sascha/pfannkuchen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pfannkuchen/proxy/Caddyfile
feldjaeger 24ad19f969 perf: Emby/Jellyfin von FRP auf WireGuard direkt umgestellt 
- tv.sascha-lutz.de → 10.6.1.103:8096 (war FRP :18096)
- guck.tv → 10.7.1.106:8096 (war FRP :28096)
- netzflix.org → 10.6.1.103:9096 (war FRP :38096)
- HTTP/3 QUIC funktioniert jetzt für Streaming (~50ms statt ~100ms)
- FRP Server auf VPS deaktiviert
2026-04-14 13:54:41 +02:00

258 lines
7.1 KiB
Caddyfile
Raw Blame History

{
metrics
admin :2019
log {
output file /var/log/caddy/caddy_main.log {
roll_size 100MiB
roll_keep 5
roll_keep_for 100d
}
format json
level INFO
}
}
(emby_config) {
log {
output file "/var/log/caddy/{args[0]}.log" {
roll_size 100MiB
roll_keep 5
roll_keep_for 100d
}
format json
}
@compress {
header Content-Type text/*
header Content-Type application/json*
header Content-Type application/javascript*
header Content-Type image/svg+xml
}
encode @compress zstd gzip
reverse_proxy {args[1]} {
flush_interval -1
header_up X-Accel-Buffering "no"
}
header {
Access-Control-Allow-Origin *
Cache-Control "no-cache, no-transform"
defer
}
}
tv.sascha-lutz.de {
import emby_config tv.sascha-lutz.de 10.6.1.103:8096
}
guck.tv {
import emby_config guck.tv 10.7.1.106:8096
}
netzflix.org {
import emby_config netzflix.org 10.6.1.103:9096
}
vault.sascha-lutz.de {
reverse_proxy vaultwarden
}
auth.sascha-lutz.de {
reverse_proxy 10.5.85.5:9000
}
home.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy homepage:3000
}
grafana.sascha-lutz.de {
reverse_proxy 10.1.1.111:3000
}
patchmon.sascha-lutz.de {
reverse_proxy 10.4.1.116:3100
}
tesla.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy 10.1.1.111:4000
}
influx.sascha-lutz.de {
reverse_proxy 10.1.1.111:8086
}
status.guck.tv {
@root path /
rewrite @root /status/emby
reverse_proxy 10.200.200.254:3001 {
header_up Host {host}
}
}
plappern.com {
request_body {
max_size 500MB
}
handle /.well-known/matrix/server {
header Content-Type application/json
respond `{"m.server":"plappern.com:443"}` 200
}
handle /.well-known/matrix/client {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.homeserver":{"base_url":"https://plappern.com"},"m.identity_server":{"base_url":"https://vector.im"}}` 200
}
reverse_proxy 10.4.1.110:8008
}
web.plappern.com {
reverse_proxy 10.4.1.110:8080
}
plappern.com:8448 {
reverse_proxy 10.4.1.110:8008
}
docker.sascha-lutz.de {
reverse_proxy 10.4.1.116:3000
}
chat.plappern.com {
reverse_proxy 10.4.1.110:8090
}
n8n.sascha-lutz.de {
reverse_proxy 10.4.1.113:5678
}
dl.guck.tv {
reverse_proxy 10.2.1.100:5055 {
header_up Host {host}
header_up X-Real-IP {remote_host}
# Optional: Timeout-Werte anpassen, falls nötig (z.B. für große Mediendateien)
transport http {
dial_timeout 10s
read_timeout 30s
}
}
}
immich.sascha-lutz.de {
reverse_proxy 10.4.1.107:2283
handle {
request_body {
max_size 64GB
}
}
}
# Proxmox VE Nodes - HTTPS Reverse Proxy (vermeidet selbst-signierte Zertifikat-Warnungen)
pve1.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy https://10.5.85.11:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
pve2.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy https://10.5.85.12:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
pve3.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy https://10.5.85.13:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
pve4.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy https://10.5.85.14:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
pve5.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy https://10.5.85.15:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
pve6.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy https://10.5.85.16:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
pve7.sascha-lutz.de {
forward_auth 10.5.85.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
trusted_proxies private_ranges
}
reverse_proxy https://10.5.85.17:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
wiki.sascha-lutz.de {
reverse_proxy 10.1.1.100:3000
}
Reference in a new issue View git blame Copy permalink