From 19fabebeace1e099c6654e07f389aab6682de4a9 Mon Sep 17 00:00:00 2001 From: "azykov@mail.ru" Date: Sun, 12 Apr 2026 22:25:14 +0300 Subject: [PATCH] moved caddy config to /apps locked caddy to 10.0.64.22 --- caddy/compose.yaml | 4 +- caddy/config/Caddyfile | 106 +++++++++++++ caddy/config/Caddyfile.bak | 309 +++++++++++++++++++++++++++++++++++++ 3 files changed, 417 insertions(+), 2 deletions(-) create mode 100644 caddy/config/Caddyfile create mode 100644 caddy/config/Caddyfile.bak diff --git a/caddy/compose.yaml b/caddy/compose.yaml index ac71009..6e9e288 100644 --- a/caddy/compose.yaml +++ b/caddy/compose.yaml @@ -4,10 +4,10 @@ services: container_name: caddy restart: always ports: - - 80:80 + - 10.0.64.22:80:80 # - 443:443 # 443 is for haproxy volumes: - - /docker/data/caddy/etc:/etc/caddy + - ./config:/etc/caddy - /docker/data/caddy/webroot:/webroot - /docker/data/caddy/log:/var/log/caddy - /docker/data/caddy/data:/data diff --git a/caddy/config/Caddyfile b/caddy/config/Caddyfile new file mode 100644 index 0000000..44247e3 --- /dev/null +++ b/caddy/config/Caddyfile @@ -0,0 +1,106 @@ +{ + admin off + + http_port 80 + https_port 443 +} + +# TODO does not work +# caddy ignores it!!!!!!!!! +(common) { + header * Server "nginx/1.12.2-2" +} + +(proxy-headers) { + header_up X-Real-IP {remote_host} + header_down * Server "nginx/1.12.2-2" +} + +#gzip +#tls support@aggtaa.ru +#errors /var/log/caddy/error.log + +auth.aggtaa.com { + reverse_proxy auth:9091 { + } + log { + output file /var/log/caddy/auth.aggtaa.com.log + } +} + +pve.aggtaa.com { + reverse_proxy 10.0.64.21:8006 { + transport http { + tls + tls_insecure_skip_verify + } + } + log { + output file /var/log/caddy/pve.aggtaa.com.log + } +} + +vw.aggtaa.com { + reverse_proxy vaultwarden:80 + log { + output file /var/log/caddy/vw.aggtaa.com.log + } +} + +cluster-c.aggtaa.com { + forward_auth auth:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + + reverse_proxy dockge:5001 { + } + log { + output file /var/log/caddy/cluster-c.aggtaa.com.log + } +} + +p.aggtaa.com { + forward_auth auth:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + + reverse_proxy 10.0.64.12:8080 + log { + output file /var/log/caddy/p.aggtaa.com.log + } +} + +apps.aggtaa.com { + forward_auth auth:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + + reverse_proxy heimdall:80 + log { + output file /var/log/caddy/apps.aggtaa.com.log + } +} + +c.aggtaa.com { + reverse_proxy radicale:5232 + log { + output file /var/log/caddy/c.aggtaa.com.log + } +} + +zigbee2mqtt.aggtaa.com { + reverse_proxy zigbee2mqtt:8080 + log { + output file /var/log/caddy/zigbee2mqtt.aggtaa.com.log + } +} + +git.aggtaa.com { + reverse_proxy 10.0.64.33:80 + log { + output file /var/log/caddy/git.aggtaa.com.log + } +} \ No newline at end of file diff --git a/caddy/config/Caddyfile.bak b/caddy/config/Caddyfile.bak new file mode 100644 index 0000000..5302581 --- /dev/null +++ b/caddy/config/Caddyfile.bak @@ -0,0 +1,309 @@ +{ + admin off + + http_port 80 + https_port 443 +} + +# TODO does not work +# caddy ignores it!!!!!!!!! +(common) { + header * Server "nginx/1.12.2-2" +} + +(proxy-headers) { + header_up X-Real-IP {remote_host} + header_down * Server "nginx/1.12.2-2" +} + +#gzip +#tls support@aggtaa.ru +#errors /var/log/caddy/error.log + +pve.aggtaa.com { + @whitelist { + remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 + } + reverse_proxy 10.0.64.21:8006 { + transport http { + tls + tls_insecure_skip_verify + } + } + log { + output file /var/log/caddy/pve.aggtaa.ru.log + } +} + +photo.aggtaa.com { + reverse_proxy 10.0.64.39:2283 + log { + output file /var/log/caddy/photo.aggtaa.ru.log + } +} + +mak.aggtaa.com { + reverse_proxy 10.0.65.125:13444 + log { + output file /var/log/caddy/mak.aggtaa.ru.log + } +} + +vw.aggtaa.com { + reverse_proxy 10.0.64.82:80 + log { + output file /var/log/caddy/vw.aggtaa.com.log + } +} + +#cloud3.aggtaa.com { +# reverse_proxy 10.0.65.125:6666 +# log { +# output file /var/log/caddy/cloud3.aggtaa.ru.log +# } +#} + +home.aggtaa.com { + handle_path /phpmyadmin/* { + reverse_proxy 127.0.0.1:38090 +# php_fastcgi 127.0.0.1:38080 + } +# php_fastcgi 127.0.0.1:38080 + root * /home/www/home + file_server + log { + output file /var/log/caddy/home.aggtaa.ru.log + } +} + +#safecoach.ru { +# redir /~/analytics /~/analytics/ +# handle_path /~/analytics/* { +# reverse_proxy localhost:18587 +# } +# +# handle_path /~/* { +# handle_path /calendar/* { +# rewrite * /autocalendar{uri} +# reverse_proxy localhost:18582 +# } +# reverse_proxy localhost:18580 +# } +# +# handle_path /~dev/* { +# handle_path /calendar/* { +# rewrite * /autocalendar{uri} +# reverse_proxy 10.0.65.125:5232 +# } +# reverse_proxy 10.0.65.125:18580 { +# header_down Location / {scheme}://{hostport}/~dev/ +# } +# } +# +# root * /home/www/safecoach.ru +# file_server +# +# log { +# output file /var/log/caddy/safecoach.ru.log +# } +#} + +#appscanlive.com { +# root * /home/www/appscanlive.com/html +# file_server +# +# log { +# output file /var/log/caddy/appscanlive.com.log +# } +#} + +#mail.appscanlive.com { +# +# reverse_proxy localhost:39008 +# +# root * /home/docker/data/roundcube/www +# php_fastcgi localhost:39000 +# root * /home/www/appscanlive.com/html +# file_server +# +# log { +# output file /var/log/caddy/mail.appscanlive.com.log +# } +#} + +#tg.aggtaa.ru { +# reverse_proxy 10.0.65.125:39756 +#} + +#optimacros-lc.aggtaa.ru { +# +# handle_path /xmlrpc.php { +# abort +# } +# handle_path /wp-login.php { +# abort +# } +# +# reverse_proxy 10.0.65.125:8885 +#} + +#optimacros-am.aggtaa.ru { +# +# handle_path /api/* { +# reverse_proxy 10.0.65.125:18788 +# } +# +# reverse_proxy /app/* 10.0.65.125:18788 +# reverse_proxy /testtest 10.0.65.125:18788 +# reverse_proxy /oauthCallback 10.0.65.125:18788 +# reverse_proxy 10.0.65.125:18789 +#} + +#ws.safecoach.ru { +# # reverse_proxy 127.0.0.1:38101 +# redir https://w.cardvision.ru{uri} +#} + +#demo.ws.safecoach.ru { +# reverse_proxy 127.0.0.1:38101 +# redir https://demo.cardvision.ru{uri} +#} + +#dev.cardvision.ru { +# reverse_proxy 10.0.65.125:13444 +#} + +#um.analytics.aggtaa.ru { +# rewrite /uatr.js /umami.js +# reverse_proxy 127.0.0.1:18587 +#} + + +c.aggtaa.com { + handle_path /data/* { + reverse_proxy 10.0.64.31:8080 { + header_up X-Script-Name /data + header_up X-Forwarded-Prefix /data + header_up X-Forwarded-Prefix /data + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto {scheme} + } + + header { + -X-Powered-By + -Server + } + } + + redir /.well-known/carddav /data permanent + redir /.well-known/caldav /data permanent + + handle { + root * /etc/caddy/www/c.aggtaa.com + file_server + } + + log { + output file /var/log/caddy/c.aggtaa.com.log + } +} + +#ci.aggtaa.ru { +# reverse_proxy 127.0.0.1:38081 +#} + +git.aggtaa.com { + reverse_proxy 10.0.64.33:80 + log { + output file /var/log/caddy/git.aggtaa.com.log + } +} + +fin.aggtaa.com { + reverse_proxy 10.0.64.184:80 + log { + output file /var/log/caddy/fin.aggtaa.com.log + } +} + +import.fin.aggtaa.com { + reverse_proxy 10.0.64.184:81 + log { + output file /var/log/caddy/import.fin.aggtaa.com.log + } +} + +files.aggtaa.com { + reverse_proxy 10.0.64.49:9200 + log { + output file /var/log/caddy/files.aggtaa.com.log + } +} + +paperless.aggtaa.com { + reverse_proxy 10.0.64.198:8000 + log { + output file /var/log/caddy/paperless.aggtaa.com.log + } +} + +meet.aggtaa.com { + reverse_proxy 10.0.64.145:8000 + log { + output file /var/log/caddy/meet.aggtaa.com.log + } +} + +tracker.aggtaa.com { + reverse_proxy 10.0.64.41:80 + log { + output file /var/log/caddy/tracker.aggtaa.com.log + } +} + +auth.aggtaa.com { + reverse_proxy 10.0.64.5:9091 + log { + output file /var/log/caddy/auth.aggtaa.com.log + } +} + +p.aggtaa.com { + +# forward_auth auth.aggtaa.com { # does not work, freezes caddy. maybe because auth.aggtaa.com resolves to the caddy box? + forward_auth 10.0.64.5:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + + reverse_proxy 10.0.64.12:8080 + log { + output file /var/log/caddy/p.aggtaa.com.log + } +} + +vpn2.aggtaa.com { + reverse_proxy 10.0.64.6:57777 +} + + +#rancher2.aggtaa.com { +# reverse_proxy https://10.0.64.23:6443 +# log { +# output file /var/log/caddy/rancher2.aggtaa.com.log +# } +#} + +dvr.aggtaa.com { + reverse_proxy 10.0.64.196:80 + log { + output file /var/log/caddy/dvr.aggtaa.com.log + } +} + +portainer.aggtaa.com { + reverse_proxy https://10.0.64.198 + log { + output file /var/log/caddy/portainer.aggtaa.com.log + } +}