337 lines
7.5 KiB
Plaintext
337 lines
7.5 KiB
Plaintext
# ---Apps Caddyfile---
|
|
|
|
# Cinny
|
|
cinny.projectsegfau.lt cy.psf.lt {
|
|
reverse_proxy :3069
|
|
import def
|
|
}
|
|
|
|
# Website
|
|
projectsegfau.lt {
|
|
reverse_proxy :1337
|
|
import def
|
|
reverse_proxy /_matrix/* :8456
|
|
reverse_proxy /.well-known/acme-challenge/* :5380
|
|
reverse_proxy /bosh :5443 {
|
|
header_up X-Real-IP {remote_host}
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
reverse_proxy /ws :5443 {
|
|
header_up X-Real-IP {remote_host}
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
header /.well-known/matrix/* Content-Type application/json
|
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
|
handle_path /.well-known/* {
|
|
root * /var/www/well-known
|
|
file_server
|
|
}
|
|
header /.well-known/host-meta Content-Type application/xrd+xml
|
|
header /.well-known/host-meta Access-Control-Allow-Origin *
|
|
header /.well-known/host-meta.json Content-Type application/json
|
|
header /.well-known/host-meta.json Access-Control-Allow-Origin *
|
|
header /.well-known/xmpp-provider-v2.json Content-Type application/json
|
|
header /.well-known/xmpp-provider-v2.json Access-Control-Allow-Origin *
|
|
import torloc www
|
|
}
|
|
psf.lt {
|
|
reverse_proxy :1337
|
|
import def
|
|
import torloc www
|
|
header /.well-known/matrix/* Content-Type application/json
|
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
|
handle_path /.well-known/* {
|
|
root * /var/www/psf-well-known
|
|
file_server
|
|
}
|
|
}
|
|
|
|
mtx.psf.lt {
|
|
reverse_proxy :8466
|
|
import def
|
|
}
|
|
|
|
ss3.psf.lt {
|
|
reverse_proxy :4567
|
|
import def
|
|
}
|
|
|
|
www.projectsegfau.lt www.psf.lt {
|
|
redir https://projectsegfau.lt{uri}
|
|
import torloc www
|
|
import acmedns
|
|
}
|
|
|
|
matrix.projectsegfau.lt {
|
|
reverse_proxy /_matrix/* :8456
|
|
import def
|
|
handle_path / {
|
|
redir https://wiki.projectsegfau.lt/Matrix
|
|
}
|
|
@hasSlashes path_regexp expression \/_matrix\/media\/(v3|v1|r0)\/(download|thumbnail)\/projectsegfau.lt\/([a-zA-Z]{2})([a-zA-Z]{2})([a-zA-z]+)
|
|
rewrite @hasSlashes /mediawork/{re.expression.3}/{re.expression.4}/{re.expression.5}
|
|
handle_path /mediawork/* {
|
|
root * /mnt/matrix/synapse/storage/media-store/local_content
|
|
file_server
|
|
}
|
|
}
|
|
|
|
# Element
|
|
chat.projectsegfau.lt el.psf.lt {
|
|
reverse_proxy :3070
|
|
import def
|
|
}
|
|
|
|
# Gitea
|
|
git.projectsegfau.lt {
|
|
reverse_proxy :3444
|
|
respond /metrics 403
|
|
import def
|
|
request_body {
|
|
max_size 500MB
|
|
}
|
|
header {
|
|
Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';"
|
|
}
|
|
import torloc git
|
|
}
|
|
git.psf.lt {
|
|
reverse_proxy :3444 {
|
|
header_up Host "git.projectsegfau.lt"
|
|
}
|
|
respond /metrics 403
|
|
import def
|
|
request_body {
|
|
max_size 500MB
|
|
}
|
|
header {
|
|
Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; frame-src 'self';"
|
|
}
|
|
import torloc git
|
|
}
|
|
# HedgeDoc
|
|
doc.projectsegfau.lt {
|
|
reverse_proxy :2069 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
import def
|
|
}
|
|
|
|
# Hydrogen
|
|
h2.projectsegfau.lt, hydrogen.projectsegfau.lt, h2.psf.lt {
|
|
reverse_proxy :3071
|
|
import def
|
|
}
|
|
|
|
# Jitsi
|
|
jitsi.projectsegfau.lt {
|
|
reverse_proxy :8000 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
import acmedns
|
|
}
|
|
# Excalidraw backend for jitsi
|
|
excalidraw.projectsegfau.lt {
|
|
reverse_proxy :8695
|
|
import acmedns
|
|
}
|
|
|
|
# MediaWiki
|
|
wiki.projectsegfau.lt w.psf.lt {
|
|
reverse_proxy localhost:8047 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
@pubnix path /Category:Pubnix /Pubnix
|
|
redir @pubnix /t/pubnix
|
|
import def
|
|
encode gzip
|
|
import torloc wiki
|
|
}
|
|
|
|
# Vikunja
|
|
todo.projectsegfau.lt vi.psf.lt {
|
|
reverse_proxy :3456
|
|
import def
|
|
import torloc todo
|
|
}
|
|
|
|
# Vaultwarden
|
|
pass.projectsegfau.lt vw.psf.lt {
|
|
reverse_proxy :6980 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
import def
|
|
import torloc pass
|
|
}
|
|
|
|
# XMPP
|
|
xmpp.projectsegfau.lt, conference.projectsegfau.lt, proxy.projectsegfau.lt, pubsub.projectsegfau.lt, upload.projectsegfau.lt {
|
|
reverse_proxy :5443 {
|
|
header_up X-Real-IP {remote_host}
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
reverse_proxy /.well-known/acme-challenge/* :5380
|
|
@register {
|
|
path /new/
|
|
path /change_password/
|
|
path /delete/
|
|
path /new
|
|
path /change_password
|
|
path /delete
|
|
}
|
|
redir @register /register{uri}
|
|
import def
|
|
header /.well-known/host-meta Content-Type application/xrd+xml
|
|
header /.well-known/host-meta.json Content-Type application/json
|
|
header /.well-known/host-meta.json Access-Control-Allow-Origin *
|
|
header /.well-known/host-meta Access-Control-Allow-Origin *
|
|
handle_path /.well-known/* {
|
|
root * /var/www/well-known
|
|
file_server
|
|
}
|
|
handle_path / {
|
|
redir https://wiki.projectsegfau.lt/XMPP
|
|
}
|
|
}
|
|
xmpp-web.projectsegfau.lt, x.psf.lt {
|
|
import def
|
|
reverse_proxy :3072
|
|
}
|
|
healthchecks.projectsegfau.lt, hc.psf.lt {
|
|
import def
|
|
reverse_proxy :8450
|
|
import torloc healthchecks
|
|
}
|
|
# Pubthentik
|
|
auth.p.projectsegfau.lt {
|
|
reverse_proxy :7444 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
import def
|
|
}
|
|
# kbin
|
|
kbin.projectsegfau.lt, kb.psf.lt {
|
|
reverse_proxy :8014 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
import def
|
|
}
|
|
|
|
# RSS-Bridge
|
|
rssbridge.projectsegfau.lt, rb.psf.lt {
|
|
reverse_proxy :5678 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
import torloc rssbridge
|
|
import def
|
|
}
|
|
|
|
# MatriXMPP Ejabberd
|
|
matrixmpp.projectsegfau.lt https://matrixmpp.projectsegfau.lt:8448 {
|
|
reverse_proxy :8446 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
header /.well-known/matrix/* Content-Type application/json
|
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
|
handle_path /.well-known/* {
|
|
root * /var/www/matrixmpp-well-known
|
|
file_server
|
|
}
|
|
import acmedns
|
|
}
|
|
|
|
gothub.dev.projectsegfau.lt gh.dev.psf.lt {
|
|
reverse_proxy :1025
|
|
import def
|
|
import torloc gothub.dev
|
|
}
|
|
ak.psf.lt {
|
|
redir https://social.projectsegfau.lt{uri}
|
|
import acmedns
|
|
}
|
|
j.psf.lt {
|
|
redir https://jitsi.projectsegfau.lt{uri}
|
|
import acmedns
|
|
}
|
|
d.psf.lt {
|
|
redir https://doc.projectsegfau.lt{uri}
|
|
import acmedns
|
|
}
|
|
|
|
rss.projectsegfau.lt freshrss.projectsegfau.lt rss.psf.lt {
|
|
reverse_proxy :3529
|
|
import def
|
|
import torloc rss
|
|
}
|
|
|
|
owncloud.projectsegfau.lt {
|
|
reverse_proxy http://127.0.0.1:9200
|
|
import def
|
|
}
|
|
wopi.projectsegfau.lt {
|
|
import acmedns
|
|
reverse_proxy http://127.0.0.1:9320
|
|
}
|
|
collabora.projectsegfau.lt {
|
|
import acmedns
|
|
reverse_proxy http://127.0.0.1:9980
|
|
}
|
|
|
|
ente.projectsegfau.lt pic.psf.lt {
|
|
import def
|
|
reverse_proxy http://127.0.0.1:8085
|
|
}
|
|
|
|
museum.ente.projectsegfau.lt {
|
|
import acmedns
|
|
reverse_proxy http://127.0.0.1:8254
|
|
}
|
|
|
|
album.ente.projectsegfau.lt {
|
|
import def
|
|
reverse_proxy http://127.0.0.1:8087
|
|
}
|
|
|
|
accounts.ente.projectsegfau.lt {
|
|
import acmedns
|
|
reverse_proxy http://127.0.0.1:8086
|
|
}
|
|
|
|
minio.projectsegfau.lt {
|
|
import acmedns
|
|
reverse_proxy http://127.0.0.1:9000
|
|
}
|
|
|
|
timetagger.projectsegfau.lt tt.psf.lt {
|
|
import def
|
|
route {
|
|
reverse_proxy /outpost.goauthentik.io/* https://localhost:7444 {
|
|
header_up Host {http.reverse_proxy.upstream.hostport}
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
# Forward authentication requests to Authentik's outpost
|
|
forward_auth https://localhost:7444 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
uri /outpost.goauthentik.io/auth/caddy
|
|
|
|
# Ensure these headers are passed, using correct capitalization
|
|
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name
|
|
trusted_proxies private_ranges
|
|
}
|
|
}
|
|
reverse_proxy http://localhost:9900
|
|
}
|