118 lines
3.5 KiB
Django/Jinja
118 lines
3.5 KiB
Django/Jinja
{
|
|
# CrowdSec LAPI connection
|
|
crowdsec {
|
|
api_url https://{{ infra_uri['crowdsec']['domain'] }}:{{ infra_uri['crowdsec']['ports']['https'] }}
|
|
api_key "{file./run/secrets/CADDY_CROWDSEC_KEY}"
|
|
}
|
|
}
|
|
|
|
# Snippets
|
|
# CrowdSec log for parser
|
|
(crowdsec_log) {
|
|
log {
|
|
output file /log/access.log {
|
|
mode 0644
|
|
roll_size 100MiB
|
|
roll_keep 1
|
|
}
|
|
format json
|
|
}
|
|
}
|
|
# Private TLS ACME with DNS-01-challenge
|
|
(private_tls) {
|
|
tls {
|
|
issuer acme {
|
|
dir https://{{ infra_uri['ca']['domain'] }}:{{ infra_uri['ca']['ports']['https'] }}/acme/acme@ilnmors.internal/directory
|
|
dns rfc2136 {
|
|
server {{ infra_uri['bind']['domain'] }}:{{ infra_uri['bind']['ports']['dns'] }}
|
|
key_name acme-key
|
|
key_alg hmac-sha256
|
|
key "{file./run/secrets/CADDY_ACME_KEY}"
|
|
}
|
|
resolvers {{ infra_uri['bind']['domain'] }}
|
|
}
|
|
}
|
|
}
|
|
|
|
# Public domain
|
|
authelia.ilnmors.com {
|
|
import crowdsec_log
|
|
route {
|
|
crowdsec
|
|
reverse_proxy host.containers.internal:9091
|
|
}
|
|
}
|
|
# test.ilnmors.com {
|
|
# import crowdsec_log
|
|
# route {
|
|
# crowdsec
|
|
# forward_auth host.containers.internal:9091 {
|
|
# # Authelia Forward Auth endpoint URI
|
|
# uri /api/authz/forward-auth
|
|
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
|
|
# }
|
|
# root * /usr/share/caddy
|
|
# file_server
|
|
# }
|
|
# }
|
|
# test.app.ilnmors.com {
|
|
# import crowdsec_log
|
|
# route {
|
|
# crowdsec
|
|
# reverse_proxy https://test.app.ilnmors.internal {
|
|
# header_up Host {http.reverse_proxy.upstream.host}
|
|
# }
|
|
# }
|
|
# }
|
|
vault.ilnmors.com {
|
|
import crowdsec_log
|
|
route {
|
|
crowdsec
|
|
reverse_proxy https://vault.app.ilnmors.internal {
|
|
header_up Host {http.reverse_proxy.upstream.host}
|
|
}
|
|
}
|
|
}
|
|
gitea.ilnmors.com {
|
|
import crowdsec_log
|
|
route {
|
|
crowdsec
|
|
reverse_proxy https://gitea.app.ilnmors.internal {
|
|
header_up Host {http.reverse_proxy.upstream.host}
|
|
}
|
|
}
|
|
}
|
|
immich.ilnmors.com {
|
|
import crowdsec_log
|
|
route {
|
|
crowdsec
|
|
reverse_proxy https://immich.app.ilnmors.internal {
|
|
header_up Host {http.reverse_proxy.upstream.host}
|
|
}
|
|
}
|
|
}
|
|
budget.ilnmors.com {
|
|
import crowdsec_log
|
|
route {
|
|
crowdsec
|
|
reverse_proxy https://budget.app.ilnmors.internal {
|
|
header_up Host {http.reverse_proxy.upstream.host}
|
|
}
|
|
}
|
|
}
|
|
paperless.ilnmors.com {
|
|
import crowdsec_log
|
|
route {
|
|
crowdsec
|
|
reverse_proxy https://paperless.app.ilnmors.internal {
|
|
header_up Host {http.reverse_proxy.upstream.host}
|
|
}
|
|
}
|
|
}
|
|
|
|
# Internal domain
|
|
auth.ilnmors.internal {
|
|
import private_tls
|
|
metrics
|
|
}
|