1.1.0 Release caddy-app

2026-03-15 04:56:21 +09:00
parent a7365da431
commit 6cd26eb7d8
6 changed files with 72 additions and 4 deletions
--- a/config/services/containers/common/caddy/etc/app/Caddyfile.j2
+++ b/config/services/containers/common/caddy/etc/app/Caddyfile.j2
@@ -0,0 +1,30 @@
+{
+        servers {
+                # Only accept packets from auth main caddy
+                trusted_proxies static {{ hostvars['fw']['network4']['auth']['server'] }} {{ hostvars['fw']['network6']['auth']['server'] }}
+        }
+}
+# Private TLS ACME with DNS-01-challenge
+(private_tls) {
+        tls {
+                issuer acme {
+                        dir https://{{ infra_uri['ca']['domain'] }}:{{ infra_uri['ca']['ports']['https'] }}/acme/acme@ilnmors.internal/directory
+                        dns rfc2136 {
+                                server {{ infra_uri['bind']['domain'] }}:{{ infra_uri['bind']['ports']['dns'] }}
+                                key_name acme-key
+                                key_alg hmac-sha256
+                                key "{file./run/secrets/CADDY_ACME_KEY}"
+                        }
+                }
+        }
+}
+
+app.ilnmors.internal {
+        import private_tls
+        metrics
+}
+test.app.ilnmors.internal {
+         import private_tls
+         root * /usr/share/caddy
+         file_server
+}
--- a/config/services/containers/common/caddy/etc/auth/Caddyfile.j2
+++ b/config/services/containers/common/caddy/etc/auth/Caddyfile.j2
@@ -54,6 +54,15 @@ test.ilnmors.com {
                file_server
        }
 }
+test.app.ilnmors.com {
+        import crowdsec_log
+        route {
+                crowdsec
+                reverse_proxy https://test.app.ilnmors.internal {
+                        header_up Host {http.reverse_proxy.upstream.host}
+                }
+        }
+}

 # Internal domain
 auth.ilnmors.internal {
--- a/config/services/containers/infra/ca/config/ca.json.j2
+++ b/config/services/containers/infra/ca/config/ca.json.j2
@@ -22,7 +22,8 @@
 				"allow": {
 					"dns": [
 						"ilnmors.internal",
-						"*.ilnmors.internal"
+						"*.ilnmors.internal",
+						"*.app.ilnmors.internal"
 					]
 				},
 				"allowWildcardNames": true