anton
/
docker-apps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

moved caddy config to /apps 

locked caddy to 10.0.64.22
This commit is contained in:
azykov@mail.ru 2026-04-12 22:25:14 +03:00
parent 4c920dde88
commit 19fabebeac
3 changed files with 417 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
caddy/compose.yaml
View File

@ -4,10 +4,10 @@ services:
container_name: caddy container_name: caddy
restart: always restart: always
ports: ports:
- 80:80 - 10.0.64.22:80:80
# - 443:443 # 443 is for haproxy # - 443:443 # 443 is for haproxy
volumes: volumes:
- /docker/data/caddy/etc:/etc/caddy - ./config:/etc/caddy
- /docker/data/caddy/webroot:/webroot - /docker/data/caddy/webroot:/webroot
- /docker/data/caddy/log:/var/log/caddy - /docker/data/caddy/log:/var/log/caddy
- /docker/data/caddy/data:/data - /docker/data/caddy/data:/data

106
caddy/config/Caddyfile Normal file
View File

@ -0,0 +1,106 @@
{
admin off
http_port 80
https_port 443
}
# TODO does not work
# caddy ignores it!!!!!!!!!
(common) {
header * Server "nginx/1.12.2-2"
}
(proxy-headers) {
header_up X-Real-IP {remote_host}
header_down * Server "nginx/1.12.2-2"
}
#gzip
#tls support@aggtaa.ru
#errors /var/log/caddy/error.log
auth.aggtaa.com {
reverse_proxy auth:9091 {
}
log {
output file /var/log/caddy/auth.aggtaa.com.log
}
}
pve.aggtaa.com {
reverse_proxy 10.0.64.21:8006 {
transport http {
tls
tls_insecure_skip_verify
}
}
log {
output file /var/log/caddy/pve.aggtaa.com.log
}
}
vw.aggtaa.com {
reverse_proxy vaultwarden:80
log {
output file /var/log/caddy/vw.aggtaa.com.log
}
}
cluster-c.aggtaa.com {
forward_auth auth:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy dockge:5001 {
}
log {
output file /var/log/caddy/cluster-c.aggtaa.com.log
}
}
p.aggtaa.com {
forward_auth auth:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy 10.0.64.12:8080
log {
output file /var/log/caddy/p.aggtaa.com.log
}
}
apps.aggtaa.com {
forward_auth auth:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy heimdall:80
log {
output file /var/log/caddy/apps.aggtaa.com.log
}
}
c.aggtaa.com {
reverse_proxy radicale:5232
log {
output file /var/log/caddy/c.aggtaa.com.log
}
}
zigbee2mqtt.aggtaa.com {
reverse_proxy zigbee2mqtt:8080
log {
output file /var/log/caddy/zigbee2mqtt.aggtaa.com.log
}
}
git.aggtaa.com {
reverse_proxy 10.0.64.33:80
log {
output file /var/log/caddy/git.aggtaa.com.log
}
}

309
caddy/config/Caddyfile.bak Normal file
View File

@ -0,0 +1,309 @@
{
admin off
http_port 80
https_port 443
}
# TODO does not work
# caddy ignores it!!!!!!!!!
(common) {
header * Server "nginx/1.12.2-2"
}
(proxy-headers) {
header_up X-Real-IP {remote_host}
header_down * Server "nginx/1.12.2-2"
}
#gzip
#tls support@aggtaa.ru
#errors /var/log/caddy/error.log
pve.aggtaa.com {
@whitelist {
remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
}
reverse_proxy 10.0.64.21:8006 {
transport http {
tls
tls_insecure_skip_verify
}
}
log {
output file /var/log/caddy/pve.aggtaa.ru.log
}
}
photo.aggtaa.com {
reverse_proxy 10.0.64.39:2283
log {
output file /var/log/caddy/photo.aggtaa.ru.log
}
}
mak.aggtaa.com {
reverse_proxy 10.0.65.125:13444
log {
output file /var/log/caddy/mak.aggtaa.ru.log
}
}
vw.aggtaa.com {
reverse_proxy 10.0.64.82:80
log {
output file /var/log/caddy/vw.aggtaa.com.log
}
}
#cloud3.aggtaa.com {
# reverse_proxy 10.0.65.125:6666
# log {
# output file /var/log/caddy/cloud3.aggtaa.ru.log
# }
#}
home.aggtaa.com {
handle_path /phpmyadmin/* {
reverse_proxy 127.0.0.1:38090
# php_fastcgi 127.0.0.1:38080
}
# php_fastcgi 127.0.0.1:38080
root * /home/www/home
file_server
log {
output file /var/log/caddy/home.aggtaa.ru.log
}
}
#safecoach.ru {
# redir /~/analytics /~/analytics/
# handle_path /~/analytics/* {
# reverse_proxy localhost:18587
# }
#
# handle_path /~/* {
# handle_path /calendar/* {
# rewrite * /autocalendar{uri}
# reverse_proxy localhost:18582
# }
# reverse_proxy localhost:18580
# }
#
# handle_path /~dev/* {
# handle_path /calendar/* {
# rewrite * /autocalendar{uri}
# reverse_proxy 10.0.65.125:5232
# }
# reverse_proxy 10.0.65.125:18580 {
# header_down Location / {scheme}://{hostport}/~dev/
# }
# }
#
# root * /home/www/safecoach.ru
# file_server
#
# log {
# output file /var/log/caddy/safecoach.ru.log
# }
#}
#appscanlive.com {
# root * /home/www/appscanlive.com/html
# file_server
#
# log {
# output file /var/log/caddy/appscanlive.com.log
# }
#}
#mail.appscanlive.com {
#
# reverse_proxy localhost:39008
#
# root * /home/docker/data/roundcube/www
# php_fastcgi localhost:39000
# root * /home/www/appscanlive.com/html
# file_server
#
# log {
# output file /var/log/caddy/mail.appscanlive.com.log
# }
#}
#tg.aggtaa.ru {
# reverse_proxy 10.0.65.125:39756
#}
#optimacros-lc.aggtaa.ru {
#
# handle_path /xmlrpc.php {
# abort
# }
# handle_path /wp-login.php {
# abort
# }
#
# reverse_proxy 10.0.65.125:8885
#}
#optimacros-am.aggtaa.ru {
#
# handle_path /api/* {
# reverse_proxy 10.0.65.125:18788
# }
#
# reverse_proxy /app/* 10.0.65.125:18788
# reverse_proxy /testtest 10.0.65.125:18788
# reverse_proxy /oauthCallback 10.0.65.125:18788
# reverse_proxy 10.0.65.125:18789
#}
#ws.safecoach.ru {
# # reverse_proxy 127.0.0.1:38101
# redir https://w.cardvision.ru{uri}
#}
#demo.ws.safecoach.ru {
# reverse_proxy 127.0.0.1:38101
# redir https://demo.cardvision.ru{uri}
#}
#dev.cardvision.ru {
# reverse_proxy 10.0.65.125:13444
#}
#um.analytics.aggtaa.ru {
# rewrite /uatr.js /umami.js
# reverse_proxy 127.0.0.1:18587
#}
c.aggtaa.com {
handle_path /data/* {
reverse_proxy 10.0.64.31:8080 {
header_up X-Script-Name /data
header_up X-Forwarded-Prefix /data
header_up X-Forwarded-Prefix /data
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
header {
-X-Powered-By
-Server
}
}
redir /.well-known/carddav /data permanent
redir /.well-known/caldav /data permanent
handle {
root * /etc/caddy/www/c.aggtaa.com
file_server
}
log {
output file /var/log/caddy/c.aggtaa.com.log
}
}
#ci.aggtaa.ru {
# reverse_proxy 127.0.0.1:38081
#}
git.aggtaa.com {
reverse_proxy 10.0.64.33:80
log {
output file /var/log/caddy/git.aggtaa.com.log
}
}
fin.aggtaa.com {
reverse_proxy 10.0.64.184:80
log {
output file /var/log/caddy/fin.aggtaa.com.log
}
}
import.fin.aggtaa.com {
reverse_proxy 10.0.64.184:81
log {
output file /var/log/caddy/import.fin.aggtaa.com.log
}
}
files.aggtaa.com {
reverse_proxy 10.0.64.49:9200
log {
output file /var/log/caddy/files.aggtaa.com.log
}
}
paperless.aggtaa.com {
reverse_proxy 10.0.64.198:8000
log {
output file /var/log/caddy/paperless.aggtaa.com.log
}
}
meet.aggtaa.com {
reverse_proxy 10.0.64.145:8000
log {
output file /var/log/caddy/meet.aggtaa.com.log
}
}
tracker.aggtaa.com {
reverse_proxy 10.0.64.41:80
log {
output file /var/log/caddy/tracker.aggtaa.com.log
}
}
auth.aggtaa.com {
reverse_proxy 10.0.64.5:9091
log {
output file /var/log/caddy/auth.aggtaa.com.log
}
}
p.aggtaa.com {
# forward_auth auth.aggtaa.com { # does not work, freezes caddy. maybe because auth.aggtaa.com resolves to the caddy box?
forward_auth 10.0.64.5:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy 10.0.64.12:8080
log {
output file /var/log/caddy/p.aggtaa.com.log
}
}
vpn2.aggtaa.com {
reverse_proxy 10.0.64.6:57777
}
#rancher2.aggtaa.com {
# reverse_proxy https://10.0.64.23:6443
# log {
# output file /var/log/caddy/rancher2.aggtaa.com.log
# }
#}
dvr.aggtaa.com {
reverse_proxy 10.0.64.196:80
log {
output file /var/log/caddy/dvr.aggtaa.com.log
}
}
portainer.aggtaa.com {
reverse_proxy https://10.0.64.198
log {
output file /var/log/caddy/portainer.aggtaa.com.log
}
}