Lucas/reverse-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move reverse-proxy to jenkins, config upgrade

Browse Source
This commit is contained in:
Lucas
2026-01-08 16:29:28 +00:00
parent 261fa9e15d
commit 102ee9a8e7
6 changed files with 167 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env Normal file
View File

@@ -0,0 +1 @@
CADDY_VERSION=2.10.2

166
Caddyfile
View File

@@ -1,99 +1,75 @@
lucasroyer.fr,
pro.lucasroyer.fr {
reverse_proxy site-perso:80
tls litvak@outlook.fr
}
nextcloud.lucasroyer.fr {
reverse_proxy nextcloud-web:80
tls litvak@outlook.fr
}
onlyoffice.lucasroyer.fr {
reverse_proxy onlyoffice-document-server:80
tls litvak@outlook.fr
}
vaultwarden.lucasroyer.fr {
reverse_proxy vaultwarden:80 {
header_up X-Real-IP {remote_host}
# header_up X-Forwarded-For {remote_host}
}
tls litvak@outlook.fr
}
motsdepasse.interstices.pro {
reverse_proxy vaultwarden-interstices:80 {
header_up X-Real-IP {remote_host}
# header_up X-Forwarded-For {remote_host}
}
tls litvak@outlook.fr
}
joplin.lucasroyer.fr {
reverse_proxy joplin-app:22300
tls litvak@outlook.fr
}
gitea.lucasroyer.fr {
reverse_proxy gitea-app:3000
tls litvak@outlook.fr
}
kuma.lucasroyer.fr {
reverse_proxy uptime-kuma:3001 {
transport http {
versions 1.1 2
}
header_up Host {host}
}
tls litvak@outlook.fr
}
uptime-cyrus.lucasroyer.fr {
reverse_proxy uptime-kuma-cyrus:3001 {
transport http {
versions 1.1 2
}
header_up Host {host}
}
tls litvak@outlook.fr
}
ntfy.lucasroyer.fr {
reverse_proxy ntfy:80
tls litvak@outlook.fr
}
syncthing.lucasroyer.fr {
reverse_proxy syncthing:8384
reverse_proxy syncthing:22000
tls litvak@outlook.fr
}
#test.lucasroyer.fr {
# reverse_proxy pignon-tablette:80
# tls litvak@outlook.fr
#}
veloboomboom.internantes.ovh, veloboomboom.lucasroyer.fr {
reverse_proxy site-veloboomboom:80
tls litvak@outlook.fr
}
n8n.lucasroyer.fr {
reverse_proxy n8n:5678
encode zstd gzip
log {
output file /var/log/caddy/n8n.access.log
{
# Cache module
order cache before rewrite
cache {
ttl 10m
}
}
spationautes.fr {
reverse_proxy site-spationautes:80
tls litvak@outlook.fr
}
joomla.lucasroyer.fr {
reverse_proxy unix//var/run/docker.sock {
to joomla-app:9000
}
php_fastcgi joomla-app:9000
file_server
}
csv.lucasroyer.fr {
root * /srv/csv
file_server
header Content-Type "text/plain; charset=utf-8"
}
wiki.atelierdupignon.fr {
reverse_proxy bookstack-app:8080
}
jenkins.lucasroyer.fr {
reverse_proxy jenkins:8080
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
}
# Large files
request_body {
max_size 512MB
}
# Compression
encode zstd gzip
# Redirect
reverse_proxy jenkins:8080 {
flush_interval -1
}
}
portfolio.lucasroyer.fr {
# Cache
cache {
ttl 24h
stale 12h
}
# Security
header {
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# Static files
@static {
path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.woff2
}
header @static Cache-Control "public, max-age=604800, must-revalidate"
# 4. Logs (pour voir tes stats de visites dans Docker)
log {
output file /data/portfolio_access.log
}
# Errors
handle_errors {
# If error is 502, 503 or 504, show error.html without changing client URL
@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
handle @service_out {
root * /srv
rewrite * /error.html
file_server
}
}
# Compression
encode zstd gzip
# Redirect
reverse_proxy portfolio:80
}

13
Dockerfile Normal file
View File

@@ -0,0 +1,13 @@
ARG CADDY_VERSION=2.10.2
# --- BUILD ---
# Add cache plugin
FROM caddy:${CADDY_VERSION}-builder AS builder
RUN xcaddy build \
--with github.com/caddyserver/cache-handler
# --- DEPLOY ---
FROM caddy:${CADDY_VERSION}
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

49
Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,49 @@
pipeline {
agent any
stages {
stage('Check git...') {
steps {
checkout scm
}
}
stage('Build') {
steps {
echo "Build Caddy with cache plugin..."
sh "docker compose build --pull"
}
}
stage('Deploy') {
steps {
echo "Deploy new reverse proxy..."
sh "docker compose up -d"
}
}
stage('Check module...') {
steps {
script {
// Ask caddy to list modules
def modules = sh(script: "docker exec caddy-reverse-proxy caddy list-modules", returnStdout: true)
if (modules.contains('http.handlers.cache')) {
echo "Cache module activated"
} else {
error "Error : can't find cache module"
}
}
}
}
}
post {
always {
echo "Clean unused image..."
sh "docker image prune -f"
}
success {
echo "Success !"
}
failure {
echo "Failed."
}
}
}

15
docker-compose.yml
View File

@@ -1,12 +1,16 @@
services:
caddy:
image: caddy:alpine
build:
context: .
args:
CADDY_VERSION: ${CADDY_VERSION}
container_name: caddy-reverse-proxy
restart: always
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
- ./Caddyfile:/etc/caddy/Caddyfile
- ./error.html:/srv/error.html:ro
- /home/lucas/services/exposed_files/n8n/csv:/srv/csv:ro
networks:
- reverse-proxy
@@ -14,10 +18,17 @@ services:
- "80:80"
- "443:443"
- "443:443/udp"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
volumes:
caddy_data:
name: caddy_data
caddy_config:
name: caddy_config
networks:
reverse-proxy:

20
error.html Normal file
View File

@@ -0,0 +1,20 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<title>Maintenance</title>
<style>
body { font-family: sans-serif; text-align: center; padding: 50px; background: #f4f4f4; }
.card { background: white; padding: 40px; border-radius: 10px; display: inline-block; box-shadow: 0 4px 6px rgba(0,0,0,0.1); }
h1 { color: #333; }
p { color: #666; }
</style>
</head>
<body>
<div class="card">
<h1>🛠️ Maintenance en cours</h1>
<p>Je suis en train de recoller les morceaux.</p>
<p>Revenez dans quelques instants !</p>
</div>
</body>
</html>