From 102ee9a8e79e4d3a7e035ff13b01057cc6a94661 Mon Sep 17 00:00:00 2001
From: Lucas <lucasroyer.dev@gmail.com>
Date: Thu, 8 Jan 2026 16:29:28 +0000
Subject: [PATCH] Move reverse-proxy to jenkins, config upgrade

---
 .env               |   1 +
 Caddyfile          | 166 +++++++++++++++++++--------------------------
 Dockerfile         |  13 ++++
 Jenkinsfile        |  49 +++++++++++++
 docker-compose.yml |  15 +++-
 error.html         |  20 ++++++
 6 files changed, 167 insertions(+), 97 deletions(-)
 create mode 100644 .env
 create mode 100644 Dockerfile
 create mode 100644 Jenkinsfile
 create mode 100644 error.html

diff --git a/.env b/.env
new file mode 100644
index 0000000..730f570
--- /dev/null
+++ b/.env
@@ -0,0 +1 @@
+CADDY_VERSION=2.10.2
\ No newline at end of file
diff --git a/Caddyfile b/Caddyfile
index f91f99d..918d68e 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,99 +1,75 @@
-lucasroyer.fr,
-pro.lucasroyer.fr {
-	reverse_proxy site-perso:80
-	tls litvak@outlook.fr
-}
-nextcloud.lucasroyer.fr {
-	reverse_proxy nextcloud-web:80
-	tls litvak@outlook.fr
-}
-onlyoffice.lucasroyer.fr {
-	reverse_proxy onlyoffice-document-server:80
-	tls litvak@outlook.fr
-}
-vaultwarden.lucasroyer.fr {
-	reverse_proxy vaultwarden:80 {
-		header_up X-Real-IP {remote_host}
-		#		header_up X-Forwarded-For {remote_host}
-	}
-	tls litvak@outlook.fr
-}
-motsdepasse.interstices.pro {
-	reverse_proxy vaultwarden-interstices:80 {
-		header_up X-Real-IP {remote_host}
-		#		header_up X-Forwarded-For {remote_host}
-	}
-	tls litvak@outlook.fr
-}
-joplin.lucasroyer.fr {
-	reverse_proxy joplin-app:22300
-	tls litvak@outlook.fr
-}
-gitea.lucasroyer.fr {
-	reverse_proxy gitea-app:3000
-	tls litvak@outlook.fr
-}
-kuma.lucasroyer.fr {
-	reverse_proxy uptime-kuma:3001 {
-		transport http {
-			versions 1.1 2
-		}
-		header_up Host {host}
-	}
-	tls litvak@outlook.fr
-}
-uptime-cyrus.lucasroyer.fr {
-	reverse_proxy uptime-kuma-cyrus:3001 {
-		transport http {
-			versions 1.1 2
-		}
-		header_up Host {host}
-	}
-	tls litvak@outlook.fr
-}
-ntfy.lucasroyer.fr {
-	reverse_proxy ntfy:80
-	tls litvak@outlook.fr
-}
-syncthing.lucasroyer.fr {
-	reverse_proxy syncthing:8384
-	reverse_proxy syncthing:22000
-	tls litvak@outlook.fr
-}
-#test.lucasroyer.fr {
-#	reverse_proxy pignon-tablette:80
-#	tls litvak@outlook.fr
-#}
-veloboomboom.internantes.ovh, veloboomboom.lucasroyer.fr {
-	reverse_proxy site-veloboomboom:80
-	tls litvak@outlook.fr
-}
-n8n.lucasroyer.fr {
-	reverse_proxy n8n:5678
-	encode zstd gzip
-	log {
-		output file /var/log/caddy/n8n.access.log
+{
+	# Cache module
+	order cache before rewrite
+	cache {
+		ttl 10m
 	}
 }
-spationautes.fr {
-	reverse_proxy site-spationautes:80
-	tls litvak@outlook.fr
-}
-joomla.lucasroyer.fr {
-	reverse_proxy unix//var/run/docker.sock {
-		to joomla-app:9000
-	}
-	php_fastcgi joomla-app:9000
-	file_server
-}
-csv.lucasroyer.fr {
-	root * /srv/csv
-	file_server
-	header Content-Type "text/plain; charset=utf-8"
-}
-wiki.atelierdupignon.fr {
-	reverse_proxy bookstack-app:8080
-}
+
 jenkins.lucasroyer.fr {
-	reverse_proxy jenkins:8080
+	# Security
+	header {
+		X-Frame-Options "SAMEORIGIN"
+		X-Content-Type-Options "nosniff"
+		X-XSS-Protection "1; mode=block"
+	}
+
+	# Large files
+	request_body {
+		max_size 512MB
+	}
+
+	# Compression
+	encode zstd gzip
+
+	# Redirect
+	reverse_proxy jenkins:8080 {
+		flush_interval -1
+	}
+}
+
+portfolio.lucasroyer.fr {
+	# Cache
+	cache {
+		ttl 24h
+		stale 12h
+	}
+
+	# Security
+	header {
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+		X-Content-Type-Options "nosniff"
+		Referrer-Policy "strict-origin-when-cross-origin"
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	}
+
+	# Static files
+	@static {
+		path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
+	}
+	header @static Cache-Control "public, max-age=604800, must-revalidate"
+
+	# 4. Logs (pour voir tes stats de visites dans Docker)
+	log {
+		output file /data/portfolio_access.log
+	}
+
+	# Errors
+	handle_errors {
+		# If error is 502, 503 or 504, show error.html without changing client URL
+		@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
+
+		handle @service_out {
+			root * /srv
+			rewrite * /error.html
+			file_server
+		}
+	}
+
+	# Compression
+	encode zstd gzip
+
+	# Redirect
+	reverse_proxy portfolio:80
 }
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..de78b69
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,13 @@
+ARG CADDY_VERSION=2.10.2
+
+# --- BUILD ---
+# Add cache plugin
+FROM caddy:${CADDY_VERSION}-builder AS builder
+
+RUN xcaddy build \
+    --with github.com/caddyserver/cache-handler
+
+# --- DEPLOY ---
+FROM caddy:${CADDY_VERSION}
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
\ No newline at end of file
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..18406c4
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,49 @@
+pipeline {
+    agent any
+
+    stages {
+        stage('Check git...') {
+            steps {
+                checkout scm
+            }
+        }
+        stage('Build') {
+            steps {
+                echo "Build Caddy with cache plugin..."
+                sh "docker compose build --pull"
+            }
+        }
+        stage('Deploy') {
+            steps {
+                echo "Deploy new reverse proxy..."
+                sh "docker compose up -d"
+            }
+        }
+        stage('Check module...') {
+            steps {
+                script {
+                    // Ask caddy to list modules
+                    def modules = sh(script: "docker exec caddy-reverse-proxy caddy list-modules", returnStdout: true)
+                    if (modules.contains('http.handlers.cache')) {
+                        echo "Cache module activated"
+                    } else {
+                        error "Error : can't find cache module"
+                    }
+                }
+            }
+        }
+    }
+
+    post {
+        always { 
+            echo "Clean unused image..."
+            sh "docker image prune -f" 
+        }
+        success {
+            echo "Success !"
+        }
+        failure {
+            echo "Failed."
+        }
+    }
+}
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 71519a3..ffb9d48 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,12 +1,16 @@
 services:
   caddy:
-    image: caddy:alpine
+    build:
+      context: .
+      args:
+        CADDY_VERSION: ${CADDY_VERSION}
     container_name: caddy-reverse-proxy
     restart: always
     volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile
       - caddy_data:/data
       - caddy_config:/config
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./error.html:/srv/error.html:ro
       - /home/lucas/services/exposed_files/n8n/csv:/srv/csv:ro
     networks:
       - reverse-proxy
@@ -14,10 +18,17 @@ services:
       - "80:80"
       - "443:443"
       - "443:443/udp"
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
 
 volumes:
   caddy_data:
+    name: caddy_data
   caddy_config:
+    name: caddy_config
 
 networks:
   reverse-proxy:
diff --git a/error.html b/error.html
new file mode 100644
index 0000000..46093ad
--- /dev/null
+++ b/error.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+    <meta charset="UTF-8">
+    <title>Maintenance</title>
+    <style>
+        body { font-family: sans-serif; text-align: center; padding: 50px; background: #f4f4f4; }
+        .card { background: white; padding: 40px; border-radius: 10px; display: inline-block; box-shadow: 0 4px 6px rgba(0,0,0,0.1); }
+        h1 { color: #333; }
+        p { color: #666; }
+    </style>
+</head>
+<body>
+    <div class="card">
+        <h1>🛠️ Maintenance en cours</h1>
+        <p>Je suis en train de recoller les morceaux.</p>
+	<p>Revenez dans quelques instants !</p>
+    </div>
+</body>
+</html>
\ No newline at end of file