MS/Homelab
1
0
Fork 0
mirror of https://github.com/MSWS/Homelab.git synced 2025-12-05 23:00:24 -08:00
Code Issues Packages Projects Releases Wiki Activity

Switch to caddy instead of swag/nginx

Browse Source
This commit is contained in:
MSWS
2025-03-16 04:47:12 -07:00
parent aac27b5a83
commit 65c565815e
8 changed files with 86 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
caddy/Caddyfile Normal file
View File

@@ -0,0 +1,43 @@
{
email imodmaker@gmail.com
acme_ca https://acme-v02.api.letsencrypt.org/directory
acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
layer4 {
0.0.0.0:22 {
route {
proxy gitea-server-1:22
}
}
}
}
git.msws.xyz, git.local.msws.xyz, registry.msws.xyz {
reverse_proxy gitea-server-1:3000
}
yt.local.msws.xyz {
reverse_proxy invidious:3000
}
pass.local.msws.xyz {
reverse_proxy vaultwarden:80
}
code.local.msws.xyz {
reverse_proxy code-server:8443
}
:443, :80 {
handle_path /resume* {
rewrite * /MSWS/Resume/main/Resume.pdf
reverse_proxy https://raw.githubusercontent.com {
header_up Host raw.githubusercontent.com
header_down Content-Type application/pdf
}
}
reverse_proxy https://msws.github.io {
header_up Host msws.github.io
}
}

14
caddy/Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
# Build stage
ARG CADDY_VERSION=2
FROM caddy:${CADDY_VERSION}-builder AS builder
# Build Caddy with the Cloudflare DNS module
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/mholt/caddy-l4
# Final stage
FROM caddy:${CADDY_VERSION}
# Copy the custom-built Caddy binary
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

29
caddy/compose.yml Normal file
View File

@@ -0,0 +1,29 @@
services:
caddy:
# image: ghcr.io/caddybuilds/caddy-cloudflare:latest
build: .
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- "22:22"
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/site:/srv
- caddy_data:/data
- caddy_config:/config
environment:
- CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
networks:
- cloudflared
volumes:
caddy_data:
caddy_config:
networks:
cloudflared:
external: true

0
swag/compose.yml → disabled/swag/compose.yml
View File

20
swag/config/nginx/proxy-confs/chhoto.subfolder.conf
View File

@@ -1,20 +0,0 @@
# Redirect /s to /s/
location = /s {
return 301 /s/;
}
# Rewrite for /api* requests
location /api {
rewrite ^/api(.*) /s$1 break;
proxy_pass http://chhoto-url:4567; # Reverse proxy
proxy_set_header Host $host; # Important for proxying
proxy_set_header X-Real-IP $remote_addr; # Important for proxying
}
# Catch-all for other paths starting with /s/
location /s/ {
rewrite ^/s/(.*)$ https://go.msws.xyz/$1;
proxy_pass http://chhoto-url:4567; # Reverse proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

26
swag/config/nginx/proxy-confs/code-server.subdomain.conf
View File

@@ -1,26 +0,0 @@
## Version 2023/05/31
# make sure that your code-server container is named code-server
# make sure that your dns has a cname set for code-server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 80;
listen [::]:80;
server_name local.code.* code.* "~^[0-9]{1,10}\.code\..*$";
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app code-server;
set $upstream_port 8443;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

60
swag/config/nginx/proxy-confs/gitea.subdomain.conf
View File

@@ -1,60 +0,0 @@
## Version 2024/07/16
# make sure that your gitea container is named gitea
# make sure that your dns has a cname set for gitea
# edit the following parameters in /data/gitea/conf/app.ini
# [server]
# SSH_DOMAIN = gitea.server.com
# ROOT_URL = https://gitea.server.com/
# DOMAIN = gitea.server.com
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.* registry.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gitea-server-1;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/gitea)?/info/lfs {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gitea-server-1;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

63
swag/config/nginx/proxy-confs/push.code.subdomain.conf
View File

@@ -1,63 +0,0 @@
## Version 2024/07/16
# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
# make sure that your <container_name> container is named <container_name>
# make sure that your dns has a cname set for <container_name>
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name push.code.msws.xyz;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gitea-server-1;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
}
# REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
# REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
# location ~ (/<container_name>)?/api {
# include /config/nginx/proxy.conf;
# include /config/nginx/resolver.conf;
# set $upstream_app <container_name>;
# set $upstream_port <port_number>;
# set $upstream_proto <http or https>;
# proxy_pass $upstream_proto://$upstream_app:$upstream_port;
#
# # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
# }
}