refacto: switch to new vps and jenkins integration

2026-01-08 16:41:52 +00:00
parent 6db43a1810
commit 9460c0ce83
8 changed files with 161 additions and 97 deletions
--- a/159
+++ b/159
@@ -1,99 +1,68 @@
-lucasroyer.fr,
-pro.lucasroyer.fr {
-	reverse_proxy site-perso:80
-	tls litvak@outlook.fr
-}
-nextcloud.lucasroyer.fr {
-	reverse_proxy nextcloud-web:80
-	tls litvak@outlook.fr
-}
-onlyoffice.lucasroyer.fr {
-	reverse_proxy onlyoffice-document-server:80
-	tls litvak@outlook.fr
-}
-vaultwarden.lucasroyer.fr {
-	reverse_proxy vaultwarden:80 {
-		header_up X-Real-IP {remote_host}
-		#		header_up X-Forwarded-For {remote_host}
-	}
-	tls litvak@outlook.fr
-}
-motsdepasse.interstices.pro {
-	reverse_proxy vaultwarden-interstices:80 {
-		header_up X-Real-IP {remote_host}
-		#		header_up X-Forwarded-For {remote_host}
-	}
-	tls litvak@outlook.fr
-}
-joplin.lucasroyer.fr {
-	reverse_proxy joplin-app:22300
-	tls litvak@outlook.fr
-}
-gitea.lucasroyer.fr {
-	reverse_proxy gitea-app:3000
-	tls litvak@outlook.fr
-}
-kuma.lucasroyer.fr {
-	reverse_proxy uptime-kuma:3001 {
-		transport http {
-			versions 1.1 2
-		}
-		header_up Host {host}
-	}
-	tls litvak@outlook.fr
-}
-uptime-cyrus.lucasroyer.fr {
-	reverse_proxy uptime-kuma-cyrus:3001 {
-		transport http {
-			versions 1.1 2
-		}
-		header_up Host {host}
-	}
-	tls litvak@outlook.fr
-}
-ntfy.lucasroyer.fr {
-	reverse_proxy ntfy:80
-	tls litvak@outlook.fr
-}
-syncthing.lucasroyer.fr {
-	reverse_proxy syncthing:8384
-	reverse_proxy syncthing:22000
-	tls litvak@outlook.fr
-}
-#test.lucasroyer.fr {
-#	reverse_proxy pignon-tablette:80
-#	tls litvak@outlook.fr
-#}
-veloboomboom.internantes.ovh, veloboomboom.lucasroyer.fr {
-	reverse_proxy site-veloboomboom:80
-	tls litvak@outlook.fr
-}
-n8n.lucasroyer.fr {
-	reverse_proxy n8n:5678
-	encode zstd gzip
-	log {
-		output file /var/log/caddy/n8n.access.log
+{
+	# Cache module
+	order cache before rewrite
+	cache {
+		ttl 10m
 	}
 }
-spationautes.fr {
-	reverse_proxy site-spationautes:80
-	tls litvak@outlook.fr
-}
-joomla.lucasroyer.fr {
-	reverse_proxy unix//var/run/docker.sock {
-		to joomla-app:9000
-	}
-	php_fastcgi joomla-app:9000
-	file_server
-}
-csv.lucasroyer.fr {
-	root * /srv/csv
-	file_server
-	header Content-Type "text/plain; charset=utf-8"
-}
-wiki.atelierdupignon.fr {
-	reverse_proxy bookstack-app:8080
-}
+
 jenkins.lucasroyer.fr {
-	reverse_proxy jenkins:8080
+	# Security
+	header {
+		X-Frame-Options "SAMEORIGIN"
+		X-Content-Type-Options "nosniff"
+		X-XSS-Protection "1; mode=block"
+	}
+
+	# Large files
+	request_body {
+		max_size 512MB
+	}
+
+	# Compression
+	encode zstd gzip
+
+	# Redirect
+	reverse_proxy jenkins:8080 {
+		flush_interval -1
+	}
+}
+
+portfolio.lucasroyer.fr {
+	# Server cache
+	cache {
+		ttl 24h
+		stale 12h
+	}
+	# Security
+	header {
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+		X-Content-Type-Options "nosniff"
+		Referrer-Policy "strict-origin-when-cross-origin"
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	}
+
+	# Log
+	log {
+		output file /data/portfolio_access.log
+	}
+
+	# Errors
+	handle_errors {
+		# If error is 502, 503 or 504, show error.html without changing client URL
+		@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
+
+		handle @service_out {
+			root * /srv
+			rewrite * /error.html
+			file_server
+		}
+	}
+
+	# Compression
+	encode zstd gzip
+
+	# Redirect
+	reverse_proxy portfolio:80
 }