62 lines
2.0 KiB
Django/Jinja
62 lines
2.0 KiB
Django/Jinja
{
|
|
servers {
|
|
# Only accept packets from auth main caddy
|
|
trusted_proxies static {{ hostvars['fw']['network4']['auth']['server'] }} {{ hostvars['fw']['network6']['auth']['server'] }}
|
|
}
|
|
}
|
|
# Private TLS ACME with DNS-01-challenge
|
|
(private_tls) {
|
|
tls {
|
|
issuer acme {
|
|
dir https://{{ infra_uri['ca']['domain'] }}:{{ infra_uri['ca']['ports']['https'] }}/acme/acme@ilnmors.internal/directory
|
|
dns rfc2136 {
|
|
server {{ infra_uri['bind']['domain'] }}:{{ infra_uri['bind']['ports']['dns'] }}
|
|
key_name acme-key
|
|
key_alg hmac-sha256
|
|
key "{file./run/secrets/CADDY_ACME_KEY}"
|
|
}
|
|
resolvers {{ infra_uri['bind']['domain'] }}
|
|
}
|
|
}
|
|
}
|
|
|
|
app.ilnmors.internal {
|
|
import private_tls
|
|
metrics
|
|
}
|
|
# test.app.ilnmors.internal {
|
|
# import private_tls
|
|
# root * /usr/share/caddy
|
|
# file_server
|
|
# }
|
|
vault.app.ilnmors.internal {
|
|
import private_tls
|
|
reverse_proxy host.containers.internal:8000 {
|
|
header_up Host {http.request.header.X-Forwarded-Host}
|
|
}
|
|
}
|
|
gitea.app.ilnmors.internal {
|
|
import private_tls
|
|
reverse_proxy host.containers.internal:3000 {
|
|
header_up Host {http.request.header.X-Forwarded-Host}
|
|
}
|
|
}
|
|
immich.app.ilnmors.internal {
|
|
import private_tls
|
|
reverse_proxy host.containers.internal:2283 {
|
|
header_up Host {http.request.header.X-Forwarded-Host}
|
|
}
|
|
}
|
|
budget.app.ilnmors.internal {
|
|
import private_tls
|
|
reverse_proxy host.containers.internal:5006 {
|
|
header_up Host {http.request.header.X-Forwarded-Host}
|
|
}
|
|
}
|
|
paperless.app.ilnmors.internal {
|
|
import private_tls
|
|
reverse_proxy host.containers.internal:8001 {
|
|
header_up Host {http.request.header.X-Forwarded-Host}
|
|
}
|
|
}
|