ansible/privfrontends/templates/in/apps.Caddyfile

337 lines
7.5 KiB
Plaintext
Raw Normal View History

# ---Apps Caddyfile---
# Cinny
cinny.projectsegfau.lt cy.psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :3069
import def
}
# Website
projectsegfau.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :1337
import def
2023-10-16 06:25:41 +05:30
reverse_proxy /_matrix/* :8456
2023-10-08 11:59:54 +05:30
reverse_proxy /.well-known/acme-challenge/* :5380
2024-01-08 15:09:55 +05:30
reverse_proxy /bosh :5443 {
header_up X-Real-IP {remote_host}
transport http {
tls_insecure_skip_verify
}
}
reverse_proxy /ws :5443 {
header_up X-Real-IP {remote_host}
transport http {
tls_insecure_skip_verify
}
}
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
handle_path /.well-known/* {
root * /var/www/well-known
file_server
}
header /.well-known/host-meta Content-Type application/xrd+xml
2024-01-08 15:11:26 +05:30
header /.well-known/host-meta Access-Control-Allow-Origin *
header /.well-known/host-meta.json Content-Type application/json
header /.well-known/host-meta.json Access-Control-Allow-Origin *
2024-01-08 15:11:26 +05:30
header /.well-known/xmpp-provider-v2.json Content-Type application/json
header /.well-known/xmpp-provider-v2.json Access-Control-Allow-Origin *
import torloc www
}
psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :1337
import def
import torloc www
2023-12-24 20:45:10 +05:30
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
handle_path /.well-known/* {
root * /var/www/psf-well-known
file_server
}
}
2024-02-16 21:42:41 +05:30
mtx.psf.lt {
2024-02-16 22:45:01 +05:30
reverse_proxy :8466
2024-02-16 21:42:41 +05:30
import def
}
2024-02-17 16:06:02 +05:30
ss3.psf.lt {
2024-11-17 17:50:33 +05:30
reverse_proxy :4567
import def
}
2024-02-17 16:06:02 +05:30
www.projectsegfau.lt www.psf.lt {
redir https://projectsegfau.lt{uri}
import torloc www
2023-11-23 15:55:00 +05:30
import acmedns
}
matrix.projectsegfau.lt {
2023-10-16 06:25:41 +05:30
reverse_proxy /_matrix/* :8456
2023-07-19 20:13:18 +05:30
import def
handle_path / {
redir https://wiki.projectsegfau.lt/Matrix
}
2024-01-08 20:52:23 +05:30
@hasSlashes path_regexp expression \/_matrix\/media\/(v3|v1|r0)\/(download|thumbnail)\/projectsegfau.lt\/([a-zA-Z]{2})([a-zA-Z]{2})([a-zA-z]+)
2023-12-28 09:49:57 +05:30
rewrite @hasSlashes /mediawork/{re.expression.3}/{re.expression.4}/{re.expression.5}
2023-12-24 20:45:10 +05:30
handle_path /mediawork/* {
root * /mnt/matrix/synapse/storage/media-store/local_content
2023-12-24 21:12:26 +05:30
file_server
2023-12-24 20:45:10 +05:30
}
}
# Element
chat.projectsegfau.lt el.psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :3070
import def
}
# Gitea
git.projectsegfau.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :3444
respond /metrics 403
import def
request_body {
max_size 500MB
}
header {
Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';"
}
import torloc git
}
git.psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :3444 {
header_up Host "git.projectsegfau.lt"
}
respond /metrics 403
import def
request_body {
max_size 500MB
}
header {
Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';"
}
import torloc git
}
# HedgeDoc
doc.projectsegfau.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :2069 {
header_up X-Real-IP {remote_host}
}
import def
}
# Hydrogen
h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :3071
import def
}
# Jitsi
jitsi.projectsegfau.lt {
2023-10-08 11:59:54 +05:30
reverse_proxy :8000 {
header_up X-Real-IP {remote_host}
}
2023-11-23 15:55:00 +05:30
import acmedns
}
# Excalidraw backend for jitsi
excalidraw.projectsegfau.lt {
2023-10-08 12:28:56 +05:30
reverse_proxy :8695
2023-11-23 15:55:00 +05:30
import acmedns
}
# MediaWiki
wiki.projectsegfau.lt w.psf.lt {
2024-06-23 23:10:26 +05:30
reverse_proxy localhost:8047 {
header_up X-Real-IP {remote_host}
}
2024-06-23 23:10:26 +05:30
@pubnix path /Category:Pubnix /Pubnix
2024-06-23 23:19:51 +05:30
redir @pubnix /t/pubnix
import def
encode gzip
import torloc wiki
}
# Vikunja
todo.projectsegfau.lt vi.psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :3456
import def
import torloc todo
}
# Vaultwarden
pass.projectsegfau.lt vw.psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :6980 {
header_up X-Real-IP {remote_host}
}
import def
import torloc pass
}
# XMPP
xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt {
reverse_proxy :5443 {
header_up X-Real-IP {remote_host}
transport http {
tls_insecure_skip_verify
}
}
2023-10-08 11:59:54 +05:30
reverse_proxy /.well-known/acme-challenge/* :5380
@register {
path /new/
path /change_password/
path /delete/
path /new
path /change_password
path /delete
}
redir @register /register{uri}
import def
header /.well-known/host-meta Content-Type application/xrd+xml
header /.well-known/host-meta.json Content-Type application/json
header /.well-known/host-meta.json Access-Control-Allow-Origin *
header /.well-known/host-meta Access-Control-Allow-Origin *
handle_path /.well-known/* {
root * /var/www/well-known
file_server
}
handle_path / {
redir https://wiki.projectsegfau.lt/XMPP
}
}
xmpp-web.projectsegfau.lt, x.psf.lt {
import def
2023-09-14 14:42:16 +05:30
reverse_proxy :3072
}
healthchecks.projectsegfau.lt, hc.psf.lt {
import def
2023-09-14 14:42:16 +05:30
reverse_proxy :8450
2023-08-09 16:57:50 +05:30
import torloc healthchecks
}
# Pubthentik
auth.p.projectsegfau.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :7444 {
transport http {
tls_insecure_skip_verify
}
header_up X-Real-IP {remote_host}
}
import def
}
# kbin
kbin.projectsegfau.lt, kb.psf.lt {
2023-12-24 20:45:10 +05:30
reverse_proxy :8014 {
header_up X-Real-IP {remote_host}
}
import def
}
2023-09-15 22:50:41 +05:30
2024-01-30 19:40:00 +05:30
# RSS-Bridge
rssbridge.projectsegfau.lt, rb.psf.lt {
reverse_proxy :5678 {
header_up X-Real-IP {remote_host}
}
2024-02-15 19:04:58 +05:30
import torloc rssbridge
2024-01-30 19:40:00 +05:30
import def
}
2024-02-29 20:00:13 +05:30
# MatriXMPP Ejabberd
2024-02-29 20:39:19 +05:30
matrixmpp.projectsegfau.lt https://matrixmpp.projectsegfau.lt:8448 {
2024-02-29 20:00:13 +05:30
reverse_proxy :8446 {
header_up X-Real-IP {remote_host}
}
2024-02-29 20:46:43 +05:30
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
handle_path /.well-known/* {
root * /var/www/matrixmpp-well-known
file_server
}
2024-02-29 20:00:13 +05:30
import acmedns
}
gothub.dev.projectsegfau.lt gh.dev.psf.lt {
2023-09-14 14:42:16 +05:30
reverse_proxy :1025
2023-07-20 14:24:04 +05:30
import def
2023-08-09 16:26:58 +05:30
import torloc gothub.dev
}
ak.psf.lt {
redir https://social.projectsegfau.lt{uri}
2023-11-23 15:55:00 +05:30
import acmedns
}
j.psf.lt {
redir https://jitsi.projectsegfau.lt{uri}
2023-11-23 15:55:00 +05:30
import acmedns
}
d.psf.lt {
redir https://doc.projectsegfau.lt{uri}
2023-11-23 15:55:00 +05:30
import acmedns
}
2024-03-03 20:15:51 +05:30
2024-04-11 16:44:53 +05:30
rss.projectsegfau.lt freshrss.projectsegfau.lt rss.psf.lt {
reverse_proxy :3529
import def
2024-04-11 21:12:14 +05:30
import torloc rss
2024-04-11 16:44:53 +05:30
}
owncloud.projectsegfau.lt {
reverse_proxy http://127.0.0.1:9200
import def
}
wopi.projectsegfau.lt {
import acmedns
reverse_proxy http://127.0.0.1:9320
}
collabora.projectsegfau.lt {
import acmedns
reverse_proxy http://127.0.0.1:9980
}
ente.projectsegfau.lt pic.psf.lt {
import def
reverse_proxy http://127.0.0.1:8085
}
museum.ente.projectsegfau.lt {
import acmedns
reverse_proxy http://127.0.0.1:8254
}
album.ente.projectsegfau.lt {
import def
reverse_proxy http://127.0.0.1:8087
}
accounts.ente.projectsegfau.lt {
import acmedns
reverse_proxy http://127.0.0.1:8086
}
minio.projectsegfau.lt {
import acmedns
reverse_proxy http://127.0.0.1:9000
}
timetagger.projectsegfau.lt tt.psf.lt {
import def
route {
reverse_proxy /outpost.goauthentik.io/* https://localhost:7444 {
header_up Host {http.reverse_proxy.upstream.hostport}
transport http {
tls_insecure_skip_verify
}
}
# Forward authentication requests to Authentik's outpost
forward_auth https://localhost:7444 {
transport http {
tls_insecure_skip_verify
}
uri /outpost.goauthentik.io/auth/caddy
# Ensure these headers are passed, using correct capitalization
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name
trusted_proxies private_ranges
}
}
reverse_proxy http://localhost:9900
}