diff --git a/Divers/OVH.md b/Divers/OVH.md index c632754..f01afdd 100644 --- a/Divers/OVH.md +++ b/Divers/OVH.md @@ -40,10 +40,10 @@ $TTL 3600 @ IN SOA dns106.ovh.net. tech.ovh.net. (2025102202 86400 3600 3600000 300) IN NS dns106.ovh.net. IN NS ns106.ovh.net. - IN MX 50 mx2.mail.ovh.net. - IN MX 5 mx1.mail.ovh.net. IN MX 100 mx3.mail.ovh.net. - IN MX 1 mx0.mail.ovh.net. + IN MX 50 mx2.mail.ovh.net. + IN MX 10 mx1.mail.ovh.net. + IN MX 0 mx0.mail.ovh.net. IN A 213.186.33.5 IN TXT "v=spf1 include:mx.ovh.com ~all" IN TXT "1|www.delmar.bzh" @@ -56,8 +56,6 @@ autoconfig IN CNAME autodiscover.mail.ovh.net. autodiscover IN CNAME mailconfig.ovh.net. ovhemp1116203-selector1._domainkey 60 IN CNAME ovhemp1116203-selector1._domainkey.274927.cq.dkim.mail.ovh.net. ovhemp1116203-selector2._domainkey 60 IN CNAME ovhemp1116203-selector2._domainkey.274928.az.dkim.mail.ovh.net. - - affine IN A 176.188.240.123 asm IN A 176.188.240.123 auth IN A 176.188.240.123 @@ -83,7 +81,6 @@ it IN A 176.188.240.123 jellyfin IN A 176.188.240.123 jellyseerr IN A 176.188.240.123 kontadenn IN A 176.188.240.123 -mail IN A 176.188.240.123 mailbear IN A 176.188.240.123 minio IN A 176.188.240.123 nds IN A 176.188.240.123 diff --git a/Divers/OVH_Stalwart.md b/Divers/OVH_Stalwart.md index 820ef31..e72ad1d 100644 --- a/Divers/OVH_Stalwart.md +++ b/Divers/OVH_Stalwart.md @@ -2,25 +2,18 @@ ```txt $TTL 3600 -@ IN SOA dns106.ovh.net. tech.ovh.net. (2025102310 86400 3600 3600000 300) +@ IN SOA dns106.ovh.net. tech.ovh.net. (2025102306 86400 3600 3600000 300) IN NS dns106.ovh.net. IN NS ns106.ovh.net. - IN MX 0 mail.delmar.bzh. - IN MX 50 mx2.mail.ovh.net. - IN MX 5 mx1.mail.ovh.net. - IN MX 100 mx3.mail.ovh.net. - IN MX 1 mx0.mail.ovh.net. + IN MX 10 mail.delmar.bzh. IN A 213.186.33.5 IN TXT "v=spf1 include:mx.ovh.com ~all" - IN TXT "v=spf1 mx ra=postmaster -all" IN TXT "1|www.delmar.bzh" IN TXT "openpgp4fpr:E22A8974BD3F45E3A827AEB891AFB168A1EAD35C" IN TXT "google-site-verification=j7RPCRYeiAgvZ4uHOD3ZQ4uqi-vPQ-UUmyVD9WXv4t8" IN CAA 0 issue "letsencrypt.org" 202510e._domainkey IN TXT "v=DKIM1; k=ed25519; h=sha256; p=zqH42wS9S4UgMXBrPKZxJSi45eEjewXJsboHRq7p30E=" -202510r._domainkey IN TXT ( "v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqg5JMaBF3fDBZ36KRULZR7HnuytV0SmuezMZyPP4KOPyhMdK2aqe12ct7JwCs5dCBPD3nGxqqjHgPDXv4l+pqVIjuGKNYKOfVMvHxlMQWAudyyMfYwj8ve/wCKB3LKsOo+y7JFMNYyWw+/UIBqM2gY4Y2aOCR/tpZo+wQGYQPzkHHE7gl81pT0" "YwtHR6FZZM7vrKC3qdZ8iglfIUvwsCOl+B4alYPfWSpuKT8moWP58LQX8qgDdWLYvMzN7X4ljW2lNiXdxHcrGsPCCE87ROregNNpImKMuIZl/dn7MJey+8NzAqPo2PT9nUmTEpQ+1Ty52TrBwiT/2JeB+gdeJnQIDAQAB" ) -_autodiscover._tcp IN SRV 0 0 443 pro1.mail.ovh.net. -_dmarc IN TXT "v=DMARC1;p=none;sp=none;aspf=r;" +202510r._domainkey IN TXT ( "v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqg5JMaBF3fDBZ36KRULZR7HnuytV0SmuezMZyPP4KOPyhMdK2aqe12ct7JwCs5dCBPD3nGxqqjHgPDXv4l+pqVIjuGKNYKOfVMvHxlMQWAudyyMfYwj8ve/wCKB3LKsOo+y7JFMNYyWw+/UIBqM2gY4Y2aOCR/tpZo+wQGYQPzkHHE7gl" "81pT0YwtHR6FZZM7vrKC3qdZ8iglfIUvwsCOl+B4alYPfWSpuKT8moWP58LQX8qgDdWLYvMzN7X4ljW2lNiXdxHcrGsPCCE87ROregNNpImKMuIZl/dn7MJey+8NzAqPo2PT9nUmTEpQ+1Ty52TrBwiT/2JeB+gdeJnQIDAQAB" ) _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@delmar.bzh; ruf=mailto:postmaster@delmar.bzh" _imaps._tcp IN SRV 0 1 993 mail.delmar.bzh. _smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:postmaster@delmar.bzh" @@ -28,8 +21,8 @@ _submissions._tcp IN SRV 0 1 465 mail.delmar.bzh. affine IN A 176.188.240.123 asm IN A 176.188.240.123 auth IN A 176.188.240.123 -autoconfig IN CNAME mail.delmar.bzh. -autodiscover IN CNAME mail.delmar.bzh. +autoconfig IN A 176.188.240.123 +autodiscover IN A 176.188.240.123 books IN A 176.188.240.123 bookstack IN A 176.188.240.123 cap IN A 176.188.240.123 @@ -42,7 +35,7 @@ dev IN A 176.188.240.123 dkr IN A 176.188.240.123 dolibarr IN A 176.188.240.123 draw IN A 176.188.240.123 -ftp IN CNAME delmar.bzh. +ftp IN A 176.188.240.123 gen IN A 176.188.240.123 git IN A 176.188.240.123 gotify IN A 176.188.240.123 @@ -53,13 +46,13 @@ jellyfin IN A 176.188.240.123 jellyseerr IN A 176.188.240.123 kontadenn IN A 176.188.240.123 mail IN A 176.188.240.123 +mail IN TXT "v=spf1 a ra=postmaster -all" +mail IN TXT "v=spf1 mx ra=postmaster -all" mailbear IN A 176.188.240.123 minio IN A 176.188.240.123 nds IN A 176.188.240.123 nsns IN A 176.188.240.123 octoprint IN A 176.188.240.123 -ovhemp1116203-selector1._domainkey 60 IN CNAME ovhemp1116203-selector1._domainkey.274927.cq.dkim.mail.ovh.net. -ovhemp1116203-selector2._domainkey 60 IN CNAME ovhemp1116203-selector2._domainkey.274928.az.dkim.mail.ovh.net. paperless IN A 176.188.240.123 pdf IN A 176.188.240.123 penpot IN A 176.188.240.123 diff --git a/On host/Caddy.md b/On host/Caddy.md index d60b186..348b35f 100644 --- a/On host/Caddy.md +++ b/On host/Caddy.md @@ -40,7 +40,10 @@ export PATH=$PATH:/usr/local/go/bin mkdir ~/caddy cd caddy -xcaddy build --with github.com/caddy-dns/ovh +xcaddy build --with github.com/caddy-dns/ovh \ + --with github.com/mholt/caddy-l4/modules/l4proxy \ + --with github.com/mholt/caddy-l4/modules/l4tls \ + --with github.com/mholt/caddy-l4/modules/l4proxyprotocol sudo mv caddy /usr/bin sudo chown root:root /usr/bin/caddy sudo chmod 755 /usr/bin/caddy diff --git a/On host/Caddyfile b/On host/Caddyfile index b90fed6..b021056 100644 --- a/On host/Caddyfile +++ b/On host/Caddyfile @@ -33,12 +33,12 @@ } servers { - client_ip_headers X-Forwarded-For X-Real-IP - # Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG # https://caddyserver.com/docs/caddyfile/options#trusted-proxies trusted_proxies static private_ranges trusted_proxies_strict + + client_ip_headers X-Forwarded-For X-Real-IP } } @@ -114,8 +114,9 @@ cloud.delmar.bzh { header_up Host {upstream_hostport} } - redir /.well-known/carddav /remote.php/dav/ 301 - redir /.well-known/caldav /remote.php/dav/ 301 + # client support (e.g. os x calendar / contacts) + redir /.well-known/carddav /remote.php/dav 301 + redir /.well-known/caldav /remote.php/dav 301 header { Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" @@ -125,6 +126,14 @@ cloud.delmar.bzh { } } +cloud.delmar.bzh:8443 { + reverse_proxy sheldon:8080 { + transport http { + tls_insecure_skip_verify + } + } +} + cpt.delmar.bzh { encode { zstd @@ -171,7 +180,7 @@ dev.delmar.bzh { gzip minimum_length 1024 } - reverse_proxy sheldon:19409 + reverse_proxy sheldon:19080 } dkr.delmar.bzh { @@ -291,10 +300,9 @@ kontadenn.delmar.bzh { @404 { expression {http.error.status_code} == 404 } - rewrite @404 / - file_server - } - + rewrite @404 / + file_server + } } mail.delmar.bzh { @@ -303,7 +311,12 @@ mail.delmar.bzh { gzip minimum_length 1024 } - reverse_proxy sheldon:10003 + reverse_proxy sheldon:10003 { + transport http { + proxy_protocol v2 + } + header_up Host {upstream_hostport} + } } mailbear.delmar.bzh { @@ -339,10 +352,9 @@ nds.delmar.bzh { @404 { expression {http.error.status_code} == 404 } - rewrite @404 / - file_server - } - + rewrite @404 / + file_server + } } nsns.delmar.bzh { @@ -358,10 +370,9 @@ nsns.delmar.bzh { @404 { expression {http.error.status_code} == 404 } - rewrite @404 / - file_server - } - + rewrite @404 / + file_server + } } octoprint.delmar.bzh { @@ -412,12 +423,12 @@ rallly.delmar.bzh { } search.delmar.bzh - encode { - zstd - gzip - minimum_length 1024 - } - reverse_proxy sandy:23485 +encode { + zstd + gzip + minimum_length 1024 +} +reverse_proxy sandy:23485 } send.delmar.bzh { @@ -475,10 +486,9 @@ tpml.delmar.bzh { @404 { expression {http.error.status_code} == 404 } - rewrite @404 / - file_server - } - + rewrite @404 / + file_server + } } twip.delmar.bzh { @@ -538,9 +548,9 @@ www.delmar.bzh { @404 { expression {http.error.status_code} == 404 } - rewrite @404 /404.html - file_server - } + rewrite @404 /404.html + file_server + } } xcd.delmar.bzh {