Delmar/bikinibottom
3
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb7d6c91875255a6e26fb11c1b0a750c0dd4fb12
bikinibottom/On host/Caddy.md
julien cb7d6c9187 Updated hosts list
2025-08-25 18:01:08 +02:00

14 KiB
Raw Blame History

Caddy

Structure

.
├── caddy (80 | 443)
	└── Caddyfile

Caddy / xcaddy

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl

# caddy
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
# xcaddy
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-xcaddy.list

sudo apt update && sudo apt install -y caddy xcaddy

Build with dns-ovh

https://go.dev/dl/

wget https://go.dev/dl/go1.23.1.linux-arm64.tar.gz
rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.23.1.linux-arm64.tar.gz
export PATH=$PATH:/usr/local/go/bin

mkdir ~/caddy
cd caddy

xcaddy build --with github.com/caddy-dns/ovh
sudo mv caddy /usr/bin
sudo chown root:root /usr/bin/caddy
sudo chmod 755 /usr/bin/caddy
sudo systemctl daemon-reload

sudo vim /etc/caddy/Caddyfile

{
        debug
        http_port 80
        https_port 443
        email admin@delmar.bzh
        default_sni delmar.bzh

        admin :2019

        acme_dns ovh {
                endpoint ovh-eu
                application_key 3f8bdfed17f848d8
                application_secret 6946758d7515ecef108aeb286bf3c7d0
                consumer_key 94b2ddf482d36421a33aa6b3aa515956
        }

        log {
                output stderr
                format filter {
                        # Preserves first 8 bits from IPv4 and 32 bits from IPv6
                        request>remote_ip ip_mask 8 32
                        request>client_ip ip_mask 8 32

                        # Remove identificable information
                        request>remote_port delete
                        request>headers delete
                        request>uri query {
                                delete url
                                delete h
                                delete q
                        }
                }
        }

        servers {
                client_ip_headers X-Forwarded-For X-Real-IP

                # Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG
                # https://caddyserver.com/docs/caddyfile/options#trusted-proxies
                trusted_proxies static private_ranges
                trusted_proxies_strict
        }
}

(LAN_only) {
        @local_subnets {
                not remote_ip 192.168.1.0/24
        }
        respond @local_subnets 403
}

*:80 {
        encode zstd gzip
        root * /var/www/comics
        file_server
}

3dm.delmar.bzh {
        reverse_proxy bernie:3214
        encode gzip zstd
}

affine.delmar.bzh {
        reverse_proxy sandy:3010
        encode gzip zstd
}

bookstack.delmar.bzh {
        reverse_proxy sandy:6875
        encode gzip zstd
}

books.delmar.bzh {
        reverse_proxy sandy:32768
        encode gzip zstd
}

cloud.delmar.bzh {
        encode gzip zstd
        reverse_proxy sandy:35771 {
                header_up Host {upstream_hostport}
        }

        redir /.well-known/carddav /remote.php/dav/ 301
        redir /.well-known/caldav /remote.php/dav/ 301

        header {
                Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
                X-XSS-Protection "1; mode=block;"
                X-Content-Type-Options "nosniff"
                X-Frame-Options "SAMEORIGIN"
        }
}

cpt.delmar.bzh {
        reverse_proxy bob:9090 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
        encode gzip zstd
}

cs.delmar.bzh {
        reverse_proxy sheldon:49505
        encode gzip zstd
}

ctr.delmar.bzh {
        reverse_proxy bob:47810
        encode gzip zstd
}

cvs.delmar.bzh {
        reverse_proxy sandy:54268
        encode gzip zstd
}

dev.delmar.bzh {
        reverse_proxy gary:50154
        encode gzip zstd
}

dkr.delmar.bzh {
        reverse_proxy bob:32519
        encode gzip zstd
}

dolibarr.delmar.bzh {
        reverse_proxy sandy:64616
        encode gzip zstd
}

draw.delmar.bzh {
        reverse_proxy sandy:24928
        encode gzip zstd
}

gen.delmar.bzh {
        reverse_proxy sheldon:63578
        encode gzip zstd
}

git.delmar.bzh {
        reverse_proxy krabs:3001
        encode gzip zstd
}

gotify.delmar.bzh {
        reverse_proxy bob:41901
        encode gzip zstd
}

homepage.delmar.bzh {
        reverse_proxy gary:7575
        encode gzip zstd
}

home-assistant.delmar.bzh {
        reverse_proxy gary:8123
        encode gzip zstd
}

it.delmar.bzh {
        reverse_proxy bob:8888
        encode gzip zstd
}

jellyfin.delmar.bzh {
        reverse_proxy gary:8096
        encode gzip zstd
}

jellyseerr.delmar.bzh {
        reverse_proxy gary:5055
        encode gzip zstd
}

kontadenn.delmar.bzh {
        root * /var/www/kontadenn
        encode gzip zstd
        file_server
}

minio.delmar.bzh {
        reverse_proxy sandy:9000
        encode gzip zstd
}

nds.delmar.bzh {
        root * /var/www/nds
        encode gzip zstd
        file_server
}

nsns.delmar.bzh {
        root * /var/www/nsns
        encode gzip zstd
        file_server
}

octoprint.delmar.bzh {
        reverse_proxy bernie:54963 {
                header_up X-Forwarded-Proto {scheme}
        }
        encode gzip zstd
}

paperless.delmar.bzh {
        reverse_proxy sandy:8000
        encode gzip zstd
}

pdf.delmar.bzh {
        reverse_proxy sandy:9890
        encode gzip zstd
}

penpot.delmar.bzh {
        reverse_proxy sandy:43735
        encode gzip zstd
}

rallly.delmar.bzh {
        reverse_proxy sandy:17818
        encode gzip zstd
}

search.delmar.bzh
        reverse_proxy carlo:23485
        encode gzip zstd
}

send.delmar.bzh {
        reverse_proxy krabs:53842
        encode gzip zstd
}

stream.delmar.bzh {
        reverse_proxy bernie:62036
        encode gzip zstd
        basic_auth / {
                admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi
        }
}

tpml.delmar.bzh {
        encode gzip zstd
        root * /var/www/tpml
        file_server
}

twip.delmar.bzh {
        reverse_proxy bob:23473
        encode gzip zstd
}

ugo.delmar.bzh {
        reverse_proxy gary:8090
        encode gzip zstd
}

vault.delmar.bzh {
        reverse_proxy gary:16081
        encode gzip zstd
}

wizarr.delmar.bzh {
        reverse_proxy gary:5690
        encode gzip zstd
}

www.delmar.bzh {
        encode gzip zstd

        handle {
                root * /var/www/comics
                file_server
        }

        handle_path /julien/* {
                root * /var/www/resumes/julien
                file_server
        }
}

sudo systemctl restart caddy

Services

Service Host IP:port
affine.delmar.bzh sandy (affine_server) 3010
(affine_migration_job)
(affine_postgres)
(affine_redis)
books.delmar.bzh sandy (booklore) 32768
(mariadb)
bookstack.delmar.bzh sandy (bookstack) 6875
(bookstack_db)
cloud.delmar.bzh sandy (nextcloud) 35771
(nextcloud-adminer) 62674
(nextcloud-coturn) 3478 | 5439 | 49160
(nextcloud-cron)
(nextcloud-mariadb)
(nextcloud-redis)
cpt.delmar.bzh All () 9090
cs.delmar.bzh sheldon (code-server) 49505
ctr.delmar.bzh bob (compose-craft-saas) 47810
(compose-craft-db) 27017
dev.delmar.bzh gary (appsmith) 50154
(pgadmin)
(postgres)
dkr.delmar.bzh bob (dokemon) 32519
dolibarr.delmar.bzh sandy (dolibarr_app) 64616
(dolibarr_db)
draw.delmar.bzh sandy drawio 24928
gen.delmar.bzh sheldon (webtrees) 63578
git.delmar.bzh carlo 192.168.1.163:3001
gotify.delmar.bzh bob (gotify) 41901
homepage.delmar.bzh gary (homarr) 7575
home-assistant.delmar.bzh gary (homeassistant) 8123
(mosquitto) 16883 | 19001
it.delmar.bzh bob (it-tools) 8888
jellyfin.delmar.bzh
jellyseer.delmar.bzh
wizarr.delmar.bzh		 gary (jellyfin) 8096
(jellyseerr) 5055
(wizarr) 5690
(qbittorrent)
(sabnzbd)
(radarr)
(sonarr)
(lidarr)
(prowlarr)
(bazarr)
(tdarr)
(unpackerr)
(gluetun) >>> VPN
kontadenn.delmar.bzh bob > Caddyfile
nds.delmar.bzh bob > Caddyfile
nsns.delmar.bzh bob > Caddyfile
octoprint.delmar.bzh
stream.delmar.bzh		 bernie/td> (octoprint) 54963
(camera-streamer) 62036
paperless.delmar.bzh sandy (paperless-ngx) 8000
(paperless-postgres)
(paperless-redis)
pdf.delmar.bzh sandy (stirling-pdf) 9890
penpot.delmar.bzh sandy (penpot-frontend) 43735 (penpot-backend)
(penpot-exporter)
(penpot-postgres)
(penpot-redis)
*postgres* sheldon (postgres) 5432
(pgadmin) 15432
rallly.delmar.bzh sandy (reactive-resume_app) 54268
(reactive-resume_minio) 9000
(reactive-resume_chrome)
(reactive-resume_postgres)
search.delmar.bzh carlo (searxng) 23485
send.delmar.bzh krabs (zipline) 53842
tpml.delmar.bzh bob > Caddyfile
twip.delmar.bzh bob (twip) 23473
ugo.delmar.bzh gary (wordpress-app) 8090
(wordpress-adminer) 62674
(wordpress-mariadb)
vault.delmar.bzh gary (vaultwarden) 3012 | 16081
www.delmar.bzh bob > Caddyfile
... All watchtower
Reference in New Issue View Git Blame Copy Permalink