diff --git a/On host/Caddyfile b/On host/Caddyfile new file mode 100644 index 0000000..de50cf3 --- /dev/null +++ b/On host/Caddyfile @@ -0,0 +1,553 @@ +{ + debug + http_port 80 + https_port 443 + email admin@delmar.bzh + default_sni delmar.bzh + + admin :2019 + + acme_dns ovh { + endpoint ovh-eu + application_key 3f8bdfed17f848d8 + application_secret 6946758d7515ecef108aeb286bf3c7d0 + consumer_key 94b2ddf482d36421a33aa6b3aa515956 + } + + log { + output stderr + format filter { + # Preserves first 8 bits from IPv4 and 32 bits from IPv6 + request>remote_ip ip_mask 8 32 + request>client_ip ip_mask 8 32 + + # Remove identificable information + request>remote_port delete + request>headers delete + request>uri query { + delete url + delete h + delete q + } + } + } + + servers { + client_ip_headers X-Forwarded-For X-Real-IP + + # Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG + # https://caddyserver.com/docs/caddyfile/options#trusted-proxies + trusted_proxies static private_ranges + trusted_proxies_strict + } +} + +(LAN_only) { + @local_subnets { + not remote_ip 192.168.1.0/24 + } + respond @local_subnets 403 +} + +*:80 { + encode { + zstd + gzip + minimum_length 1024 + } + root * /var/www/comics + file_server +} + +3dm.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy bernie:3214 +} + +affine.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:3010 +} + +asm.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:50154 +} + +bookstack.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:6875 +} + +books.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:32768 +} + +cap.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy carlo:55338 +} + +cloud.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:11000 { + header_up Host {upstream_hostport} + } + + redir /.well-known/carddav /remote.php/dav/ 301 + redir /.well-known/caldav /remote.php/dav/ 301 + + header { + Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" + X-XSS-Protection "1; mode=block;" + X-Content-Type-Options "nosniff" + X-Frame-Options "SAMEORIGIN" + } +} + +cpt.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy bob:9090 { + transport http { + tls_insecure_skip_verify + } + } +} + +cs.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:49505 +} + +ctr.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:47810 +} + +cvs.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:54268 +} + +dev.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:19409 +} + +dkr.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy https://bob:8001 { + header_up Host {upstream_hostport} + transport http { + tls_insecure_skip_verify + } + } +} + +dolibarr.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:64616 +} + +draw.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:24928 +} + +gen.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy carlo:63578 +} + +git.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy krabs:3001 +} + +gotify.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy bob:41901 +} + +homepage.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy gary:7575 +} + +home-assistant.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy gary:8123 +} + +it.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:11404 +} + +jellyfin.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy gary:8096 +} + +jellyseerr.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy gary:5055 +} + +kontadenn.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + root * /var/www/kontadenn + file_server + + handle_errors { + @404 { + expression {http.error.status_code} == 404 + } + rewrite @404 / + file_server + } + +} + +mailbear.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy carlo:1234 { + header_up Host {upstream_hostport} + } +} + +minio.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:9000 +} + +nds.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + root * /var/www/nds + file_server + + handle_errors { + @404 { + expression {http.error.status_code} == 404 + } + rewrite @404 / + file_server + } + +} + +nsns.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + root * /var/www/nsns + file_server + + handle_errors { + @404 { + expression {http.error.status_code} == 404 + } + rewrite @404 / + file_server + } + +} + +octoprint.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy bernie:54963 { + header_up X-Forwarded-Proto {scheme} + } +} + +paperless.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:8000 +} + +pdf.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:9890 +} + +penpot.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:43735 +} + +rallly.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:17818 +} + +search.delmar.bzh + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sandy:23485 +} + +send.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy krabs:53842 +} + +shop.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + root * /var/www/shop + file_server +} + +ssm.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy bob:32520 { + header_up Host {upstream_hostport} + } +} + +stream.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy bernie:62036 + basic_auth / { + admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi + } +} + +tpml.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + root * /var/www/tpml + file_server + + handle_errors { + @404 { + expression {http.error.status_code} == 404 + } + rewrite @404 / + file_server + } + +} + +twip.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy bob:23473 + + handle_errors { + rewrite * /{err.status_code} + reverse_proxy bob:23473 { + header_up Host {upstream_hostport} + replace_status {err.status_code} + } + } +} + +ugo.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy gary:8090 +} + +vault.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy gary:16081 +} + +wizarr.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy gary:5690 +} + +www.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + root * /var/www/comics + file_server + + handle_errors { + @404 { + expression {http.error.status_code} == 404 + } + rewrite @404 /404.html + file_server + } +} + +xcd.delmar.bzh { + encode { + zstd + gzip + minimum_length 1024 + } + reverse_proxy sheldon:7576 +} diff --git a/bikiniBottom.webp b/bikiniBottom.webp index b2d4ba4..45f23ee 100644 Binary files a/bikiniBottom.webp and b/bikiniBottom.webp differ