mirror of
https://github.com/Crocmagnon/ansible.git
synced 2024-12-27 16:31:58 +01:00
294 lines
6.7 KiB
Caddyfile
294 lines
6.7 KiB
Caddyfile
{
|
|
email gabriel@augendre.info
|
|
http_port 80
|
|
https_port 443
|
|
}
|
|
|
|
(common_headers) {
|
|
header * -Server
|
|
header * -X-Powered-By
|
|
header * Permissions-Policy interest-cohort=()
|
|
header * ?Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
header * ?Referrer-Policy "strict-origin-when-cross-origin"
|
|
header * ?X-Content-Type-Options "nosniff"
|
|
header * ?X-Frame-Options "DENY"
|
|
header * ?X-XSS-Protection "1; mode=block"
|
|
}
|
|
|
|
(internal) {
|
|
@blocked not client_ip private_ranges 2a01:e0a:325:a1c0::/64
|
|
respond @blocked "Access denied" 403 {
|
|
close
|
|
}
|
|
}
|
|
|
|
#########################################################
|
|
# PUBLIC SERVICES
|
|
#########################################################
|
|
|
|
## Static config
|
|
#########################################################
|
|
|
|
static.augendre.info {
|
|
import common_headers
|
|
header * Cache-Control "max-age=300"
|
|
file_server * {
|
|
root /mnt/data/caddy/static
|
|
hide .*
|
|
}
|
|
}
|
|
|
|
augendre.info {
|
|
import common_headers
|
|
respond * 200
|
|
}
|
|
|
|
## Reverse proxies (ports 8000-8999)
|
|
#########################################################
|
|
|
|
charasheet.augendre.info {
|
|
import common_headers
|
|
route {
|
|
file_server /media/* {
|
|
root /mnt/data/charasheet/data
|
|
}
|
|
reverse_proxy localhost:8001
|
|
}
|
|
}
|
|
|
|
checkout.augendre.info {
|
|
import common_headers
|
|
route {
|
|
file_server /media/* {
|
|
root /mnt/data/checkout
|
|
}
|
|
reverse_proxy localhost:8002
|
|
}
|
|
}
|
|
|
|
cloud.augendre.info {
|
|
import common_headers
|
|
route /push/* {
|
|
uri strip_prefix /push
|
|
reverse_proxy localhost:8004
|
|
}
|
|
# rewrite to suppress carddav/caldav warning
|
|
# in nextcloud settings
|
|
rewrite /.well-known/carddav /remote.php/dav/
|
|
rewrite /.well-known/caldav /remote.php/dav/
|
|
reverse_proxy localhost:8003
|
|
}
|
|
|
|
gc.gabnotes.org, gc.augendre.info, static.gc.augendre.info, voyages.gc.coccomagnard.fr {
|
|
import common_headers
|
|
reverse_proxy localhost:8005
|
|
}
|
|
|
|
git.augendre.info {
|
|
import common_headers
|
|
reverse_proxy localhost:8006
|
|
}
|
|
|
|
office.augendre.info {
|
|
import common_headers
|
|
reverse_proxy localhost:8007
|
|
}
|
|
|
|
reader.augendre.info {
|
|
import common_headers
|
|
reverse_proxy localhost:8008
|
|
}
|
|
|
|
wallabag.augendre.info {
|
|
import common_headers
|
|
header * ?Content-Security-Policy "default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; manifest-src 'self'"
|
|
reverse_proxy localhost:8009
|
|
}
|
|
|
|
bin.augendre.info, paste.augendre.info {
|
|
import common_headers
|
|
@bot header User-Agent PrivateBinDirectoryBot*
|
|
respond @bot "Access denied" 403 {
|
|
close
|
|
}
|
|
reverse_proxy localhost:8010
|
|
}
|
|
|
|
g4b.ovh {
|
|
import common_headers
|
|
reverse_proxy localhost:8011
|
|
}
|
|
|
|
manuels.augendre.info, fournitures.augendre.info {
|
|
import common_headers
|
|
reverse_proxy localhost:8012
|
|
}
|
|
|
|
tcl.augendre.info {
|
|
import common_headers
|
|
reverse_proxy localhost:8013
|
|
}
|
|
|
|
## Ghost blogs (ports >=2368)
|
|
#########################################################
|
|
|
|
gabnotes.org {
|
|
import common_headers
|
|
header * Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://cdn.jsdelivr.net https://code.jquery.com https://*.gabnotes.org https://unpkg.com https://cdnjs.cloudflare.com; img-src 'self' https:; connect-src 'self' https://*.augendre.info https://unpkg.com https://*.gabnotes.org https://api.codapi.org; frame-ancestors https://*.augendre.info; base-uri 'self'; form-action 'self';"
|
|
|
|
reverse_proxy localhost:2368
|
|
}
|
|
ghost.augendre.info {
|
|
import common_headers
|
|
redir / /ghost/
|
|
|
|
reverse_proxy localhost:2368
|
|
}
|
|
|
|
voyages-lois.augendre.info {
|
|
import common_headers
|
|
header * X-Frame-Options "SAMEORIGIN"
|
|
reverse_proxy localhost:2369
|
|
}
|
|
|
|
voyages.coccomagnard.fr, voyages.augendre.info {
|
|
import common_headers
|
|
header * X-Frame-Options "SAMEORIGIN"
|
|
reverse_proxy localhost:2370
|
|
}
|
|
|
|
#########################################################
|
|
# PROXY TO EXTERNAL SERVICES
|
|
#########################################################
|
|
|
|
## At home
|
|
#########################################################
|
|
|
|
hass.augendre.info {
|
|
import common_headers
|
|
header * X-Frame-Options "SAMEORIGIN"
|
|
reverse_proxy http://192.168.0.9:8123
|
|
}
|
|
|
|
prusalink.augendre.info {
|
|
import internal
|
|
reverse_proxy http://192.168.0.12
|
|
}
|
|
|
|
## Outside
|
|
#########################################################
|
|
|
|
autoconfig.augendre.info {
|
|
import common_headers
|
|
reverse_proxy https://autoconfig.migadu.com
|
|
}
|
|
|
|
#########################################################
|
|
# INTERNAL SERVICES
|
|
#########################################################
|
|
|
|
## Static config
|
|
#########################################################
|
|
|
|
internal-static.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
header * Cache-Control "max-age=300"
|
|
file_server * {
|
|
root /mnt/data/caddy/internal-static
|
|
hide .*
|
|
browse
|
|
}
|
|
}
|
|
|
|
## Reverse proxies (ports 9000-9999)
|
|
#########################################################
|
|
|
|
portainer.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy https://localhost:9001 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
|
|
code.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9002
|
|
}
|
|
|
|
plex.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9003
|
|
}
|
|
transmission.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9004
|
|
}
|
|
sonarr.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9005
|
|
}
|
|
prowlarr.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9006
|
|
}
|
|
radarr.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9007
|
|
}
|
|
|
|
test.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9008
|
|
}
|
|
|
|
nextcloud-kibana.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
reverse_proxy localhost:9009
|
|
}
|
|
|
|
display.augendre.info {
|
|
import common_headers
|
|
import internal
|
|
header Content-Security-Policy "default-src 'self' https://*.augendre.info; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors https://*.augendre.info; connect-src 'self' https://*.augendre.info https://download.data.grandlyon.com"
|
|
reverse_proxy localhost:9010
|
|
}
|
|
|
|
#########################################################
|
|
# REDIRECTS
|
|
#########################################################
|
|
mariage.augendre.info {
|
|
import common_headers
|
|
redir https://cloud.augendre.info/s/65JgH8fzz2CyJZ3
|
|
}
|
|
|
|
mail.augendre.info {
|
|
import common_headers
|
|
redir https://webmail.migadu.com permanent
|
|
}
|
|
|
|
cv-gabriel.augendre.info {
|
|
import common_headers
|
|
redir https://cloud.augendre.info/s/FHGJkc2DzJECY64/download permanent
|
|
}
|
|
|
|
blog.augendre.info gabriel.augendre.info www.gabnotes.org {
|
|
import common_headers
|
|
redir https://gabnotes.org{uri} permanent
|
|
}
|
|
|
|
qrcode.augendre.info qr.augendre.info {
|
|
import common_headers
|
|
redir https://static.augendre.info/qrcode-web/
|
|
}
|