From 17a4e126a4399929fe0eb15d875807cf69423b7f Mon Sep 17 00:00:00 2001 From: sascha Date: Mon, 6 Apr 2026 21:41:28 +0200 Subject: [PATCH] add Caddyfile to git (source of truth) - flush_interval 10s -> -1 (immediate flush for streaming) - was previously only on VPS, now version-controlled --- Caddyfile | 258 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 258 insertions(+) create mode 100644 Caddyfile diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..2f4b5a7 --- /dev/null +++ b/Caddyfile @@ -0,0 +1,258 @@ +{ + metrics + admin :2019 + log { + output file /var/log/caddy/caddy_main.log { + roll_size 100MiB + roll_keep 5 + roll_keep_for 100d + } + format json + level INFO + } +} + +(emby_config) { + log { + output file "/var/log/caddy/{args[0]}.log" { + roll_size 100MiB + roll_keep 5 + roll_keep_for 100d + } + format json + } + @compress { + header Content-Type text/* + header Content-Type application/json* + header Content-Type application/javascript* + header Content-Type image/svg+xml + } + encode @compress zstd gzip + reverse_proxy {args[1]} { + flush_interval -1 + header_up X-Accel-Buffering "no" + } + header { + Access-Control-Allow-Origin * + Cache-Control "no-cache, no-transform" + defer + } +} + + +tv.sascha-lutz.de { + import emby_config tv.sascha-lutz.de host.docker.internal:18096 +} + +guck.tv { + import emby_config guck.tv host.docker.internal:28096 +} + +netzflix.org { + import emby_config netzflix.org host.docker.internal:38096 +} + + +vault.sascha-lutz.de { + reverse_proxy vaultwarden +} + +auth.sascha-lutz.de { + reverse_proxy 10.5.85.5:9000 +} + +home.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy homepage:3000 +} + +grafana.sascha-lutz.de { + reverse_proxy 10.1.1.111:3000 +} + +patchmon.sascha-lutz.de { + reverse_proxy 10.4.1.116:3100 +} + +tesla.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy 10.1.1.111:4000 +} + + +influx.sascha-lutz.de { + reverse_proxy 10.1.1.111:8086 +} + +status.guck.tv { + @root path / + rewrite @root /status/emby + + reverse_proxy 10.200.200.254:3001 { + header_up Host {host} + } +} + +plappern.com { + request_body { + max_size 500MB + } + + handle /.well-known/matrix/server { + header Content-Type application/json + respond `{"m.server":"plappern.com:443"}` 200 + } + + handle /.well-known/matrix/client { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.homeserver":{"base_url":"https://plappern.com"},"m.identity_server":{"base_url":"https://vector.im"}}` 200 + } + + reverse_proxy 10.4.1.110:8008 +} + +web.plappern.com { + reverse_proxy 10.4.1.110:8080 +} + +plappern.com:8448 { + reverse_proxy 10.4.1.110:8008 +} + +docker.sascha-lutz.de { + reverse_proxy 10.4.1.116:3000 +} + +chat.plappern.com { + reverse_proxy 10.4.1.110:8090 +} +n8n.sascha-lutz.de { + reverse_proxy 10.4.1.113:5678 +} + +dl.guck.tv { + reverse_proxy 10.2.1.100:5055 { + header_up Host {host} + header_up X-Real-IP {remote_host} + # Optional: Timeout-Werte anpassen, falls nötig (z.B. für große Mediendateien) + transport http { + dial_timeout 10s + read_timeout 30s + } + } +} + +immich.sascha-lutz.de { + reverse_proxy 10.4.1.107:2283 + handle { + request_body { + max_size 64GB + } + } +} + +# Proxmox VE Nodes - HTTPS Reverse Proxy (vermeidet selbst-signierte Zertifikat-Warnungen) +pve1.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.11:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve2.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.12:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve3.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.13:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve4.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.14:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve5.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.15:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve6.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.16:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve7.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.17:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + + +wiki.sascha-lutz.de { + reverse_proxy 10.1.1.100:3000 +}