
{
        metrics
        admin :2019
        log {
                output file /var/log/caddy/caddy_main.log {
                        roll_size 100MiB
                        roll_keep 5
                        roll_keep_for 100d
                }
                format json
                level INFO
        }
}

(emby_config) {
        log {
                output file "/var/log/caddy/{args[0]}.log" {
                        roll_size 100MiB
                        roll_keep 5
                        roll_keep_for 100d
                }
                format json
        }
        @compress {
                header Content-Type text/*
                header Content-Type application/json*
                header Content-Type application/javascript*
                header Content-Type image/svg+xml
        }
        encode @compress zstd gzip
        reverse_proxy {args[1]} {
                flush_interval -1
                header_up X-Accel-Buffering "no"
        }
        header {
                Access-Control-Allow-Origin *
                Cache-Control "no-cache, no-transform"
                defer
        }
}


tv.sascha-lutz.de {
        import emby_config tv.sascha-lutz.de host.docker.internal:18096
}

guck.tv {
        import emby_config guck.tv host.docker.internal:28096
}

netzflix.org {
        import emby_config netzflix.org host.docker.internal:38096
}


vault.sascha-lutz.de {
        reverse_proxy vaultwarden
}

auth.sascha-lutz.de {
        reverse_proxy 10.5.85.5:9000
}

home.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy homepage:3000
}

grafana.sascha-lutz.de {
        reverse_proxy 10.1.1.111:3000
}



tesla.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy 10.1.1.111:4000
}


influx.sascha-lutz.de {
        reverse_proxy 10.1.1.111:8086
}

status.guck.tv {
        @root path /
        rewrite @root /status/emby

        reverse_proxy 10.200.200.254:3001 {
                header_up Host {host}
        }
}

plappern.com {
    request_body {
        max_size 500MB
    }

    handle /.well-known/matrix/server {
        header Content-Type application/json
        respond `{"m.server":"plappern.com:443"}` 200
    }

    handle /.well-known/matrix/client {
        header Content-Type application/json
        header Access-Control-Allow-Origin *
        respond `{"m.homeserver":{"base_url":"https://plappern.com"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://plappern.com/_matrix/client/unstable/org.matrix.msc4143/rtc_session/sfu_url"}]}` 200
    }

    handle /.well-known/element/element.json {
        header Content-Type application/json
        header Access-Control-Allow-Origin *
        respond `{"call":{"widget_url":"https://call.element.io"}}` 200
    }

    handle /_matrix/client/unstable/org.matrix.msc4143/rtc_session/* {
        uri strip_prefix /_matrix/client/unstable/org.matrix.msc4143/rtc_session
        reverse_proxy 10.4.1.110:8090
    }
    reverse_proxy 10.4.1.110:8008
}

web.plappern.com {
    reverse_proxy 10.4.1.110:8080
}

plappern.com:8448 {
    handle /.well-known/element/element.json {
        header Content-Type application/json
        header Access-Control-Allow-Origin *
        respond `{"call":{"widget_url":"https://call.element.io"}}` 200
    }

    handle /_matrix/client/unstable/org.matrix.msc4143/rtc_session/* {
        uri strip_prefix /_matrix/client/unstable/org.matrix.msc4143/rtc_session
        reverse_proxy 10.4.1.110:8090
    }
    reverse_proxy 10.4.1.110:8008
}

docker.sascha-lutz.de {
        reverse_proxy 10.4.1.116:3000
}

chat.plappern.com {
            reverse_proxy 10.4.1.110:8090
}
n8n.sascha-lutz.de {
        reverse_proxy 10.4.1.113:5678
}

dl.guck.tv {
        reverse_proxy 10.2.1.100:5055 {
                header_up Host {host}
                header_up X-Real-IP {remote_host}
                # Optional: Timeout-Werte anpassen, falls nötig (z.B. für große Mediendateien)
                transport http {
                        dial_timeout 10s
                        read_timeout 30s
                }
        }
}

immich.sascha-lutz.de {
        reverse_proxy 10.4.1.107:2283
        handle {
                request_body {
                        max_size 64GB
                }
        }
}

# Proxmox VE Nodes - HTTPS Reverse Proxy (vermeidet selbst-signierte Zertifikat-Warnungen)
pve1.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy https://10.5.85.11:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

pve2.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy https://10.5.85.12:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

pve3.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy https://10.5.85.13:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

pve4.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy https://10.5.85.14:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

pve5.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy https://10.5.85.15:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

pve6.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy https://10.5.85.16:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

pve7.sascha-lutz.de {
        forward_auth 10.5.85.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-authentik-username X-authentik-groups X-authentik-email X-authentik-name X-authentik-uid
                trusted_proxies private_ranges
        }
        reverse_proxy https://10.5.85.17:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}


git.sascha-lutz.de {
        reverse_proxy 10.4.1.116:3001
}

wiki.sascha-lutz.de {
        reverse_proxy 10.1.1.100:3000
}

ntfy.sascha-lutz.de {
    reverse_proxy 10.4.1.110:8085
}

livekit.plappern.com {
    reverse_proxy 10.4.1.110:7880
}


