138 lines
3.4 KiB
Caddyfile
138 lines
3.4 KiB
Caddyfile
(headers_reverseproxy_nextcloud) {
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubdomains"
|
|
}
|
|
}
|
|
|
|
(headers_reverseproxy) {
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubdomains"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "same-origin"
|
|
}
|
|
}
|
|
(logging) {
|
|
log {
|
|
output file caddy_access_{args.0}.log {
|
|
roll_size 32mb
|
|
roll_keep 5
|
|
roll_keep_for 720h
|
|
}
|
|
}
|
|
}
|
|
|
|
https://origine.nsupdate.info {
|
|
import headers_reverseproxy
|
|
reverse_proxy 192.168.1.2:8123
|
|
import logging origine.nsupdate.info
|
|
}
|
|
|
|
adguard.nsupdate.info {
|
|
reverse_proxy 192.168.1.3:85
|
|
import logging adguard.nsupdate.info
|
|
}
|
|
|
|
adminer.nsupdate.info {
|
|
reverse_proxy 192.168.1.3:82
|
|
import logging adminer.nsupdate.info
|
|
}
|
|
|
|
next.nsupdate.info {
|
|
import headers_reverseproxy_nextcloud
|
|
rewrite /.well-known/carddav /remote.php/dav
|
|
rewrite /.well-known/caldav /remote.php/dav
|
|
reverse_proxy 192.168.1.3:83
|
|
import logging next.nsupdate.info
|
|
}
|
|
|
|
tty.nsupdate.info {
|
|
rewrite / /wetty{uri}
|
|
reverse_proxy 192.168.1.3:3333
|
|
# import logging tty.nsupdate.info
|
|
}
|
|
|
|
bloggy.nsupdate.info {
|
|
reverse_proxy 192.168.1.3:84
|
|
import logging bloggy.nsupdate.info
|
|
}
|
|
|
|
|
|
ntfy.nsupdate.info {
|
|
reverse_proxy 192.168.1.3:87
|
|
import logging ntfy.nsupdate.info
|
|
}
|
|
|
|
motion.nsupdate.info {
|
|
reverse_proxy 192.168.1.3:8081
|
|
import logging motion.nsupdate.info
|
|
}
|
|
|
|
|
|
tag.nsupdate.info {
|
|
reverse_proxy 192.168.1.3:88
|
|
import logging tag.nsupdate.info
|
|
}
|
|
|
|
#netdisco.nsupdate.info {
|
|
# reverse_proxy 192.168.1.3:5000
|
|
# import logging netdisco.nsupdate.info
|
|
#}
|
|
|
|
|
|
|
|
|
|
vault.nsupdate.info {
|
|
|
|
|
|
# Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
|
|
# tls {$EMAIL}
|
|
|
|
# Or uncomment this if you're providing your own cert. You would also use this option
|
|
# if you're running behind Cloudflare.
|
|
# tls {$SSL_CERT_PATH} {$SSL_KEY_PATH}
|
|
|
|
# This setting may have compatibility issues with some browsers
|
|
# (e.g., attachment downloading on Firefox). Try disabling this
|
|
# if you encounter issues.
|
|
encode gzip
|
|
|
|
# Uncomment to improve security (WARNING: only use if you understand the implications!)
|
|
# header {
|
|
# # Enable HTTP Strict Transport Security (HSTS)
|
|
# Strict-Transport-Security "max-age=31536000;"
|
|
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
# X-XSS-Protection "1; mode=block"
|
|
# # Disallow the site to be rendered within a frame (clickjacking protection)
|
|
# X-Frame-Options "DENY"
|
|
# # Prevent search engines from indexing (optional)
|
|
# X-Robots-Tag "none"
|
|
# # Server name removing
|
|
# -Server
|
|
# }
|
|
|
|
# Uncomment to allow access to the admin interface only from local networks
|
|
# @insecureadmin {
|
|
# not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
|
|
# path /admin*
|
|
# }
|
|
# redir @insecureadmin /
|
|
|
|
# Notifications redirected to the websockets server
|
|
reverse_proxy /notifications/hub 192.168.1.3:3012
|
|
|
|
# Proxy everything else to Rocket
|
|
reverse_proxy 192.168.1.3:86 {
|
|
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
|
|
# log, so that fail2ban can ban the correct IP.
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|
|
|
|
|
|
boxnet.nsupdate.info {
|
|
reverse_proxy 192.168.1.3:90
|
|
import logging boxnet.nsupdate.info
|
|
}
|