diff --git a/.env.enc b/.env.enc new file mode 100644 index 0000000..e388540 --- /dev/null +++ b/.env.enc @@ -0,0 +1,19 @@ +EVOLUTION_API_KEY=ENC[AES256_GCM,data:FJ4RAC/CkR53EliADN8DwOJRaLpTKB8LzS9vu5ax2jM=,iv:cmrF0Q0q+x97UlYOvA4yGwr2GaQ5jXyf8APHrpq1DFU=,tag:oGWZepM9BJ6tbFTf36SqBQ==,type:str] +EVOLUTION_INSTANCE=ENC[AES256_GCM,data:zsXfW/Cf1gi/UBQ=,iv:XHoT5quwQ2wnwWGdbNJiYCeDJEjamxSK4yrO0LZRNiA=,tag:y2mTdLrwNbc+zcllt2CqxQ==,type:str] +#ENC[AES256_GCM,data:RgNVv5hbESTwAO39jW7YV40pZHZY,iv:t5mLeoLj9+GsPx8JgV1bJs6rsjnZ6Z9iPi2aNzfdib8=,tag:mnIRono2CzxAS/yamx+48Q==,type:comment] +HOMEPAGE_VAR_EMBY_SASCHA_KEY=ENC[AES256_GCM,data:11ubBGzMWrjtxF/jQ4IZsyyfH7OA+F/frG1xO9u8fww=,iv:qeUsV9//FQ5Xv9he3U4HIEueGxoEsx+X6bVoEutmOwU=,tag:s3Jh8mJmNvQNRsEEydd3RA==,type:str] +HOMEPAGE_VAR_EMBY_CHRIS_KEY=ENC[AES256_GCM,data:Jf/vP4AW55ZTfksVO6N5q8/uaOfQrNV/uXWQjmcUWAE=,iv:wgXMsrHUZ48Ev0+yBUMDJGhkfqv339mJcILnnSvmbiU=,tag:r+6tMI3bFnNTYHmuThlNqA==,type:str] +HOMEPAGE_VAR_PROXMOX_TOKEN=ENC[AES256_GCM,data:aH4DGsOHn6UOr8GZVxYkvt8n7X8h2UQ4feOq9mJua8onJqok,iv:1p4tWJNoC7CgEDdrXnmIpkIvrBMpzMAQDcmRnkuCYLk=,tag:IIX02ta7uSP7qdCLD8RUKA==,type:str] +HOMEPAGE_VAR_PBS_USERNAME=ENC[AES256_GCM,data:iWOXPV7YVeV4kBew/d6qw5w=,iv:x4Tr8zayKOUhkRmtzhoXtwG3zJIHq1cSva8CLe7tXu0=,tag:mlURtx1qCiRrWj8dCfqK/g==,type:str] +HOMEPAGE_VAR_PBS_TOKEN=ENC[AES256_GCM,data:hFiIu+Q+U4z9FN1x3VzJXTe77om1GU63ceBuNgOy4GCjqFPx,iv:xhVt4c/ZbKoSnc43sOD71CJYctWSWFDSP+g0//ps8es=,tag:vIXFJeFXBfCfN3h5EvLx9w==,type:str] +HOMEPAGE_VAR_SYNOLOGY_USER=ENC[AES256_GCM,data:Cko95ovD,iv:6zHK9iBwjOk/kuw2vEh7t3kxpRJwh7uuBeeV7fm1whc=,tag:K0+hyL+DkV6BA42kaWqtaA==,type:str] +HOMEPAGE_VAR_SYNOLOGY_PASS=ENC[AES256_GCM,data:6f4CADqNXOQ=,iv:pVNrT2Hed9AWdkdI1S4IbL9uDqMPeYFt2X2obQ0Vjok=,tag:62ppHm2FuoVwqupw4SZ+TQ==,type:str] +HOMEPAGE_VAR_SABNZBD_KEY=ENC[AES256_GCM,data:JBb764HRHIbsCGBfVwX2iv8Qbv6yze4nKnPHnh744/0=,iv:Rlz3HVhFVs4kDwIa8tJlbwNODvKL7DmfgPFft7Qsop0=,tag:BB+ymnScdkH3t+ByKYnVjQ==,type:str] +HOMEPAGE_VAR_DOCKHAND_USER=ENC[AES256_GCM,data:nYMO8SM=,iv:8ymvdnromhTOAgJj6ZD2AZDftzY6xiXEJ5trHF5BKBA=,tag:Irv1++3JkPKlgAsW9bayXA==,type:str] +HOMEPAGE_VAR_DOCKHAND_PASS=ENC[AES256_GCM,data:+dEOB4IVDnqwNsf3CUI=,iv:t9osFq+XfUHOcx5z3n4ry7Hc/3EJw3+Gb25m6Vgvr+g=,tag:7Wy2gRIBBeDoCfXcMtKYHQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRVYxOGtEVDdNYWNVem44\nQkpBRUZ5N1JRRUhtVXgweDF1Z0lEWENMRTEwCmJ2YzJ6bzM3OWRlSWp2N1Zzb3Jj\nWW9kbHJWUTA5T2FjZjErUDdMVkJabjAKLS0tIE5IemtqblRMeW1BSnU4R09TL2Rq\nUFJpbmZ6Z1h2V1ovWUpTSVhyaEhka3cKaLETCEC0rw7yk2UdGnMsQRD8R4IByrKm\nV3kysZbBvfHp8oy1hbYLGuw98CcxPgiBI9ragMwBSxCATQmablrZZQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1z8gak2l4h0vpcnhtcdxmem2u9h2n54vuksk8ys82609qtzampuvqh50wdr +sops_lastmodified=2026-04-04T07:42:39Z +sops_mac=ENC[AES256_GCM,data:yMLHULVORzUiWMDpjW1LxNsFVg6HLC9vLtZOgM53iY5A0XkFrQnFpYZsmuA5HxL7TGUhuUCccDXlJFyK54TopNsGA8oafyayapkFdUPhp6YZrea2VkmQIfd9T8m1bww69LpMMvJpmwKwtm/cSPfE2Xraab1Uk4KbKTJwTpvF+FA=,iv:IzC4QepR8lFcrkbun6L2SW0qShFYPBlJVdlkIwpJ7og=,tag:hWuWFfoD9xnqlsntlBgb8g==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.12.2 diff --git a/proxy/Caddyfile b/proxy/Caddyfile new file mode 100644 index 0000000..2f4b5a7 --- /dev/null +++ b/proxy/Caddyfile @@ -0,0 +1,258 @@ +{ + metrics + admin :2019 + log { + output file /var/log/caddy/caddy_main.log { + roll_size 100MiB + roll_keep 5 + roll_keep_for 100d + } + format json + level INFO + } +} + +(emby_config) { + log { + output file "/var/log/caddy/{args[0]}.log" { + roll_size 100MiB + roll_keep 5 + roll_keep_for 100d + } + format json + } + @compress { + header Content-Type text/* + header Content-Type application/json* + header Content-Type application/javascript* + header Content-Type image/svg+xml + } + encode @compress zstd gzip + reverse_proxy {args[1]} { + flush_interval -1 + header_up X-Accel-Buffering "no" + } + header { + Access-Control-Allow-Origin * + Cache-Control "no-cache, no-transform" + defer + } +} + + +tv.sascha-lutz.de { + import emby_config tv.sascha-lutz.de host.docker.internal:18096 +} + +guck.tv { + import emby_config guck.tv host.docker.internal:28096 +} + +netzflix.org { + import emby_config netzflix.org host.docker.internal:38096 +} + + +vault.sascha-lutz.de { + reverse_proxy vaultwarden +} + +auth.sascha-lutz.de { + reverse_proxy 10.5.85.5:9000 +} + +home.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy homepage:3000 +} + +grafana.sascha-lutz.de { + reverse_proxy 10.1.1.111:3000 +} + +patchmon.sascha-lutz.de { + reverse_proxy 10.4.1.116:3100 +} + +tesla.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy 10.1.1.111:4000 +} + + +influx.sascha-lutz.de { + reverse_proxy 10.1.1.111:8086 +} + +status.guck.tv { + @root path / + rewrite @root /status/emby + + reverse_proxy 10.200.200.254:3001 { + header_up Host {host} + } +} + +plappern.com { + request_body { + max_size 500MB + } + + handle /.well-known/matrix/server { + header Content-Type application/json + respond `{"m.server":"plappern.com:443"}` 200 + } + + handle /.well-known/matrix/client { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.homeserver":{"base_url":"https://plappern.com"},"m.identity_server":{"base_url":"https://vector.im"}}` 200 + } + + reverse_proxy 10.4.1.110:8008 +} + +web.plappern.com { + reverse_proxy 10.4.1.110:8080 +} + +plappern.com:8448 { + reverse_proxy 10.4.1.110:8008 +} + +docker.sascha-lutz.de { + reverse_proxy 10.4.1.116:3000 +} + +chat.plappern.com { + reverse_proxy 10.4.1.110:8090 +} +n8n.sascha-lutz.de { + reverse_proxy 10.4.1.113:5678 +} + +dl.guck.tv { + reverse_proxy 10.2.1.100:5055 { + header_up Host {host} + header_up X-Real-IP {remote_host} + # Optional: Timeout-Werte anpassen, falls nötig (z.B. für große Mediendateien) + transport http { + dial_timeout 10s + read_timeout 30s + } + } +} + +immich.sascha-lutz.de { + reverse_proxy 10.4.1.107:2283 + handle { + request_body { + max_size 64GB + } + } +} + +# Proxmox VE Nodes - HTTPS Reverse Proxy (vermeidet selbst-signierte Zertifikat-Warnungen) +pve1.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.11:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve2.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.12:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve3.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.13:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve4.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.14:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve5.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.15:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve6.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.16:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +pve7.sascha-lutz.de { + forward_auth 10.5.85.5:9000 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid + trusted_proxies private_ranges + } + reverse_proxy https://10.5.85.17:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + + +wiki.sascha-lutz.de { + reverse_proxy 10.1.1.100:3000 +} diff --git a/proxy/compose.yaml b/proxy/compose.yaml new file mode 100644 index 0000000..6ab3894 --- /dev/null +++ b/proxy/compose.yaml @@ -0,0 +1,25 @@ +networks: + proxy_network: + external: true + +services: + caddy: + image: caddy + container_name: caddy + restart: always + extra_hosts: + - "host.docker.internal:host-gateway" + networks: + - proxy_network + expose: + - 2019 + ports: + - 80:80 + - 443:443/tcp + - 443:443/udp + - 8448:8448 + - 10.200.200.254:2019:2019 + volumes: + - /app-config/caddy/data:/data + - ./Caddyfile:/etc/caddy/Caddyfile + - /app-config/caddy/logs:/var/log/caddy