add Caddy (#2)

Co-authored-by: Sönke Domröse <soenke@heimdall.himdall.home.domroese.eu> Reviewed-on: #2
2025-04-24 13:37:58 +02:00
parent 415660949c
commit ae4dbd7d87
4 changed files with 142 additions and 0 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -0,0 +1,76 @@
+git.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.194:8418
+}
+
+guac.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:6080
+}
+
+rss.home.domroese.eu {
+    tls soenke@domroese.eu
+    reverse_proxy 192.168.1.65:8884
+}
+
+morphos.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8020
+}
+
+uptimekuma.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8030
+}
+
+kopia.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:51515
+}
+
+jenkins.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8040
+}
+
+pihole.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:2000
+}
+
+paperless.home.domroese.eu:443,
+paperless.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1000
+}
+
+ittools.home.domroese.eu:443,
+ittools.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9080
+}
+
+vault.home.domroese.eu:443,
+vault.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4080
+}
+
+chat.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1180
+}
+
+nas.home.domroese.eu {
+    tls soenke@domroese.eu {
+	client_auth {
+		mode request
+	}
+    }
+    reverse_proxy https://192.168.1.194:5001 {
+	transport http {
+	        tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
+	}
+    }
+}
+
--- a/caddy/config/config
+++ b/caddy/config/config
@@ -0,0 +1,29 @@
+{
+  "admin": {
+    "disabled": false,
+    "listen": "*:2019",
+    "enforce_origin": false,
+    "origins": [
+      "0.0.0.0",
+      "localhost",
+      "192.168.0.0/24"
+    ],
+    "remote": {
+      "listen": "",
+      "access_control": [{
+        "public_keys": [
+          ""
+        ],
+        "permissions": [{
+          "paths": [
+            ""
+          ],
+          "methods": [
+            ""
+          ]
+        }]
+      }]
+    }
+  } 
+}
+
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@@ -0,0 +1,32 @@
+services:
+  web:
+    image: caddy
+    container_name: "caddy"
+    ports:
+      - "2019:2019"
+      - "8880:80"
+      - "8443:443"
+      - "8443:443/udp"
+      - "8448:8448"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - caddy-data:/data
+      - caddy-config:/config
+    restart: unless-stopped
+    networks:
+      - caddy-network
+      
+  caddy-ui:
+      image: qmcgaw/caddy-ui
+      ports:
+        - "8881:8000"
+      environment:
+        - CADDY_API_ENDPOINT=http://192.168.1.65:2019
+      networks:
+        - caddy-network
+networks:
+  caddy-network:
+
+volumes:
+  caddy-data:
+  caddy-config:
--- a/caddy/reload.sh
+++ b/caddy/reload.sh
@@ -0,0 +1,5 @@
+!#/bin/bash
+
+caddy_container_id=$(docker ps | grep caddy | awk '{print $1;}')
+docker exec -w /etc/caddy $caddy_container_id caddy reload
+