{ # Cache module order cache before rewrite cache { ttl 10m } log { output file /data/caddy_global.log } } jenkins.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" } # Large files request_body { max_size 512MB } # Compression encode zstd gzip # Log log { output file /data/jenkins_access.log } # Redirect reverse_proxy jenkins:8080 { flush_interval -1 } } portfolio.lucasroyer.fr { # Server cache cache { ttl 24h stale 12h } # Security header { X-Frame-Options "DENY" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Errors handle_errors { # If error is 502, 503 or 504, show error.html without changing client URL @service_out expression {err.status_code} >= 502 && {err.status_code} <= 504 handle @service_out { root * /srv rewrite * /error.html file_server } } # Compression encode zstd gzip # Log log { output file /data/portfolio_access.log } # Redirect reverse_proxy portfolio:80 } gitea.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Large files request_body { max_size 512MB } # Compression encode zstd gzip # Log log { output file /data/gitea_access.log } # Redirect reverse_proxy gitea-app:3000 { flush_interval -1 } } kuma.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Compression encode zstd gzip # Log log { output file /data/uptime-kuma-lucas_access.log } # Redirect reverse_proxy uptime-kuma-lucas:3001 { } } uptime-cyrus.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Compression encode zstd gzip # Log log { output file /data/uptime-kuma-cyrus_access.log } # Redirect reverse_proxy uptime-kuma-cyrus:3001 { } } n8n.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Compression encode zstd gzip # Log log { output file /data/n8n_access.log } # Redirect reverse_proxy n8n:5678 { header_up Host {host} header_up X-Real-IP {remote_host} } } ntfy.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # No cache header -Cache-Control header -Expires # Large files request_body { max_size 512MB } # Compression encode gzip # Log log { output file /data/ntfy_access.log } # Redirect reverse_proxy ntfy:80 { flush_interval -1 } } syncthing.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Compression encode zstd gzip # Log log { output file /data/syncthing_access.log } # Redirect reverse_proxy syncthing:8384 { header_up Host {host} header_up X-Real-IP {remote_host} } } vaultwarden.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Permissions-Policy "geolocation=(), microphone=(), camera=()" } # Compression encode zstd gzip # Log log { output file /data/vaultwarden_access.log } # Redirect reverse_proxy vaultwarden:80 { header_up Host {host} header_up X-Real-IP {remote_host} } } motsdepasse.interstices.pro { # Security header { X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Permissions-Policy "geolocation=(), microphone=(), camera=()" } # Compression encode zstd gzip # Log log { output file /data/vaultwarden_access.log } # Redirect reverse_proxy vaultwarden-interstices:80 { header_up Host {host} header_up X-Real-IP {remote_host} } } nextcloud.lucasroyer.fr { # Security header { X-Frame-Options "SAMEORIGIN" X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" Referrer-Policy "no-referrer" Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" -Server } # Large files request_body { max_size 10GB } # Compression encode zstd gzip # Log log { output file /data/nextcloud_access.log } # Redirect reverse_proxy nextcloud-web:80 { header_up Host {host} header_up X-Real-IP {remote_host} header_down X-Frame-Options "SAMEORIGIN" header_down X-Content-Type-Options "nosniff" } } onlyoffice.lucasroyer.fr { # Security header { Content-Security-Policy "frame-ancestors 'self' nextcloud.lucasroyer.fr" X-Frame-Options "ALLOW-FROM https://nextcloud.lucasroyer.fr" X-Content-Type-Options nosniff } # Compression encode zstd gzip # Redirect reverse_proxy onlyoffice:80 { header_up Host {host} header_up X-Real-IP {remote_host} } } spationautes.fr { root * /srv/site-spationautes/html # Server cache cache { ttl 24h stale 12h } # Security header { X-Frame-Options "DENY" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Errors handle_errors { @service_out expression {err.status_code} >= 502 && {err.status_code} <= 504 handle @service_out { root * /srv rewrite * /error.html file_server } } # Compression encode zstd gzip # Log log { output file /data/site-spationautes_access.log } # Redirect file_server } veloboomboom.internantes.ovh, veloboomboom.lucasroyer.fr { # Server cache cache { ttl 24h stale 12h } # Security header { X-Frame-Options "DENY" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" } # Errors handle_errors { # If error is 502, 503 or 504, show error.html without changing client URL @service_out expression {err.status_code} >= 502 && {err.status_code} <= 504 handle @service_out { root * /srv rewrite * /error.html file_server } } # Compression encode zstd gzip # Log log { output file /data/site-veloboomboom_access.log } # Prod redirect @prod host veloboomboom.internantes.ovh handle @prod { root * /srv/site-veloboomboom/html-prod file_server } # Test redirect @test host veloboomboom.lucasroyer.fr handle @test { basic_auth { testuser $2a$14$hNv5hbag695p/jcyB.7qeOoCvqxQ0L6zyBptfHU15qnTtmivfXAea } root * /srv/site-veloboomboom/html file_server } # Fallback (si aucun des deux domaines ne match, bien que peu probable ici) handle { respond "Not Found" 404 } } csv.lucasroyer.fr { root * /srv/csv file_server browse header Content-Type "text/csv; charset=utf-8" header Access-Control-Allow-Origin "*" }