Delmar/bikinibottom
3
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
452750d3dd7655e57dbe67c9a220b669abda5af9
bikinibottom/On host/Caddy.md
julien 452750d3dd "Updates"
2025-09-30 09:56:13 +02:00

847 lines
19 KiB
Markdown
Raw Blame History

# Caddy
## Structure
```
.
├── caddy (80 | 443)
└── Caddyfile
```
### Caddy / xcaddy
```bash
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
# caddy
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
# xcaddy
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-xcaddy.list
sudo apt update && sudo apt install -y caddy xcaddy
```
#### Build with dns-ovh
```
https://go.dev/dl/
```
```bash
wget https://go.dev/dl/go1.23.1.linux-arm64.tar.gz
rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.23.1.linux-arm64.tar.gz
export PATH=$PATH:/usr/local/go/bin
```
```bash
mkdir ~/caddy
cd caddy
xcaddy build --with github.com/caddy-dns/ovh
sudo mv caddy /usr/bin
sudo chown root:root /usr/bin/caddy
sudo chmod 755 /usr/bin/caddy
sudo systemctl daemon-reload
```
```bash
sudo vim /etc/caddy/Caddyfile
```
```
{
debug
http_port 80
https_port 443
email admin@delmar.bzh
default_sni delmar.bzh
admin :2019
acme_dns ovh {
endpoint ovh-eu
application_key 3f8bdfed17f848d8
application_secret 6946758d7515ecef108aeb286bf3c7d0
consumer_key 94b2ddf482d36421a33aa6b3aa515956
}
log {
output stderr
format filter {
# Preserves first 8 bits from IPv4 and 32 bits from IPv6
request>remote_ip ip_mask 8 32
request>client_ip ip_mask 8 32
# Remove identificable information
request>remote_port delete
request>headers delete
request>uri query {
delete url
delete h
delete q
}
}
}
servers {
client_ip_headers X-Forwarded-For X-Real-IP
# Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG
# https://caddyserver.com/docs/caddyfile/options#trusted-proxies
trusted_proxies static private_ranges
trusted_proxies_strict
}
}
(LAN_only) {
@local_subnets {
not remote_ip 192.168.1.0/24
}
respond @local_subnets 403
}
*:80 {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/comics
file_server
}
3dm.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bernie:3214
}
affine.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:3010
}
bookstack.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:6875
}
books.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:32768
}
cloud.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:35771 {
header_up Host {upstream_hostport}
}
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection "1; mode=block;"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
}
}
cpt.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:9090 {
transport http {
tls_insecure_skip_verify
}
}
}
cs.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy carlo:49505
}
ctr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:47810
}
cvs.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:54268
}
dev.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:80
}
asm.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:50154
}
dkr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:32519 {
header_up Host {upstream_hostport}
}
}
ssm.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:32520 {
header_up Host {upstream_hostport}
}
}
dolibarr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:64616
}
draw.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:24928
}
gen.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy carlo:63578
}
git.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy krabs:3001
}
gotify.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:41901
}
homepage.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:7575
}
home-assistant.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:8123
}
it.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:8888
}
jellyfin.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:8096
}
jellyseerr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:5055
}
kontadenn.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/kontadenn
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
minio.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:9000
}
mmm.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:8081
}
nds.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/nds
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
nsns.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/nsns
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
octoprint.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bernie:54963 {
header_up X-Forwarded-Proto {scheme}
}
}
paperless.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:8000
}
pdf.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:9890
}
penpot.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:43735
}
rallly.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy sandy:17818
}
search.delmar.bzh
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy carlo:23485
}
send.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy krabs:53842
}
shop.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/shop
file_server
}
mailbear.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy carlo:1234 {
header_up Host {upstream_hostport}
}
}
cap.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:55338
}
stream.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bernie:62036
basic_auth / {
admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi
}
}
tpml.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/tpml
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
twip.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:23473
handle_errors {
rewrite * /{err.status_code}
reverse_proxy bob:23473 {
header_up Host {upstream_hostport}
replace_status {err.status_code}
}
}
}
ugo.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:8090
}
vault.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:16081
}
wizarr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy gary:5690
}
www.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/comics
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /404.html
file_server
}
}
```
```bash
sudo systemctl restart caddy
```
# Services
<div class="table-wrapper" id="bkmrk-service-host-ip%3Aport"><table>
<tbody>
<tr>
<th>Service</th>
<th>Host</th>
<th>IP:port</th>
</tr>
<tr>
<td>affine.delmar.bzh</td>
<td>sandy</td>
<td>(affine_server) 3010 </br>
(affine_migration_job)</br>
(affine_postgres)</br>
(affine_redis)</br></td>
</tr>
<tr>
<td>books.delmar.bzh</td>
<td>sandy</td>
<td>(booklore) 32768 </br>
(mariadb)</td>
</tr>
<tr>
<td>bookstack.delmar.bzh</td>
<td>sandy</td>
<td>(bookstack) 6875 </br>
(bookstack_db)</td>
</tr>
<tr>
<td>cloud.delmar.bzh</td>
<td>sandy</td>
<td>(nextcloud) 35771 </br>
(nextcloud-adminer) 62674</br>
(nextcloud-coturn) 3478 | 5439 | 49160</br>
(nextcloud-cron) </br>
(nextcloud-mariadb) </br>
(nextcloud-redis)</td>
</tr>
<tr>
<td>cpt.delmar.bzh</td>
<td>All</td>
<td>() 9090</td>
</tr>
<tr>
<td>cs.delmar.bzh</td>
<td>sheldon</td>
<td>(code-server) 49505</td>
</tr>
<tr>
<td>ctr.delmar.bzh</td>
<td>bob</td>
<td>(compose-craft-saas) 47810 </br>
(compose-craft-db) 27017</td>
</tr>
<tr>
<td>dev.delmar.bzh</td>
<td>gary</td>
<td>(appsmith) 50154 </br>
(pgadmin) </br>
(postgres)</td>
</tr>
<tr>
<td>dkr.delmar.bzh</td>
<td>bob</td>
<td>(dokemon) 32519</td>
</tr>
<tr>
<td>dolibarr.delmar.bzh</td>
<td>sandy</td>
<td>(dolibarr_app) 64616 </br>
(dolibarr_db)</td>
</tr>
<tr>
<td>draw.delmar.bzh</td>
<td>sandy</td>
<td>drawio 24928</td>
</tr>
<tr>
<td>gen.delmar.bzh</td>
<td>sheldon</td>
<td>(webtrees) 63578</td>
</tr>
<tr>
<td>git.delmar.bzh</td>
<td>carlo</td>
<td>192.168.1.163:3001</td>
</tr>
<tr>
<td>gotify.delmar.bzh</td>
<td>bob</td>
<td>(gotify) 41901</td>
</tr>
<tr>
<td>homepage.delmar.bzh</td>
<td>gary</td>
<td>(homarr) 7575</td>
</tr>
<tr>
<td>home-assistant.delmar.bzh</td>
<td>gary</td>
<td>(homeassistant) 8123</br>
(mosquitto) 16883 | 19001</td>
</tr>
<tr>
<td>it.delmar.bzh</td>
<td>bob</td>
<td>(it-tools) 8888</td>
</tr>
<tr>
<td>jellyfin.delmar.bzh </br>
jellyseer.delmar.bzh </br>
wizarr.delmar.bzh</td>
<td>gary</td>
<td>(jellyfin) 8096</br>
(jellyseerr) 5055</br>
(wizarr) 5690</br>
(qbittorrent)</br>
(sabnzbd)</br>
(radarr)</br>
(sonarr)</br>
(lidarr)</br>
(prowlarr)</br>
(bazarr)</br>
(tdarr)</br>
(unpackerr)</br>
(gluetun) >>> VPN</td>
</tr>
<tr>
<td>kontadenn.delmar.bzh</td>
<td>bob</td>
<td>&gt; Caddyfile</td>
</tr>
<tr>
<td>nds.delmar.bzh</td>
<td>bob</td>
<td>&gt; Caddyfile</td>
</tr>
<tr>
<td>nsns.delmar.bzh</td>
<td>bob</td>
<td>&gt; Caddyfile</td>
</tr>
<tr>
<td>octoprint.delmar.bzh </br>
stream.delmar.bzh</td>
<td>bernie</td>
<td>(octoprint) 54963 </br>
(camera-streamer) 62036</td>
</tr>
<tr>
<td>paperless.delmar.bzh</td>
<td>sandy</td>
<td>(paperless-ngx) 8000 </br>
(paperless-postgres) </br>
(paperless-redis)</td>
</tr>
<tr>
<td>pdf.delmar.bzh</td>
<td>sandy</td>
<td>(stirling-pdf) 9890</td>
</tr>
<tr>
<td>penpot.delmar.bzh</td>
<td>sandy</td>
<td>(penpot-frontend) 43735
(penpot-backend) </br>
(penpot-exporter) </br>
(penpot-postgres) </br>
(penpot-redis)</td>
</tr>
<tr>
<td>*postgres*</td>
<td>sheldon</td>
<td>(postgres) 5432 </br>
(pgadmin) 15432</td>
</tr>
<tr>
<td>rallly.delmar.bzh</td>
<td>sandy</td>
<td>(reactive-resume_app) 54268 </br>
(reactive-resume_minio) 9000 </br>
(reactive-resume_chrome) </br>
(reactive-resume_postgres)</td>
</tr>
<tr>
<td>search.delmar.bzh</td>
<td>carlo</td>
<td>(searxng) 23485</td>
</tr>
<tr>
<td>send.delmar.bzh</td>
<td>krabs</td>
<td>(zipline) 53842</td>
</tr>
<tr>
<td>tpml.delmar.bzh</td>
<td>bob</td>
<td>&gt; Caddyfile</td>
</tr>
<tr>
<td>twip.delmar.bzh</td>
<td>bob</td>
<td>(twip) 23473</td>
</tr>
<tr>
<td>ugo.delmar.bzh</td>
<td>gary</td>
<td>(wordpress-app) 8090 </br>
(wordpress-adminer) 62674 </br>
(wordpress-mariadb)</td>
</tr>
<tr>
<td>vault.delmar.bzh</td>
<td>gary</td>
<td>(vaultwarden) 3012 | 16081</td>
</tr>
<tr>
<td>www.delmar.bzh</td>
<td>bob</td>
<td>&gt; Caddyfile</td>
</tr>
<tr>
<td>...</td>
<td>All</td>
<td>watchtower</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
</tbody>
</table>
</div>
Reference in New Issue View Git Blame Copy Permalink