finallycoffee.eu/fullchain.pem /tls_certs/admin.finallycoffee.eu/privkey.pem
-        proxy / https://172.21.0.1:9090 {
+        reverse_proxy / https://172.21.0.1:9090 {
-                transparent
+		transport http {
-                websocket
+			tls_insecure_skip_verify
-                insecure_skip_verify
+		}
         }
 }
 
@@ -12,26 +12,20 @@ https://gateway.finallycoffee.eu {
 
 }
 
-https://dsl.gateway.finallycoffee.eu {
+#https://dsl.gateway.finallycoffee.eu {
-        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
+#        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
-        basicauth jdreichmann $pass {
+#        basicauth *jdreichmann $pass {
-                realm "Intranet karlsruhe.flauschekatze.space"
+#                realm "Intranet karlsruhe.flauschekatze.space"
-                /
+#                /
-        }
+#        }
-        proxy / http://192.168.0.2:80 {
+#        reverse_proxy / http://192.168.0.2:80
-                transparent
+#}
-                websocket
-        }
-}
 
-https://docsis.gateway.finallycoffee.eu {
+#https://docsis.gateway.finallycoffee.eu {
-        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
+#        tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
-        basicauth jdreichmann $pass {
+#        basicauth jdreichmann $pass {
-                realm "Intranet karlsruhe.flauschekatze.space"
+#                realm "Intranet karlsruhe.flauschekatze.space"
-                /
+#                /
-        }
+#        }
-        proxy / http://192.168.0.1:80 {
+#        proxy / http://192.168.0.1:80
-                transparent
+#}
-                websocket
-        }
-}

webhosts/matrix/Caddyfile

@@ -1,68 +1,59 @@
 https://matrix.finallycoffee.eu {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
-	header / {
+	encode zstd gzip
-		Access-Control-Allow-Origin *
+	header {
 		Strict-Transport-Security "max-age=31536000;"
 		X-Frame-Options "DENY"
 		X-XSS-Protection "1; mode=block"
 	}
-	proxy /_matrix/identity matrix-ma1sd:8090 {
+	reverse_proxy /_matrix/identity/* matrix-ma1sd:8090 {
-		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
-		header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+		header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
-		transparent
 	}
-        proxy /_matrix/client/r0/user_directory/search matrix-ma1sd:8090 {
+        reverse_proxy /_matrix/client/r0/user_directory/search/* matrix-ma1sd:8090 {
-		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
-                header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+                header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
-                transparent
 	}
-	proxy /_matrix/federation matrix-synapse:8048 {
+	reverse_proxy /_matrix/federation/* matrix-synapse:8048
-		transparent
+	reverse_proxy /_matrix/key/* matrix-synapse:8048
+	reverse_proxy /_matrix/* matrix-synapse:8008 {
+		header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+		header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
 	}
-	proxy /_matrix/key matrix-synapse:8048 {
+	reverse_proxy /_synapse/* matrix-synapse:8008
-		transparent
+	route /metrics/* {
-	}
+		uri replace /metrics/ /_synapse/metrics/
-	proxy /_matrix matrix-synapse:8008 {
+		reverse_proxy http://matrix-synapse:9100
-		header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
-		header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
-		transparent
-	}
-	proxy /_synapse matrix-synapse:8008 {
-		transparent
-	}
-	proxy /metrics http://matrix-synapse:9100/_synapse/metrics
-	proxy /mautrix-telegram http://matrix-mautrix-telegram:8080
-	proxy / https://finallycoffee.eu/.well-known/matrix {
-		except /_matrix
 	}
+	reverse_proxy /mautrix-telegram/* http://matrix-mautrix-telegram:8080
 }
 
 https://dimension.matrix.finallycoffee.eu {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
-	header / {
+	header {
 		Access-Control-Allow-Origin *
 	}
-	proxy / http://matrix-dimension:8184 {
+	encode zstd gzip
-		transparent
+	reverse_proxy http://matrix-dimension:8184 {
-		header_upstream X-Forwarded-For {remote}
+		header_up X-Forwarded-For {remote}
-		header_upstream Host {host}
+		header_up Host {host}
-		websocket
 	}
 }
 
 https://chat.finallycoffee.eu {
 	tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
-	proxy / http://matrix-client-element:8080 {
+	encode zstd gzip
-		transparent
+	reverse_proxy http://matrix-client-element:8080
-	}
 }
 
-https://finallycoffee.eu/.well-known/matrix/ {
+https://finallycoffee.eu/.well-known/matrix/* {
 	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
-	root /matrix_static
+	route {
-	index index index.json
+		uri strip_prefix /.well-known/matrix
-	mime . application/json
+		root * /matrix_static
-	header / {
+		file_server
+	}
+	header {
 		Content-Type "application/json"
 		X-Content-Type-Options "nosniff"
 		Access-Control-Allow-Origin *

webhosts/pass/Caddyfile

@@ -1,7 +1,5 @@
 https://pass.finallycoffee.eu {
         tls /tls_certs/pass.finallycoffee.eu/fullchain.pem /tls_certs/pass.finallycoffee.eu/privkey.pem
-        proxy / bitwardenrs:80 {
+        reverse_proxy bitwardenrs:80
-                transparent
-        }
 }