pet-project-server/files/caddyproxy/Caddyfile.template

# -------------------------------------------------------------------
# Global options
# -------------------------------------------------------------------
{
    grace_period 15s

    admin :2019

    # Enable metrics in Prometheus format
    # https://caddyserver.com/docs/metrics
    metrics
}

# -------------------------------------------------------------------
# Snippets
# -------------------------------------------------------------------

# Shared access log for all sites; consumed by GoAccess.
# Mode 644 lets read-only consumers (goaccess and ad-hoc host-side tail)
# read the file; lumberjack would otherwise default to 0600.
(access_log) {
    log {
        output file /var/log/caddy/access.log {
            mode 644
            roll_size 100mib
            roll_keep 10
            roll_keep_for 720h
        }
        format json
    }
}

# -------------------------------------------------------------------
# Applications
# -------------------------------------------------------------------

vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    # Matrix federation delegation: tells other servers/clients that the
    # homeserver for vakhrushev.me lives at matrix.vakhrushev.me.
    # https://spec.matrix.org/latest/server-server-api/#server-discovery
    handle /.well-known/matrix/server {
        header Content-Type application/json
        header Access-Control-Allow-Origin *
        respond `{"m.server": "matrix.vakhrushev.me:443"}`
    }

    handle /.well-known/matrix/client {
        header Content-Type application/json
        header Access-Control-Allow-Origin *
        respond `{"m.homeserver": {"base_url": "https://matrix.vakhrushev.me"}}`
    }

    handle {
        reverse_proxy {
            to homepage_app:80
        }
    }
}

matrix.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to tuwunel_app:6167
    }
}

auth.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log
    
    reverse_proxy authelia_app:9091
}

status.vakhrushev.me, :29999 {
    tls anwinged@ya.ru
    import access_log

    forward_auth authelia_app:9091 {
        uri /api/authz/forward-auth
        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
    }

    reverse_proxy netdata:19999
}

git.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to gitea_app:3000
    }
}

outline.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to outline_app:3000
    }
}

gramps.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to gramps_app:5000
    }
}

miniflux.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to miniflux_app:8080
    }
}

wakapi.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to wakapi_app:3000
    }
}

wanderer.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to wanderer_web:3000
    }
}

memos.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to memos_app:5230
    }
}

remembos.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    forward_auth authelia_app:9091 {
        uri /api/authz/forward-auth
        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
    }

    reverse_proxy {
        to remembos_app:8080
    }
}

calibre.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    reverse_proxy {
        to calibre_web_app:8083
    }
}

wanderbase.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    forward_auth authelia_app:9091 {
        uri /api/authz/forward-auth
        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
    }

    reverse_proxy {
        to wanderer_db:8090
    }
}

rssbridge.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    forward_auth authelia_app:9091 {
        uri /api/authz/forward-auth
        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
    }

    reverse_proxy {
        to rssbridge_app:80
    }
}

dozzle.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    forward_auth authelia_app:9091 {
        uri /api/authz/forward-auth
        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name Remote-Filter
    }

    reverse_proxy dozzle_app:8080
}

goaccess.vakhrushev.me {
    tls anwinged@ya.ru
    import access_log

    forward_auth authelia_app:9091 {
        uri /api/authz/forward-auth
        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
    }

    @websocket {
        header Connection *Upgrade*
        header Upgrade websocket
    }
    reverse_proxy @websocket goaccess_processor:7890

    reverse_proxy goaccess_app:8080
}