mirror of
https://github.com/acedanger/docker.git
synced 2025-12-06 05:40:11 -08:00
163 lines
3.4 KiB
Caddyfile
163 lines
3.4 KiB
Caddyfile
{
|
|
email peter@peterwood.dev
|
|
# Add global error logging with INFO level (captures errors but not debug noise)
|
|
log {
|
|
output stdout
|
|
format console
|
|
level INFO
|
|
}
|
|
}
|
|
|
|
ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
# this is the the wiki
|
|
# 100.108.70.63 is ts-racknerd
|
|
reverse_proxy 100.108.70.63:8300
|
|
}
|
|
|
|
wiki.ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
# Route ACME challenges explicitly to be handled internally by Caddy
|
|
route /.well-known/acme-challenge/* {
|
|
# No directive needed here; Caddy's internal handler takes precedence.
|
|
# This prevents the challenge requests from being proxied.
|
|
}
|
|
|
|
# Proxy all other requests to the wiki
|
|
route {
|
|
# 100.108.70.63 is ts-racknerd
|
|
reverse_proxy 100.108.70.63:8300
|
|
}
|
|
}
|
|
|
|
jellyfin.peterwood.rocks {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
reverse_proxy host.docker.internal:8096
|
|
}
|
|
|
|
# Serve a simple text message for home.ptrwd.com
|
|
home.ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
|
|
# Allow connections only from private ranges and home IP using Cf-Connecting-Ip header
|
|
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
|
|
handle @allowAccess {
|
|
respond "Welcome home!" 200 {
|
|
close # Close the connection after responding
|
|
}
|
|
}
|
|
handle {
|
|
respond "Access denied" 403
|
|
}
|
|
}
|
|
|
|
# Reverse proxy for sonarr.home.ptrwd.com
|
|
sonarr.home.ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
# Allow connections only from private ranges and home IP
|
|
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
|
|
handle @allowAccess {
|
|
# 100.114.112.100 is ts-io
|
|
reverse_proxy 100.114.112.100:8989
|
|
}
|
|
handle {
|
|
respond 403
|
|
}
|
|
}
|
|
|
|
radarr.home.ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
# Allow connections only from private ranges and home IP
|
|
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
|
|
handle @allowAccess {
|
|
# 100.114.112.100 is ts-io
|
|
reverse_proxy 100.114.112.100:7878
|
|
}
|
|
handle {
|
|
respond 403
|
|
}
|
|
}
|
|
|
|
io.home.ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
# Allow connections only from private ranges and home IP
|
|
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
|
|
handle @allowAccess {
|
|
# 100.114.112.100 is ts-io
|
|
reverse_proxy 100.114.112.100:5001
|
|
}
|
|
handle {
|
|
respond 403
|
|
}
|
|
}
|
|
|
|
europa.home.ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
# Allow connections only from private ranges and home IP
|
|
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
|
|
handle @allowAccess {
|
|
reverse_proxy host.docker.internal:5001
|
|
}
|
|
handle {
|
|
respond 403
|
|
}
|
|
}
|
|
|
|
racknerd.home.ptrwd.com {
|
|
tls {
|
|
dns cloudflare {
|
|
zone_token {env.CF_ZONE_READ}
|
|
api_token {env.CF_DNS_EDIT}
|
|
}
|
|
}
|
|
# Allow connections only from private ranges and home IP
|
|
@allowAccess client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 162.203.102.154/32
|
|
handle @allowAccess {
|
|
# 100.108.70.63 is ts-racknerd
|
|
reverse_proxy 100.108.70.63:5001
|
|
}
|
|
handle {
|
|
respond 403
|
|
}
|
|
}
|