- commit
- f987b11
- parent
- 675fdb0
- author
- Antonio Mika
- date
- 2025-06-17 17:36:29 -0400 EDT
Move around caddyfiles
4 files changed,
+142,
-49
+1,
-1
1@@ -49,7 +49,7 @@ PASTES_DOMAIN=pastes.dev.pico.sh:3001
2 PASTES_PROTOCOL=http
3 PASTES_DEBUG=1
4
5-PROSE_CADDYFILE=./caddy/Caddyfile
6+PROSE_CADDYFILE=./caddy/Caddyfile.prose
7 PROSE_V4=
8 PROSE_V6=
9 PROSE_HTTP_V4=$PROSE_V4:80
+17,
-13
1@@ -4,9 +4,25 @@
2 }
3 servers {
4 metrics
5+ trusted_proxies static 0.0.0.0/0
6 }
7 }
8
9+# custom domains
10+:443 {
11+ reverse_proxy web:3000
12+ log {
13+ format append {
14+ server_id {$APP_DOMAIN}
15+ }
16+ }
17+ tls {$APP_EMAIL} {
18+ on_demand
19+ }
20+ encode zstd gzip
21+}
22+
23+# subdomains and root app domain
24 *.{$APP_DOMAIN}, {$APP_DOMAIN} {
25 reverse_proxy web:3000
26 log {
27@@ -18,6 +34,7 @@
28 dns cloudflare {$CF_API_TOKEN}
29 resolvers 1.1.1.1
30 }
31+
32 encode zstd gzip
33
34 header {
35@@ -70,16 +87,3 @@
36 reverse_proxy web:3000
37 }
38 }
39-
40-:443 {
41- reverse_proxy web:3000
42- log {
43- format append {
44- server_id {$APP_DOMAIN}
45- }
46- }
47- tls {$APP_EMAIL} {
48- on_demand
49- }
50- encode zstd gzip
51-}
+0,
-35
1@@ -85,38 +85,3 @@
2 reverse_proxy web:3000
3 }
4 }
5-
6-monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
7- @grafana {
8- host grafana.{$MONITORING_APP_DOMAIN}
9- }
10-
11- @prometheus {
12- host prometheus.{$MONITORING_APP_DOMAIN}
13- }
14-
15- tls {$MONITORING_APP_EMAIL} {
16- dns cloudflare {$CF_API_TOKEN}
17- resolvers 1.1.1.1
18- }
19-
20- encode zstd gzip
21-
22- reverse_proxy @grafana grafana:3000
23-
24- basicauth @prometheus {
25- eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
26- antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
27- bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
28- }
29- reverse_proxy @prometheus prometheus:9090
30-
31- @caddymetrics {
32- host monitoring.{$MONITORING_APP_DOMAIN}
33- path /_caddy/metrics
34- }
35-
36- metrics @caddymetrics {
37- disable_openmetrics
38- }
39-}
+124,
-0
1@@ -0,0 +1,124 @@
2+{
3+ on_demand_tls {
4+ ask http://web:3000/check
5+ }
6+ servers {
7+ metrics
8+ trusted_proxies static 0.0.0.0/0
9+ }
10+}
11+
12+# custom domains
13+:443 {
14+ reverse_proxy web:3000
15+ log {
16+ format append {
17+ server_id {$APP_DOMAIN}
18+ }
19+ }
20+ tls {$APP_EMAIL} {
21+ on_demand
22+ }
23+ encode zstd gzip
24+}
25+
26+# subdomains and root app domain
27+*.{$APP_DOMAIN}, {$APP_DOMAIN} {
28+ reverse_proxy web:3000
29+ log {
30+ format append {
31+ server_id {$APP_DOMAIN}
32+ }
33+ }
34+ tls {$APP_EMAIL} {
35+ dns cloudflare {$CF_API_TOKEN}
36+ resolvers 1.1.1.1
37+ }
38+
39+ encode zstd gzip
40+
41+ header {
42+ # disable FLoC tracking
43+ ?Permissions-Policy interest-cohort=()
44+
45+ # enable HSTS
46+ ?Strict-Transport-Security max-age=31536000;
47+
48+ # disable clients from sniffing the media type
49+ ?X-Content-Type-Options nosniff
50+
51+ # clickjacking protection
52+ ?X-Frame-Options DENY
53+
54+ # keep referrer data off of HTTP connections
55+ ?Referrer-Policy no-referrer-when-downgrade
56+
57+ ?Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
58+
59+ ?X-XSS-Protection "1; mode=block"
60+ }
61+
62+ @caddymetrics {
63+ host {$APP_DOMAIN}
64+ path /_caddy/metrics
65+ }
66+
67+ metrics @caddymetrics {
68+ disable_openmetrics
69+ }
70+
71+ @sshmetrics {
72+ host {$APP_DOMAIN}
73+ path /_ssh/metrics
74+ }
75+
76+ handle @sshmetrics {
77+ rewrite * /metrics
78+ reverse_proxy ssh:9222
79+ }
80+
81+ @webmetrics {
82+ host {$APP_DOMAIN}
83+ path /_web/metrics
84+ }
85+
86+ handle @webmetrics {
87+ rewrite * /_metrics
88+ reverse_proxy web:3000
89+ }
90+}
91+
92+monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
93+ @grafana {
94+ host grafana.{$MONITORING_APP_DOMAIN}
95+ }
96+
97+ @prometheus {
98+ host prometheus.{$MONITORING_APP_DOMAIN}
99+ }
100+
101+ tls {$MONITORING_APP_EMAIL} {
102+ dns cloudflare {$CF_API_TOKEN}
103+ resolvers 1.1.1.1
104+ }
105+
106+ encode zstd gzip
107+
108+ reverse_proxy @grafana grafana:3000
109+
110+ basicauth @prometheus {
111+ eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
112+ antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
113+ bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
114+ }
115+ reverse_proxy @prometheus prometheus:9090
116+
117+ @caddymetrics {
118+ host monitoring.{$MONITORING_APP_DOMAIN}
119+ path /_caddy/metrics
120+ }
121+
122+ metrics @caddymetrics {
123+ disable_openmetrics
124+ }
125+}