{ debug http_port 80 https_port 443 email admin@delmar.bzh default_sni delmar.bzh admin :2019 acme_dns ovh { endpoint ovh-eu application_key 3f8bdfed17f848d8 application_secret 6946758d7515ecef108aeb286bf3c7d0 consumer_key 94b2ddf482d36421a33aa6b3aa515956 } log { output stderr format filter { # Preserves first 8 bits from IPv4 and 32 bits from IPv6 request>remote_ip ip_mask 8 32 request>client_ip ip_mask 8 32 # Remove identificable information request>remote_port delete request>headers delete request>uri query { delete url delete h delete q } } } servers { # Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG # https://caddyserver.com/docs/caddyfile/options#trusted-proxies trusted_proxies static private_ranges trusted_proxies_strict client_ip_headers X-Forwarded-For X-Real-IP } } (LAN_only) { @local_subnets { not remote_ip 192.168.1.0/24 } respond @local_subnets 403 } *:80 { encode { zstd gzip minimum_length 1024 } root * /var/www/comics file_server } affine.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:3010 } asm.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:50154 } books.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:10801 } cap.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:11338 } cloud.delmar.bzh { encode { zstd gzip minimum_length 1024 } header { Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" X-XSS-Protection "1; mode=block;" X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" X-Robots-Tag "noindex, nofollow" } reverse_proxy patrick:11000 { header_up Host {upstream_hostport} header_up X-Real-IP {remote_host} } # client support (e.g. os x calendar / contacts) redir /.well-known/carddav /remote.php/dav 301 redir /.well-known/caldav /remote.php/dav 301 } cloud.delmar.bzh:8443 { reverse_proxy patrick:32772 { transport http { tls_insecure_skip_verify } } } cnvrt.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:32770 } crm.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:15069 } cs.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:49505 } ctr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:47810 } cvs.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:54268 } dev.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:19080 } dia.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:53000 } dkr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:32771 } draw.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:24928 } gen.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:15578 } git.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:3001 } gotify.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:41901 } homepage.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:7575 } home-assistant.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:8123 } inv.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:8035 { header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto {scheme} } } it.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:11404 } jellyfin.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:8096 } jellyseerr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:5055 } kontadenn.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/kontadenn file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } mail.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:10003 { transport http { proxy_protocol v2 } header_up Host {upstream_hostport} } } mailbear.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:11234 { header_up Host {upstream_hostport} } } mon.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:11750 } nds.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/nds file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } nsns.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/nsns file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } octoprint.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bernie:54963 { header_up X-Forwarded-Proto {scheme} } } paperless.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:8000 } pdf.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:16080 } penpot.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:43735 } pip.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/picpitch-collage file_server } scanopy.delmar.bzh encode { zstd gzip minimum_length 1024 } reverse_proxy carlo:60072 } search.delmar.bzh encode { zstd gzip minimum_length 1024 } @api { path /config path /healthz path /stats/errors path /stats/checker } @static { path /static/* } @imageproxy { path /image_proxy } header { # CSP (https://content-security-policy.com) Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;" # Disable browser features Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()" # Only allow same-origin requests Referrer-Policy "same-origin" # Prevent MIME type sniffing from the declared Content-Type X-Content-Type-Options "nosniff" # Comment header to allow indexing by search engines X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex" # enable HSTS # WARNING: Once this value is set, the site must continue to support HTTPS until the expiry time is reached. # Strict-Transport-Security max-age=15768000; # Remove "Server" header -Server Access-Control-Allow-Methods "GET, OPTIONS" Access-Control-Allow-Origin "*" } route { # Cache policy header Cache-Control "no-cache" header @static Cache-Control "public, max-age=30, stale-while-revalidate=60" header @imageproxy Cache-Control "public, max-age=3600" } reverse_proxy patrick:23485 } send.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:53842 } shop.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/shop file_server } stream.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bernie:62036 basic_auth / { admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi } } tpml.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/tpml file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } twip.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:12473 handle_errors { rewrite * /{err.status_code} reverse_proxy patrick:12473 { header_up Host {upstream_hostport} replace_status {err.status_code} } } } ugo.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:8090 } vault.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:16081 } wizarr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:5690 } www.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/comics file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 /404.html file_server } } xcd.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:32768 } zik.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:32773 basic_auth / { admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi } } muzik.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy patrick:32785 }