# ---Apps Caddyfile--- # Cinny cinny.projectsegfau.lt cy.psf.lt { reverse_proxy :3069 import def } # Website projectsegfau.lt { reverse_proxy :1337 import def reverse_proxy /_matrix/* :8456 reverse_proxy /.well-known/acme-challenge/* :5380 reverse_proxy /bosh :5443 { header_up X-Real-IP {remote_host} transport http { tls_insecure_skip_verify } } reverse_proxy /ws :5443 { header_up X-Real-IP {remote_host} transport http { tls_insecure_skip_verify } } header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * handle_path /.well-known/* { root * /var/www/well-known file_server } header /.well-known/host-meta Content-Type application/xrd+xml header /.well-known/host-meta Access-Control-Allow-Origin * header /.well-known/host-meta.json Content-Type application/json header /.well-known/host-meta.json Access-Control-Allow-Origin * header /.well-known/xmpp-provider-v2.json Content-Type application/json header /.well-known/xmpp-provider-v2.json Access-Control-Allow-Origin * import torloc www } psf.lt { reverse_proxy :1337 import def import torloc www header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * handle_path /.well-known/* { root * /var/www/psf-well-known file_server } } mtx.psf.lt { reverse_proxy :8466 import def } ss3.psf.lt { reverse_proxy :4567 import def } www.projectsegfau.lt www.psf.lt { redir https://projectsegfau.lt{uri} import torloc www import acmedns } matrix.projectsegfau.lt { reverse_proxy /_matrix/* :8456 import def handle_path / { redir https://wiki.projectsegfau.lt/Matrix } @hasSlashes path_regexp expression \/_matrix\/media\/(v3|v1|r0)\/(download|thumbnail)\/projectsegfau.lt\/([a-zA-Z]{2})([a-zA-Z]{2})([a-zA-z]+) rewrite @hasSlashes /mediawork/{re.expression.3}/{re.expression.4}/{re.expression.5} handle_path /mediawork/* { root * /mnt/matrix/synapse/storage/media-store/local_content file_server } } # Element chat.projectsegfau.lt el.psf.lt { reverse_proxy :3070 import def } # Gitea git.projectsegfau.lt { reverse_proxy :3444 respond /metrics 403 import def request_body { max_size 500MB } header { Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';" } import torloc git } git.psf.lt { reverse_proxy :3444 { header_up Host "git.projectsegfau.lt" } respond /metrics 403 import def request_body { max_size 500MB } header { Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';" } import torloc git } # HedgeDoc doc.projectsegfau.lt { reverse_proxy :2069 { header_up X-Real-IP {remote_host} } import def } # Hydrogen h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt { reverse_proxy :3071 import def } # Jitsi jitsi.projectsegfau.lt { reverse_proxy :8000 { header_up X-Real-IP {remote_host} } import acmedns } # Excalidraw backend for jitsi excalidraw.projectsegfau.lt { reverse_proxy :8695 import acmedns } # MediaWiki wiki.projectsegfau.lt w.psf.lt { reverse_proxy localhost:8047 { header_up X-Real-IP {remote_host} } @pubnix path /Category:Pubnix /Pubnix redir @pubnix /t/pubnix import def encode gzip import torloc wiki } # Vikunja todo.projectsegfau.lt vi.psf.lt { reverse_proxy :3456 import def import torloc todo } # Vaultwarden pass.projectsegfau.lt vw.psf.lt { reverse_proxy :6980 { header_up X-Real-IP {remote_host} } import def import torloc pass } # XMPP xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt { reverse_proxy :5443 { header_up X-Real-IP {remote_host} transport http { tls_insecure_skip_verify } } reverse_proxy /.well-known/acme-challenge/* :5380 @register { path /new/ path /change_password/ path /delete/ path /new path /change_password path /delete } redir @register /register{uri} import def header /.well-known/host-meta Content-Type application/xrd+xml header /.well-known/host-meta.json Content-Type application/json header /.well-known/host-meta.json Access-Control-Allow-Origin * header /.well-known/host-meta Access-Control-Allow-Origin * handle_path /.well-known/* { root * /var/www/well-known file_server } handle_path / { redir https://wiki.projectsegfau.lt/XMPP } } xmpp-web.projectsegfau.lt, x.psf.lt { import def reverse_proxy :3072 } healthchecks.projectsegfau.lt, hc.psf.lt { import def reverse_proxy :8450 import torloc healthchecks } # Pubthentik auth.p.projectsegfau.lt { reverse_proxy :7444 { transport http { tls_insecure_skip_verify } header_up X-Real-IP {remote_host} } import def } # kbin kbin.projectsegfau.lt, kb.psf.lt { reverse_proxy :8014 { header_up X-Real-IP {remote_host} } import def } # RSS-Bridge rssbridge.projectsegfau.lt, rb.psf.lt { reverse_proxy :5678 { header_up X-Real-IP {remote_host} } import torloc rssbridge import def } # MatriXMPP Ejabberd matrixmpp.projectsegfau.lt https://matrixmpp.projectsegfau.lt:8448 { reverse_proxy :8446 { header_up X-Real-IP {remote_host} } header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * handle_path /.well-known/* { root * /var/www/matrixmpp-well-known file_server } import acmedns } gothub.dev.projectsegfau.lt gh.dev.psf.lt { reverse_proxy :1025 import def import torloc gothub.dev } ak.psf.lt { redir https://social.projectsegfau.lt{uri} import acmedns } j.psf.lt { redir https://jitsi.projectsegfau.lt{uri} import acmedns } d.psf.lt { redir https://doc.projectsegfau.lt{uri} import acmedns } rss.projectsegfau.lt freshrss.projectsegfau.lt rss.psf.lt { reverse_proxy :3529 import def import torloc rss } owncloud.projectsegfau.lt { reverse_proxy http://127.0.0.1:9200 import def } wopi.projectsegfau.lt { import acmedns reverse_proxy http://127.0.0.1:9320 } collabora.projectsegfau.lt { import acmedns reverse_proxy http://127.0.0.1:9980 } ente.projectsegfau.lt pic.psf.lt { import def reverse_proxy http://127.0.0.1:8085 } museum.ente.projectsegfau.lt { import acmedns reverse_proxy http://127.0.0.1:8254 } album.ente.projectsegfau.lt { import def reverse_proxy http://127.0.0.1:8087 } accounts.ente.projectsegfau.lt { import acmedns reverse_proxy http://127.0.0.1:8086 } minio.projectsegfau.lt { import acmedns reverse_proxy http://127.0.0.1:9000 } timetagger.projectsegfau.lt tt.psf.lt { import def route { reverse_proxy /outpost.goauthentik.io/* https://localhost:7444 { header_up Host {http.reverse_proxy.upstream.hostport} transport http { tls_insecure_skip_verify } } # Forward authentication requests to Authentik's outpost forward_auth https://localhost:7444 { transport http { tls_insecure_skip_verify } uri /outpost.goauthentik.io/auth/caddy # Ensure these headers are passed, using correct capitalization copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name trusted_proxies private_ranges } } reverse_proxy http://localhost:9900 }