From 65c565815eb4924dc99deeffdf0596b3ffe0b1f6 Mon Sep 17 00:00:00 2001 From: MSWS Date: Sun, 16 Mar 2025 04:47:12 -0700 Subject: [PATCH] Switch to caddy instead of swag/nginx --- caddy/Caddyfile | 43 +++++++++++++ caddy/Dockerfile | 14 +++++ caddy/compose.yml | 29 +++++++++ {swag => disabled/swag}/compose.yml | 0 .../nginx/proxy-confs/chhoto.subfolder.conf | 20 ------ .../proxy-confs/code-server.subdomain.conf | 26 -------- .../nginx/proxy-confs/gitea.subdomain.conf | 60 ------------------ .../proxy-confs/push.code.subdomain.conf | 63 ------------------- 8 files changed, 86 insertions(+), 169 deletions(-) create mode 100644 caddy/Caddyfile create mode 100644 caddy/Dockerfile create mode 100644 caddy/compose.yml rename {swag => disabled/swag}/compose.yml (100%) delete mode 100644 swag/config/nginx/proxy-confs/chhoto.subfolder.conf delete mode 100644 swag/config/nginx/proxy-confs/code-server.subdomain.conf delete mode 100644 swag/config/nginx/proxy-confs/gitea.subdomain.conf delete mode 100644 swag/config/nginx/proxy-confs/push.code.subdomain.conf diff --git a/caddy/Caddyfile b/caddy/Caddyfile new file mode 100644 index 0000000..4d2e66d --- /dev/null +++ b/caddy/Caddyfile @@ -0,0 +1,43 @@ +{ + email imodmaker@gmail.com + acme_ca https://acme-v02.api.letsencrypt.org/directory + acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN} + + layer4 { + 0.0.0.0:22 { + route { + proxy gitea-server-1:22 + } + } + } +} + +git.msws.xyz, git.local.msws.xyz, registry.msws.xyz { + reverse_proxy gitea-server-1:3000 +} + +yt.local.msws.xyz { + reverse_proxy invidious:3000 +} + +pass.local.msws.xyz { + reverse_proxy vaultwarden:80 +} + +code.local.msws.xyz { + reverse_proxy code-server:8443 +} + +:443, :80 { + handle_path /resume* { + rewrite * /MSWS/Resume/main/Resume.pdf + reverse_proxy https://raw.githubusercontent.com { + header_up Host raw.githubusercontent.com + header_down Content-Type application/pdf + } + } + + reverse_proxy https://msws.github.io { + header_up Host msws.github.io + } +} diff --git a/caddy/Dockerfile b/caddy/Dockerfile new file mode 100644 index 0000000..494faf6 --- /dev/null +++ b/caddy/Dockerfile @@ -0,0 +1,14 @@ +# Build stage +ARG CADDY_VERSION=2 +FROM caddy:${CADDY_VERSION}-builder AS builder + +# Build Caddy with the Cloudflare DNS module +RUN xcaddy build \ + --with github.com/caddy-dns/cloudflare \ + --with github.com/mholt/caddy-l4 + +# Final stage +FROM caddy:${CADDY_VERSION} + +# Copy the custom-built Caddy binary +COPY --from=builder /usr/bin/caddy /usr/bin/caddy diff --git a/caddy/compose.yml b/caddy/compose.yml new file mode 100644 index 0000000..52e8357 --- /dev/null +++ b/caddy/compose.yml @@ -0,0 +1,29 @@ +services: + caddy: + # image: ghcr.io/caddybuilds/caddy-cloudflare:latest + build: . + restart: unless-stopped + cap_add: + - NET_ADMIN + ports: + - "22:22" + - "80:80" + - "443:443" + - "443:443/udp" + volumes: + - $PWD/Caddyfile:/etc/caddy/Caddyfile + - $PWD/site:/srv + - caddy_data:/data + - caddy_config:/config + environment: + - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN} + networks: + - cloudflared + +volumes: + caddy_data: + caddy_config: + +networks: + cloudflared: + external: true diff --git a/swag/compose.yml b/disabled/swag/compose.yml similarity index 100% rename from swag/compose.yml rename to disabled/swag/compose.yml diff --git a/swag/config/nginx/proxy-confs/chhoto.subfolder.conf b/swag/config/nginx/proxy-confs/chhoto.subfolder.conf deleted file mode 100644 index 14797d6..0000000 --- a/swag/config/nginx/proxy-confs/chhoto.subfolder.conf +++ /dev/null @@ -1,20 +0,0 @@ -# Redirect /s to /s/ -location = /s { - return 301 /s/; -} - -# Rewrite for /api* requests -location /api { - rewrite ^/api(.*) /s$1 break; - proxy_pass http://chhoto-url:4567; # Reverse proxy - proxy_set_header Host $host; # Important for proxying - proxy_set_header X-Real-IP $remote_addr; # Important for proxying -} - -# Catch-all for other paths starting with /s/ -location /s/ { - rewrite ^/s/(.*)$ https://go.msws.xyz/$1; - proxy_pass http://chhoto-url:4567; # Reverse proxy - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; -} diff --git a/swag/config/nginx/proxy-confs/code-server.subdomain.conf b/swag/config/nginx/proxy-confs/code-server.subdomain.conf deleted file mode 100644 index 5e05a78..0000000 --- a/swag/config/nginx/proxy-confs/code-server.subdomain.conf +++ /dev/null @@ -1,26 +0,0 @@ -## Version 2023/05/31 -# make sure that your code-server container is named code-server -# make sure that your dns has a cname set for code-server - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - listen 80; - listen [::]:80; - - server_name local.code.* code.* "~^[0-9]{1,10}\.code\..*$"; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - location / { - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app code-server; - set $upstream_port 8443; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/swag/config/nginx/proxy-confs/gitea.subdomain.conf b/swag/config/nginx/proxy-confs/gitea.subdomain.conf deleted file mode 100644 index 4a035c2..0000000 --- a/swag/config/nginx/proxy-confs/gitea.subdomain.conf +++ /dev/null @@ -1,60 +0,0 @@ -## Version 2024/07/16 -# make sure that your gitea container is named gitea -# make sure that your dns has a cname set for gitea -# edit the following parameters in /data/gitea/conf/app.ini -# [server] -# SSH_DOMAIN = gitea.server.com -# ROOT_URL = https://gitea.server.com/ -# DOMAIN = gitea.server.com - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name git.* registry.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app gitea-server-1; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/gitea)?/info/lfs { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app gitea-server-1; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/swag/config/nginx/proxy-confs/push.code.subdomain.conf b/swag/config/nginx/proxy-confs/push.code.subdomain.conf deleted file mode 100644 index 22ffe7d..0000000 --- a/swag/config/nginx/proxy-confs/push.code.subdomain.conf +++ /dev/null @@ -1,63 +0,0 @@ -## Version 2024/07/16 -# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template. -# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for and replace them. Review other sample files to see how things are done. -# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings. -# make sure that your container is named -# make sure that your dns has a cname set for - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name push.code.msws.xyz; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app gitea-server-1; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. - } - - # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints. - # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below. - # location ~ (/)?/api { - # include /config/nginx/proxy.conf; - # include /config/nginx/resolver.conf; - # set $upstream_app ; - # set $upstream_port ; - # set $upstream_proto ; - # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - # - # # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. - # } -}