first commit

2024-03-24 23:15:27 +01:00 · 2024-03-24 23:15:27 +01:00 · 105e2f0d40
commit 105e2f0d40
2 changed files with 147 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,10 @@
+# Ignore everything
+*
+
+# But not these files...
+!.gitignore
+!Caddyfile
+
+# ...even if they are in subdirectories
+!*/
+
--- a/137
+++ b/137
@ -0,0 +1,137 @@
+(headers_reverseproxy_nextcloud) {
+  header {
+    Strict-Transport-Security "max-age=31536000; includeSubdomains"
+  }
+}
+
+(headers_reverseproxy) {
+  header {   
+    Strict-Transport-Security "max-age=31536000; includeSubdomains"
+    X-XSS-Protection "1; mode=block"
+    X-Content-Type-Options "nosniff"
+    X-Frame-Options "SAMEORIGIN"
+    Referrer-Policy "same-origin"
+  }    
+}
+(logging) {
+  log {
+    output file caddy_access_{args.0}.log {
+    roll_size 32mb
+    roll_keep 5
+    roll_keep_for 720h
+    }
+  }
+}
+
+https://origine.nsupdate.info {
+  import headers_reverseproxy
+  reverse_proxy 192.168.1.2:8123
+  import logging origine.nsupdate.info
+}
+
+adguard.nsupdate.info {
+  reverse_proxy 192.168.1.3:85
+  import logging adguard.nsupdate.info
+}
+
+adminer.nsupdate.info {
+  reverse_proxy 192.168.1.3:82
+  import logging adminer.nsupdate.info
+}
+
+next.nsupdate.info {
+  import headers_reverseproxy_nextcloud
+  rewrite /.well-known/carddav /remote.php/dav
+  rewrite /.well-known/caldav /remote.php/dav
+  reverse_proxy 192.168.1.3:83
+  import logging next.nsupdate.info  
+}
+
+tty.nsupdate.info {
+    rewrite / /wetty{uri}
+    reverse_proxy 192.168.1.3:3333
+#    import logging tty.nsupdate.info
+}
+
+bloggy.nsupdate.info {
+    reverse_proxy 192.168.1.3:84
+    import logging bloggy.nsupdate.info
+}
+
+
+ntfy.nsupdate.info {
+    reverse_proxy 192.168.1.3:87
+    import logging ntfy.nsupdate.info
+}
+
+motion.nsupdate.info {
+    reverse_proxy 192.168.1.3:8081
+    import logging motion.nsupdate.info
+}
+
+
+tag.nsupdate.info {
+    reverse_proxy 192.168.1.3:88
+    import logging tag.nsupdate.info
+}
+
+#netdisco.nsupdate.info {
+#    reverse_proxy 192.168.1.3:5000
+#    import logging netdisco.nsupdate.info
+#}
+
+
+
+
+vault.nsupdate.info {
+
+
+  # Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
+  # tls {$EMAIL}
+
+  # Or uncomment this if you're providing your own cert. You would also use this option
+  # if you're running behind Cloudflare.
+  # tls {$SSL_CERT_PATH} {$SSL_KEY_PATH}
+
+  # This setting may have compatibility issues with some browsers
+  # (e.g., attachment downloading on Firefox). Try disabling this
+  # if you encounter issues.
+  encode gzip
+
+  # Uncomment to improve security (WARNING: only use if you understand the implications!)
+  # header {
+  #      # Enable HTTP Strict Transport Security (HSTS)
+  #      Strict-Transport-Security "max-age=31536000;"
+  #      # Enable cross-site filter (XSS) and tell browser to block detected attacks
+  #      X-XSS-Protection "1; mode=block"
+  #      # Disallow the site to be rendered within a frame (clickjacking protection)
+  #      X-Frame-Options "DENY"
+  #      # Prevent search engines from indexing (optional)
+  #      X-Robots-Tag "none"
+  #      # Server name removing
+  #      -Server
+  # }
+
+  # Uncomment to allow access to the admin interface only from local networks
+  # @insecureadmin {
+  #   not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
+  #   path /admin*
+  # }
+  # redir @insecureadmin /
+
+  # Notifications redirected to the websockets server
+  reverse_proxy /notifications/hub 192.168.1.3:3012
+
+  # Proxy everything else to Rocket
+  reverse_proxy 192.168.1.3:86 {
+       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
+       # log, so that fail2ban can ban the correct IP.
+       header_up X-Real-IP {remote_host}
+  }
+}
+
+
+boxnet.nsupdate.info {
+    reverse_proxy 192.168.1.3:90
+    import logging boxnet.nsupdate.info
+}