{ email gabriel@augendre.info http_port 80 https_port 443 } (common_headers) { header * -Server header * -X-Powered-By header * Permissions-Policy interest-cohort=() header * ?Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" header * ?Referrer-Policy "strict-origin-when-cross-origin" header * ?X-Content-Type-Options "nosniff" header * ?X-Frame-Options "DENY" header * ?X-XSS-Protection "1; mode=block" } (internal) { @blocked not client_ip private_ranges 2a01:e0a:325:a1c0::/64 respond @blocked "Access denied" 403 { close } } ######################################################### # PUBLIC SERVICES ######################################################### ## Static config ######################################################### static.augendre.info { import common_headers header * Cache-Control "max-age=300" file_server * { root /mnt/data/caddy/static hide .* } } augendre.info { import common_headers respond * 200 } ## Reverse proxies (ports 8000-8999) ######################################################### charasheet.augendre.info { import common_headers route { file_server /media/* { root /mnt/data/charasheet/data } reverse_proxy localhost:8001 } } checkout.augendre.info { import common_headers route { file_server /media/* { root /mnt/data/checkout } reverse_proxy localhost:8002 } } cloud.augendre.info { import common_headers route /push/* { uri strip_prefix /push reverse_proxy localhost:8004 } # rewrite to suppress carddav/caldav warning # in nextcloud settings rewrite /.well-known/carddav /remote.php/dav/ rewrite /.well-known/caldav /remote.php/dav/ reverse_proxy localhost:8003 } gc.gabnotes.org, gc.augendre.info, static.gc.augendre.info, voyages.gc.coccomagnard.fr { import common_headers reverse_proxy localhost:8005 } git.augendre.info { import common_headers reverse_proxy localhost:8006 } office.augendre.info { import common_headers reverse_proxy localhost:8007 } reader.augendre.info { import common_headers reverse_proxy localhost:8008 } wallabag.augendre.info { import common_headers header * ?Content-Security-Policy "default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; manifest-src 'self'" reverse_proxy localhost:8009 } bin.augendre.info, paste.augendre.info { import common_headers @bot header User-Agent PrivateBinDirectoryBot* respond @bot "Access denied" 403 { close } reverse_proxy localhost:8010 } g4b.ovh { import common_headers reverse_proxy localhost:8011 } manuels.augendre.info, fournitures.augendre.info { import common_headers reverse_proxy localhost:8012 } tcl.augendre.info { import common_headers reverse_proxy localhost:8013 } cloud-aio.augendre.info { import common_headers reverse_proxy localhost:8014 } ## Ghost blogs (ports >=2368) ######################################################### gabnotes.org { import common_headers header * Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://cdn.jsdelivr.net https://code.jquery.com https://*.gabnotes.org https://unpkg.com https://cdnjs.cloudflare.com; img-src 'self' https:; connect-src 'self' https://*.augendre.info https://unpkg.com https://*.gabnotes.org https://api.codapi.org; frame-ancestors https://*.augendre.info; base-uri 'self'; form-action 'self';" reverse_proxy localhost:2368 } ghost.augendre.info { import common_headers redir / /ghost/ reverse_proxy localhost:2368 } voyages-lois.augendre.info { import common_headers header * X-Frame-Options "SAMEORIGIN" reverse_proxy localhost:2369 } voyages.coccomagnard.fr, voyages.augendre.info { import common_headers header * X-Frame-Options "SAMEORIGIN" reverse_proxy localhost:2370 } ######################################################### # PROXY TO EXTERNAL SERVICES ######################################################### ## At home ######################################################### hass.augendre.info { import common_headers header * X-Frame-Options "SAMEORIGIN" reverse_proxy http://192.168.0.9:8123 } prusalink.augendre.info { import internal reverse_proxy http://192.168.0.12 } ## Outside ######################################################### autoconfig.augendre.info { import common_headers reverse_proxy https://autoconfig.migadu.com } ######################################################### # INTERNAL SERVICES ######################################################### ## Static config ######################################################### internal-static.augendre.info { import common_headers import internal header * Cache-Control "max-age=300" file_server * { root /mnt/data/caddy/internal-static hide .* browse } } ## Reverse proxies (ports 9000-9999) ######################################################### portainer.augendre.info { import common_headers import internal reverse_proxy https://localhost:9001 { transport http { tls_insecure_skip_verify } } } code.augendre.info { import common_headers import internal reverse_proxy localhost:9002 } plex.augendre.info { import common_headers import internal reverse_proxy localhost:9003 } transmission.augendre.info { import common_headers import internal reverse_proxy localhost:9004 } sonarr.augendre.info { import common_headers import internal reverse_proxy localhost:9005 } prowlarr.augendre.info { import common_headers import internal reverse_proxy localhost:9006 } radarr.augendre.info { import common_headers import internal reverse_proxy localhost:9007 } test.augendre.info { import common_headers import internal reverse_proxy localhost:9008 } nextcloud-kibana.augendre.info { import common_headers import internal reverse_proxy localhost:9009 } display.augendre.info { import common_headers import internal header Content-Security-Policy "default-src 'self' https://*.augendre.info; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors https://*.augendre.info; connect-src 'self' https://*.augendre.info https://download.data.grandlyon.com" reverse_proxy localhost:9010 } aio.augendre.info { import common_headers import internal reverse_proxy https://localhost:9011 { transport http { tls_insecure_skip_verify } } } ######################################################### # REDIRECTS ######################################################### mariage.augendre.info { import common_headers redir https://cloud.augendre.info/s/65JgH8fzz2CyJZ3 } mail.augendre.info { import common_headers redir https://webmail.migadu.com permanent } cv-gabriel.augendre.info { import common_headers redir https://cloud.augendre.info/s/FHGJkc2DzJECY64/download permanent } blog.augendre.info gabriel.augendre.info www.gabnotes.org { import common_headers redir https://gabnotes.org{uri} permanent } qrcode.augendre.info qr.augendre.info { import common_headers redir https://static.augendre.info/qrcode-web/ }