{ # CrowdSec LAPI connection crowdsec { api_url https://{{ services['crowdsec']['domain'] }}.{{ domain['internal'] }}:{{ services['crowdsec']['ports']['https'] }} api_key "{file./run/secrets/CADDY_CROWDSEC_KEY}" } } # Snippets # CrowdSec log for parser (crowdsec_log) { log { output file /log/access.log { mode 0644 roll_size 100MiB roll_keep 1 } format json } } # Private TLS ACME with DNS-01-challenge (private_tls) { tls { issuer acme { dir https://{{ services['ca']['domain'] }}.{{ domain['internal'] }}:{{ services['ca']['ports']['https'] }}/acme/acme@{{ domain['internal'] }}/directory dns rfc2136 { server {{ services['bind']['domain'] }}.{{ domain['internal'] }}:{{ services['bind']['ports']['dns'] }} key_name acme-key key_alg hmac-sha256 key "{file./run/secrets/CADDY_ACME_KEY}" } resolvers {{ services['bind']['domain'] }}.{{ domain['internal'] }} } } } # Public domain {{ services['authelia']['domain'] }}.{{ domain['public'] }} { import crowdsec_log route { crowdsec reverse_proxy host.containers.internal:9091 } } # test.ilnmors.com { # import crowdsec_log # route { # crowdsec # forward_auth host.containers.internal:9091 { # # Authelia Forward Auth endpoint URI # uri /api/authz/forward-auth # copy_headers Remote-User Remote-Groups Remote-Email Remote-Name # } # root * /usr/share/caddy # file_server # } # } # test.app.ilnmors.com { # import crowdsec_log # route { # crowdsec # reverse_proxy https://test.app.ilnmors.internal { # header_up Host {http.reverse_proxy.upstream.host} # } # } # } {{ services['vaultwarden']['domain']['public'] }}.{{ domain['public'] }} { import crowdsec_log route { crowdsec reverse_proxy https://{{ services['vaultwarden']['domain']['internal'] }}.{{ domain['internal'] }} { header_up Host {http.reverse_proxy.upstream.host} } } } {{ services['gitea']['domain']['public'] }}.{{ domain['public'] }} { import crowdsec_log route { crowdsec reverse_proxy https://{{ services['gitea']['domain']['internal'] }}.{{ domain['internal'] }} { header_up Host {http.reverse_proxy.upstream.host} } } } {{ services['immich']['domain']['public'] }}.{{ domain['public'] }} { import crowdsec_log route { crowdsec reverse_proxy https://{{ services['immich']['domain']['internal'] }}.{{ domain['internal'] }} { header_up Host {http.reverse_proxy.upstream.host} } } } {{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }} { import crowdsec_log route { crowdsec reverse_proxy https://{{ services['actualbudget']['domain']['internal'] }}.{{ domain['internal'] }} { header_up Host {http.reverse_proxy.upstream.host} } } } {{ services['paperless']['domain']['public'] }}.{{ domain['public'] }} { import crowdsec_log route { crowdsec reverse_proxy https://{{ services['paperless']['domain']['internal'] }}.{{ domain['internal'] }} { header_up Host {http.reverse_proxy.upstream.host} } } } {{ services['vikunja']['domain']['public'] }}.{{ domain['public'] }} { import crowdsec_log route { crowdsec reverse_proxy https://{{ services['vikunja']['domain']['internal'] }}.{{ domain['internal'] }} { header_up Host {http.reverse_proxy.upstream.host} } } } # Internal domain {{ node['name'] }}.{{ domain['internal'] }} { import private_tls metrics }