caddy: upgrade configs to caddyv2, run caddyv2

This commit is contained in:
Johanna Dorothea Reichmann 2020-08-23 12:24:28 +02:00 committed by Johanna Dorothea Reichmann
parent 1ce35c70fe
commit 61c34aa15f
Signed by untrusted user: transcaffeine
GPG Key ID: 03624C433676E465
7 changed files with 99 additions and 99 deletions

18
Caddyfile Executable file
View File

@ -0,0 +1,18 @@
https://finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
root * /var/webroot
file_server
encode zstd gzip
route /users/* {
uri strip_prefix /users/
reverse_proxy web_userspace:80
}
}
# Import all web hosts
import /webhosts/*/Caddyfile
import /sites.d/*/Caddyfile

View File

@ -1,26 +1,33 @@
version: "3"
services:
web:
image: registry.gitlab.com/jcgruenhage/docker-caddy:latest
image: docker.io/library/caddy:2-alpine
container_name: web
volumes:
- /opt/docker/Caddy:/caddy:z
- /opt/docker/Caddy/Caddyfile:/etc/caddy/Caddyfile:z
- /vault/services/certMgmt/certData/certs:/tls_certs:z
- /vault/services/web/webhosts:/webhosts:z
- /vault/services/web/sites.d:/sites.d:z
- /vault/services/certMgmt/certData/certs:/tls_certs:z
- /vault/services/web/caddy_data:/data:z
- /vault/services/web/caddy_config:/config:z
- /vault/services/web/homepage:/var/webroot:z
- /vault/services/web/Caddyfile:/etc/caddy/Caddyfile:z
- /vault/services/matrix/static-files:/matrix_static:z
- /vault/users/jreichmann/public:/public/transcaffeine:z
- /opt/docker/Caddy/webroot:/var/webroot:z
environment:
- GID=1001
- UID=1001
ports:
- "10.42.0.1:443:443"
- "192.168.0.53:443:443"
networks:
- frontend
- matrix
web_userspace:
image: docker.io/library/caddy:2-alpine
container_name: web_userspace
volumes:
- /vault/services/cloud/nextcloud/data:/webroot:ro
- /vault/services/web/userspace/data:/data:z
- /vault/services/web/userspace/config:/config:z
- /vault/services/web/userspace/Caddyfile:/etc/caddy/Caddyfile:z
networks:
- frontend
networks:
frontend:
external:

View File

@ -1,29 +1,23 @@
https://cloud.finallycoffee.eu {
gzip
encode gzip
tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
header / {
header {
Referrer-Policy no-referrer
Strict-Transport-Security "max-age=15552000;"
}
redir 301 {
/.well-known/carddav /remote.php/dav
/.well-known/caldav /remote.php/dav
}
proxy / nextcloud:80 {
transparent
websocket
redir /.well-known/carddav /remote.php/dav permanent
redir /.well-known/caldav /remote.php/dav permanent
reverse_proxy nextcloud:80 {
header_up X-Forwarded-Proto https
}
}
https://office.cloud.finallycoffee.eu {
gzip
encode gzip
tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
header / {
header {
Access-Control-Allow-Origin *
}
proxy / nextcloud_onlyoffice:80 {
transparent
websocket
}
reverse_proxy nextcloud_onlyoffice:80
}

View File

@ -1,7 +1,5 @@
https://financial.athena7.eu {
tls /tls_certs/financial.athena7.eu/fullchain.pem /tls_certs/financial.athena7.eu/privkey.pem
proxy / firefly_iii:80 {
transparent
websocket
}
encode zstd gzip
reverse_proxy firefly_iii:80
}

View File

@ -1,9 +1,9 @@
https://admin.finallycoffee.eu {
tls /tls_certs/admin.finallycoffee.eu/fullchain.pem /tls_certs/admin.finallycoffee.eu/privkey.pem
proxy / https://172.21.0.1:9090 {
transparent
websocket
insecure_skip_verify
reverse_proxy / https://172.21.0.1:9090 {
transport http {
tls_insecure_skip_verify
}
}
}
@ -12,26 +12,20 @@ https://gateway.finallycoffee.eu {
}
https://dsl.gateway.finallycoffee.eu {
tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
basicauth jdreichmann $pass {
realm "Intranet karlsruhe.flauschekatze.space"
/
}
proxy / http://192.168.0.2:80 {
transparent
websocket
}
}
#https://dsl.gateway.finallycoffee.eu {
# tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
# basicauth *jdreichmann $pass {
# realm "Intranet karlsruhe.flauschekatze.space"
# /
# }
# reverse_proxy / http://192.168.0.2:80
#}
https://docsis.gateway.finallycoffee.eu {
tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
basicauth jdreichmann $pass {
realm "Intranet karlsruhe.flauschekatze.space"
/
}
proxy / http://192.168.0.1:80 {
transparent
websocket
}
}
#https://docsis.gateway.finallycoffee.eu {
# tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
# basicauth jdreichmann $pass {
# realm "Intranet karlsruhe.flauschekatze.space"
# /
# }
# proxy / http://192.168.0.1:80
#}

View File

@ -1,68 +1,59 @@
https://matrix.finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
header / {
Access-Control-Allow-Origin *
encode zstd gzip
header {
Strict-Transport-Security "max-age=31536000;"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
}
proxy /_matrix/identity matrix-ma1sd:8090 {
header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
transparent
reverse_proxy /_matrix/identity/* matrix-ma1sd:8090 {
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
proxy /_matrix/client/r0/user_directory/search matrix-ma1sd:8090 {
header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
transparent
reverse_proxy /_matrix/client/r0/user_directory/search/* matrix-ma1sd:8090 {
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
proxy /_matrix/federation matrix-synapse:8048 {
transparent
reverse_proxy /_matrix/federation/* matrix-synapse:8048
reverse_proxy /_matrix/key/* matrix-synapse:8048
reverse_proxy /_matrix/* matrix-synapse:8008 {
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
proxy /_matrix/key matrix-synapse:8048 {
transparent
}
proxy /_matrix matrix-synapse:8008 {
header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
transparent
}
proxy /_synapse matrix-synapse:8008 {
transparent
}
proxy /metrics http://matrix-synapse:9100/_synapse/metrics
proxy /mautrix-telegram http://matrix-mautrix-telegram:8080
proxy / https://finallycoffee.eu/.well-known/matrix {
except /_matrix
reverse_proxy /_synapse/* matrix-synapse:8008
route /metrics/* {
uri replace /metrics/ /_synapse/metrics/
reverse_proxy http://matrix-synapse:9100
}
reverse_proxy /mautrix-telegram/* http://matrix-mautrix-telegram:8080
}
https://dimension.matrix.finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
header / {
header {
Access-Control-Allow-Origin *
}
proxy / http://matrix-dimension:8184 {
transparent
header_upstream X-Forwarded-For {remote}
header_upstream Host {host}
websocket
encode zstd gzip
reverse_proxy http://matrix-dimension:8184 {
header_up X-Forwarded-For {remote}
header_up Host {host}
}
}
https://chat.finallycoffee.eu {
tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
proxy / http://matrix-client-element:8080 {
transparent
}
encode zstd gzip
reverse_proxy http://matrix-client-element:8080
}
https://finallycoffee.eu/.well-known/matrix/ {
https://finallycoffee.eu/.well-known/matrix/* {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
root /matrix_static
index index index.json
mime . application/json
header / {
route {
uri strip_prefix /.well-known/matrix
root * /matrix_static
file_server
}
header {
Content-Type "application/json"
X-Content-Type-Options "nosniff"
Access-Control-Allow-Origin *

View File

@ -1,7 +1,5 @@
https://pass.finallycoffee.eu {
tls /tls_certs/pass.finallycoffee.eu/fullchain.pem /tls_certs/pass.finallycoffee.eu/privkey.pem
proxy / bitwardenrs:80 {
transparent
}
reverse_proxy bitwardenrs:80
}