Compare commits
18 Commits
0f272032eb
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| ae6d1b775f | |||
| 9990b7deab | |||
| ca9f7bd31c | |||
| 530f808907 | |||
| 7840de0a44 | |||
| 488cd8eef4 | |||
| ecb0094904 | |||
| 3d56a9014c | |||
| 2e0b492a31 | |||
| 7aea3ba11e | |||
| 11ee033ed7 | |||
| 977b9d5195 | |||
| 1b338c9c82 | |||
| 7eed352192 | |||
| 6c5d460385 | |||
| 2bf5413fde | |||
| f41938b4eb | |||
| 2096f20516 |
425
Caddyfile
425
Caddyfile
@@ -9,33 +9,6 @@
|
||||
}
|
||||
}
|
||||
|
||||
jenkins.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
}
|
||||
|
||||
# Large files
|
||||
request_body {
|
||||
max_size 512MB
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/jenkins_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy jenkins:8080 {
|
||||
flush_interval -1
|
||||
}
|
||||
}
|
||||
|
||||
portfolio.lucasroyer.fr {
|
||||
# Server cache
|
||||
cache {
|
||||
@@ -103,3 +76,401 @@ gitea.lucasroyer.fr {
|
||||
flush_interval -1
|
||||
}
|
||||
}
|
||||
|
||||
kuma.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Content-Type-Options "nosniff"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/uptime-kuma-lucas_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy uptime-kuma-lucas:3001 {
|
||||
}
|
||||
}
|
||||
|
||||
uptime-cyrus.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Content-Type-Options "nosniff"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/uptime-kuma-cyrus_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy uptime-kuma-cyrus:3001 {
|
||||
}
|
||||
}
|
||||
|
||||
n8n.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/n8n_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy n8n:5678 {
|
||||
header_up Host {host}
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
}
|
||||
|
||||
ntfy.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
}
|
||||
|
||||
# No cache
|
||||
header -Cache-Control
|
||||
header -Expires
|
||||
|
||||
# Large files
|
||||
request_body {
|
||||
max_size 512MB
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/ntfy_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy ntfy:80 {
|
||||
flush_interval -1
|
||||
}
|
||||
}
|
||||
|
||||
syncthing.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/syncthing_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy syncthing:8384 {
|
||||
header_up Host {host}
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
}
|
||||
|
||||
vaultwarden.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
Permissions-Policy "geolocation=(), microphone=(), camera=()"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/vaultwarden_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy vaultwarden-lucas:80 {
|
||||
header_up Host {host}
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
}
|
||||
|
||||
motsdepasse.interstices.pro {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
Permissions-Policy "geolocation=(), microphone=(), camera=()"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/vaultwarden_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy vaultwarden-interstices:80 {
|
||||
header_up Host {host}
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
}
|
||||
|
||||
nextcloud.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "no-referrer"
|
||||
Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
|
||||
-Server
|
||||
}
|
||||
|
||||
# Large files
|
||||
request_body {
|
||||
max_size 10GB
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/nextcloud_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy nextcloud-web:80 {
|
||||
header_up Host {host}
|
||||
header_up X-Real-IP {remote_host}
|
||||
header_down X-Frame-Options "SAMEORIGIN"
|
||||
header_down X-Content-Type-Options "nosniff"
|
||||
}
|
||||
}
|
||||
|
||||
onlyoffice.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
Content-Security-Policy "frame-ancestors 'self' nextcloud.lucasroyer.fr"
|
||||
X-Frame-Options "ALLOW-FROM https://nextcloud.lucasroyer.fr"
|
||||
X-Content-Type-Options nosniff
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Redirect
|
||||
reverse_proxy onlyoffice:80 {
|
||||
header_up Host {host}
|
||||
header_up X-Real-IP {remote_host}
|
||||
}
|
||||
}
|
||||
|
||||
spationautes.fr {
|
||||
root * /srv/site-spationautes/html
|
||||
|
||||
# Server cache
|
||||
cache {
|
||||
ttl 24h
|
||||
stale 12h
|
||||
}
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "DENY"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Content-Type-Options "nosniff"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
}
|
||||
|
||||
# Errors
|
||||
handle_errors {
|
||||
@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
|
||||
handle @service_out {
|
||||
root * /srv
|
||||
rewrite * /error.html
|
||||
file_server
|
||||
}
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/site-spationautes_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
file_server
|
||||
}
|
||||
|
||||
veloboomboom.internantes.ovh, veloboomboom.lucasroyer.fr {
|
||||
# Server cache
|
||||
cache {
|
||||
ttl 24h
|
||||
stale 12h
|
||||
}
|
||||
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "DENY"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Content-Type-Options "nosniff"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
}
|
||||
|
||||
# Errors
|
||||
handle_errors {
|
||||
# If error is 502, 503 or 504, show error.html without changing client URL
|
||||
@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
|
||||
handle @service_out {
|
||||
root * /srv
|
||||
rewrite * /error.html
|
||||
file_server
|
||||
}
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/site-veloboomboom_access.log
|
||||
}
|
||||
|
||||
# Prod redirect
|
||||
@prod host veloboomboom.internantes.ovh
|
||||
handle @prod {
|
||||
root * /srv/site-veloboomboom/html-prod
|
||||
file_server
|
||||
}
|
||||
|
||||
# Test redirect
|
||||
@test host veloboomboom.lucasroyer.fr
|
||||
handle @test {
|
||||
basic_auth {
|
||||
testuser $2a$14$hNv5hbag695p/jcyB.7qeOoCvqxQ0L6zyBptfHU15qnTtmivfXAea
|
||||
}
|
||||
root * /srv/site-veloboomboom/html
|
||||
file_server
|
||||
}
|
||||
|
||||
# Fallback
|
||||
handle {
|
||||
respond "Not Found" 404
|
||||
}
|
||||
}
|
||||
|
||||
csv.lucasroyer.fr {
|
||||
root * /srv/csv
|
||||
file_server browse
|
||||
|
||||
header Content-Type "text/csv; charset=utf-8"
|
||||
header Access-Control-Allow-Origin "*"
|
||||
}
|
||||
|
||||
ghost.pauline.lucasroyer.fr {
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Log
|
||||
log {
|
||||
output file /data/pauline_ghost_access.log
|
||||
}
|
||||
|
||||
# Redirect
|
||||
reverse_proxy ghost:2368
|
||||
}
|
||||
|
||||
paulinebouillaud.fr {
|
||||
root * /var/www/html
|
||||
|
||||
# Security
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-Content-Type-Options "nosniff"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.doubleclick.net; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self';"
|
||||
}
|
||||
|
||||
# Compression
|
||||
encode zstd gzip
|
||||
|
||||
# Logs
|
||||
log {
|
||||
output file /data/pauline_wordpress_access.log
|
||||
}
|
||||
|
||||
# --- Wordpress FPM ---
|
||||
file_server
|
||||
|
||||
php_fastcgi wordpress-app:9000 {
|
||||
resolve_root_symlink
|
||||
}
|
||||
|
||||
# Security
|
||||
@forbidden {
|
||||
path /xmlrpc.php
|
||||
path /.htaccess
|
||||
path /wp-config.php
|
||||
path /readme.html
|
||||
}
|
||||
respond @forbidden 403
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
ARG CADDY_VERSION=2.10.2
|
||||
ARG CADDY_VERSION=2.10.2-alpine
|
||||
|
||||
# --- BUILD ---
|
||||
# Add cache plugin
|
||||
|
||||
14
Jenkinsfile
vendored
14
Jenkinsfile
vendored
@@ -4,6 +4,7 @@ pipeline {
|
||||
environment {
|
||||
GITEA_REPO_PATH = "lucas/reverse-proxy"
|
||||
GITEA_API_URL = "https://gitea.lucasroyer.fr/api/v1"
|
||||
DOCKER_HOST = "unix:///run/user/1001/docker.sock"
|
||||
}
|
||||
|
||||
stages {
|
||||
@@ -42,6 +43,19 @@ pipeline {
|
||||
post {
|
||||
always {
|
||||
script {
|
||||
echo "Waiting for Gitea to be online..."
|
||||
|
||||
// Try to reac gitea API for 12 tries of 10s (2 minutes)
|
||||
timeout(time: 2, unit: 'MINUTES') {
|
||||
waitUntil {
|
||||
def status = sh(
|
||||
script: "curl -s -o /dev/null -w '%{http_code}' ${GITEA_API_URL}/version || true",
|
||||
returnStdout: true
|
||||
).trim()
|
||||
return (status == '200')
|
||||
}
|
||||
}
|
||||
|
||||
echo "Send Gitea check..."
|
||||
// Get and store SHA
|
||||
def commitSha = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
|
||||
|
||||
@@ -12,24 +12,25 @@ services:
|
||||
- caddy_config:/config
|
||||
- /home/lucas/services/reverse-proxy/Caddyfile:/etc/caddy/Caddyfile
|
||||
- /home/lucas/services/reverse-proxy/error.html:/srv/error.html:ro
|
||||
- /home/lucas/services/exposed_files/n8n/csv:/srv/csv:ro
|
||||
- /home/lucas/services/n8n/local-files/csv:/srv/csv:ro
|
||||
- /home/lucas/services/static-sites/site-spationautes:/srv/site-spationautes:ro
|
||||
- /home/lucas/services/static-sites/site-veloboomboom:/srv/site-veloboomboom:ro
|
||||
- wp_data:/var/www/html:ro
|
||||
networks:
|
||||
- reverse-proxy
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "443:443/udp"
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "10m"
|
||||
max-file: "3"
|
||||
|
||||
volumes:
|
||||
caddy_data:
|
||||
name: caddy_data
|
||||
caddy_config:
|
||||
name: caddy_config
|
||||
wp_data:
|
||||
external: true
|
||||
name : wordpress_wp_data
|
||||
|
||||
networks:
|
||||
reverse-proxy:
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
docker exec caddy-reverse-proxy caddy fmt --overwrite /etc/caddy/Caddyfile
|
||||
if docker exec caddy-reverse-proxy caddy validate --config /etc/caddy/Caddyfile; then
|
||||
echo "File checked, reloading..."
|
||||
docker exec caddy-reverse-proxy caddy reload --config /etc/caddy/Caddyfile
|
||||
|
||||
echo 'Caddyfile reloaded'
|
||||
echo "Caddyfile reloaded."
|
||||
else
|
||||
echo "ERREUR : invalid config."
|
||||
docker exec caddy-reverse-proxy caddy validate --config /etc/caddy/Caddyfile
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user