Delmar/bikinibottom
3
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d943a389999a9c430ddd423bfa313bcf96804ee
bikinibottom/installs_on_host/Caddyfile
julien 8d943a3899 "Updates"
2026-02-02 02:40:54 +01:00

635 lines
14 KiB
Caddyfile
Raw Blame History

{
debug
http_port 80
https_port 443
email admin@delmar.bzh
default_sni delmar.bzh
admin :2019
acme_dns ovh {
endpoint ovh-eu
application_key 3f8bdfed17f848d8
application_secret 6946758d7515ecef108aeb286bf3c7d0
consumer_key 94b2ddf482d36421a33aa6b3aa515956
}
log {
output stderr
format filter {
# Preserves first 8 bits from IPv4 and 32 bits from IPv6
request>remote_ip ip_mask 8 32
request>client_ip ip_mask 8 32
# Remove identificable information
request>remote_port delete
request>headers delete
request>uri query {
delete url
delete h
delete q
}
}
}
servers {
# Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG
# https://caddyserver.com/docs/caddyfile/options#trusted-proxies
trusted_proxies static private_ranges
trusted_proxies_strict
client_ip_headers X-Forwarded-For X-Real-IP
}
}
(LAN_only) {
@local_subnets {
not remote_ip 192.168.1.0/24
}
respond @local_subnets 403
}
*:80 {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/comics
file_server
}
affine.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:3010
}
asm.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:50154
}
books.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:10801
}
cap.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:11338
}
cloud.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection "1; mode=block;"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-Robots-Tag "noindex, nofollow"
}
reverse_proxy patrick:11000 {
header_up Host {upstream_hostport}
header_up X-Real-IP {remote_host}
}
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
}
cloud.delmar.bzh:8443 {
reverse_proxy patrick:32772 {
transport http {
tls_insecure_skip_verify
}
}
}
cnvrt.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:32770
}
crm.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:15069
}
cs.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:49505
}
ctr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:47810
}
cvs.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:54268
}
dev.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:19080
}
dia.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:53000
}
dkr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:32771
}
draw.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:24928
}
gen.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:15578
}
git.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:3001
}
gotify.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:41901
}
homepage.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:7575
}
home-assistant.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:8123
}
inv.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:8035 {
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
it.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:11404
}
jellyfin.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:8096
}
jellyseerr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:5055
}
kontadenn.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/kontadenn
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
mail.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:10003 {
transport http {
proxy_protocol v2
}
header_up Host {upstream_hostport}
}
}
mailbear.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:11234 {
header_up Host {upstream_hostport}
}
}
mon.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bob:11750
}
nds.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/nds
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
nsns.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/nsns
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
octoprint.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bernie:54963 {
header_up X-Forwarded-Proto {scheme}
}
}
paperless.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:8000
}
pdf.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:16080
}
penpot.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:43735
}
pip.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/picpitch-collage
file_server
}
scanopy.delmar.bzh
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy carlo:60072
}
search.delmar.bzh
encode {
zstd
gzip
minimum_length 1024
}
@api {
path /config
path /healthz
path /stats/errors
path /stats/checker
}
@static {
path /static/*
}
@imageproxy {
path /image_proxy
}
header {
# CSP (https://content-security-policy.com)
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
# Disable browser features
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
# Only allow same-origin requests
Referrer-Policy "same-origin"
# Prevent MIME type sniffing from the declared Content-Type
X-Content-Type-Options "nosniff"
# Comment header to allow indexing by search engines
X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex"
# enable HSTS
# WARNING: Once this value is set, the site must continue to support HTTPS until the expiry time is reached.
# Strict-Transport-Security max-age=15768000;
# Remove "Server" header
-Server
Access-Control-Allow-Methods "GET, OPTIONS"
Access-Control-Allow-Origin "*"
}
route {
# Cache policy
header Cache-Control "no-cache"
header @static Cache-Control "public, max-age=30, stale-while-revalidate=60"
header @imageproxy Cache-Control "public, max-age=3600"
}
reverse_proxy patrick:23485
}
send.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:53842
}
shop.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/shop
file_server
}
stream.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy bernie:62036
basic_auth / {
admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi
}
}
tpml.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/tpml
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /
file_server
}
}
twip.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:12473
handle_errors {
rewrite * /{err.status_code}
reverse_proxy patrick:12473 {
header_up Host {upstream_hostport}
replace_status {err.status_code}
}
}
}
ugo.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:8090
}
vault.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:16081
}
wizarr.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:5690
}
www.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
root * /var/www/comics
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /404.html
file_server
}
}
xcd.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:32768
}
zik.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:32773
basic_auth / {
admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi
}
}
muzik.delmar.bzh {
encode {
zstd
gzip
minimum_length 1024
}
reverse_proxy patrick:32785
}
Reference in New Issue View Git Blame Copy Permalink