7.3 KiB
7.3 KiB
Caddy
Structure
.
├── caddy (80 | 443)
└── Caddyfile
Caddy / xcaddy
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
# caddy
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
# xcaddy
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-xcaddy.list
sudo apt update && sudo apt install -y caddy xcaddy
Build with dns-ovh
https://go.dev/dl/
wget https://go.dev/dl/go1.23.1.linux-arm64.tar.gz
rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.23.1.linux-arm64.tar.gz
export PATH=$PATH:/usr/local/go/bin
mkdir ~/caddy
cd caddy
xcaddy build --with github.com/caddy-dns/ovh
sudo mv caddy /usr/bin
sudo chown root:root /usr/bin/caddy
sudo chmod 755 /usr/bin/caddy
sudo systemctl daemon-reload
sudo vim /etc/caddy/Caddyfile
{
debug
http_port 80
https_port 443
email admin@delmar.bzh
default_sni delmar.bzh
admin :2019
acme_dns ovh {
endpoint ovh-eu
application_key 3f8bdfed17f848d8
application_secret 6946758d7515ecef108aeb286bf3c7d0
consumer_key 94b2ddf482d36421a33aa6b3aa515956
}
}
(LAN_only) {
@local_subnets {
not remote_ip 192.168.1.0/24
}
respond @local_subnets 403
}
*:80 {
encode zstd gzip
root * /var/www/comics
file_server
}
bookstack.delmar.bzh {
reverse_proxy carlo:6875
encode gzip zstd
}
books.delmar.bzh {
reverse_proxy sandy:8083 {
header_up X-Scheme https
}
encode gzip zstd
}
cloud.delmar.bzh {
encode gzip zstd
reverse_proxy sandy:35771 {
header_up Host {upstream_hostport}
}
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection "1; mode=block;"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
}
}
cpt.delmar.bzh {
reverse_proxy bob:9090 {
transport http {
tls_insecure_skip_verify
}
}
encode gzip zstd
}
cs.delmar.bzh {
reverse_proxy sheldon:49505
encode gzip zstd
}
ctr.delmar.bzh {
reverse_proxy sheldon:45512
encode gzip zstd
}
cvs.delmar.bzh {
reverse_proxy sheldon:54268
encode gzip zstd
}
dkr.delmar.bzh {
reverse_proxy bob:32519
encode gzip zstd
}
dolibarr.delmar.bzh {
reverse_proxy sheldon:64616
encode gzip zstd
}
draw.delmar.bzh {
reverse_proxy carlo:8080
encode gzip zstd
}
git.delmar.bzh {
reverse_proxy sheldon:3000
encode gzip zstd
}
homepage.delmar.bzh {
reverse_proxy bob:5005
encode gzip zstd
}
home-assistant.delmar.bzh {
reverse_proxy carlo:8123
encode gzip zstd
}
it.delmar.bzh {
reverse_proxy bob:8888
encode gzip zstd
}
jellyfin.delmar.bzh {
reverse_proxy gary:8096
encode gzip zstd
}
jellyseerr.delmar.bzh {
reverse_proxy gary:5055
encode gzip zstd
}
kontadenn.delmar.bzh {
root * /var/www/kontadenn
encode gzip zstd
file_server
}
minio.delmar.bzh {
reverse_proxy sheldon:9000
encode gzip zstd
}
nds.delmar.bzh {
root * /var/www/nds
encode gzip zstd
file_server
}
nsns.delmar.bzh {
root * /var/www/nsns
encode gzip zstd
file_server
}
octoprint.delmar.bzh {
reverse_proxy bernie:54963 {
header_up X-Forwarded-Proto {scheme}
}
encode gzip zstd
}
paperless.delmar.bzh {
reverse_proxy sandy:8000
encode gzip zstd
}
penpot.delmar.bzh {
reverse_proxy sandy:43735
encode gzip zstd
}
rallly.delmar.bzh {
reverse_proxy sandy:17818
encode gzip zstd
}
send.delmar.bzh {
reverse_proxy krabs:3000
encode gzip zstd
}
stream.delmar.bzh {
reverse_proxy bernie:62036
encode gzip zstd
basic_auth / {
admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi
}
}
tools.delmar.bzh {
reverse_proxy sandy:9890
encode gzip zstd
}
tpml.delmar.bzh {
encode gzip zstd
root * /var/www/tpml
file_server
}
twip.delmar.bzh {
reverse_proxy sheldon:23473
encode gzip zstd
}
ugo.delmar.bzh {
reverse_proxy carlo:8090
encode gzip zstd
}
vault.delmar.bzh {
reverse_proxy carlo:8081
encode gzip zstd
}
wizarr.delmar.bzh {
reverse_proxy gary:5690
encode gzip zstd
}
www.delmar.bzh {
encode gzip zstd
handle {
root * /var/www/comics
file_server
}
handle_path /julien/* {
root * /var/www/resumes/julien
file_server
}
}
sudo systemctl restart caddy
Services
| Service | Host | IP:port |
|---|---|---|
| books.delmar.bzh | sandy | 192.168.1.65:8083 |
| bookstack.delmar.bzh | sheldon | 192.168.1.230:6875 |
| cloud.delmar.bzh | sandy | 192.168.1.65:9880 |
| cockpit.delmar.bzh | bob | 192.168.1.99:9090 |
| dolibarr.delmar.bzh | carlo | 192.168.1.163:8080 |
| git.delmar.bzh | carlo | 192.168.1.163:3001 |
| homepage.delmar.bzh | bob | 192.168.1.99:5005 |
| jellyfin.delmar.bzh | sandy | 192.168.1.65:8096 |
| jellyseer.delmar.bzh | sandy | 192.168.1.65:5055 |
| julien.delmar.bzh | bob | > Caddyfile |
| kontadenn.delmar.bzh | bob | > Caddyfile |
| nds.delmar.bzh | bob | > Caddyfile |
| nsns.delmar.bzh | bob | > Caddyfile |
| penpot.delmar.bzh | carlo | 192.168.1.163:8082 |
| portainer.delmar.bzh | bob | 192.168.1.99:9443 |
| rallly.delmar.bzh | carlo | 192.168.1.163:3000 |
| send.delmar.bzh | krabs | 192.168.1.229:8080 |
| shop.delmar.bzh | patrick | 192.168.1.186:86 |
| ugo.delmar.bzh | patrick | 192.168.1.186:82 |
| uptime.delmar.bzh | bob | 192.168.1.99:3001 |
| vault.delmar.bzh | carlo | 192.168.1.163:8081 |
| www.delmar.bzh | bob | > Caddyfile |