Lucas/reverse-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
977b9d519598d9926176c6846faafa242a827222
reverse-proxy/Caddyfile
Lucas 7eed352192
Some checks failed
jenkins-ci Build failed
Details
feat(caddyfile): add nextcloud and onlyoffice support
2026-01-23 11:01:15 +00:00

303 lines
5.2 KiB
Caddyfile
Executable File
Raw Blame History

{
# Cache module
order cache before rewrite
cache {
ttl 10m
}
log {
output file /data/caddy_global.log
}
}
jenkins.lucasroyer.fr {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
}
# Large files
request_body {
max_size 512MB
}
# Compression
encode zstd gzip
# Log
log {
output file /data/jenkins_access.log
}
# Redirect
reverse_proxy jenkins:8080 {
flush_interval -1
}
}
portfolio.lucasroyer.fr {
# Server cache
cache {
ttl 24h
stale 12h
}
# Security
header {
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# Errors
handle_errors {
# If error is 502, 503 or 504, show error.html without changing client URL
@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
handle @service_out {
root * /srv
rewrite * /error.html
file_server
}
}
# Compression
encode zstd gzip
# Log
log {
output file /data/portfolio_access.log
}
# Redirect
reverse_proxy portfolio:80
}
gitea.lucasroyer.fr {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# Large files
request_body {
max_size 512MB
}
# Compression
encode zstd gzip
# Log
log {
output file /data/gitea_access.log
}
# Redirect
reverse_proxy gitea-app:3000 {
flush_interval -1
}
}
kuma.lucasroyer.fr {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# Compression
encode zstd gzip
# Log
log {
output file /data/kuma_access.log
}
# Redirect
reverse_proxy uptime-kuma:3001 {
}
}
n8n.lucasroyer.fr {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# Compression
encode zstd gzip
# Log
log {
output file /data/n8n_access.log
}
# Redirect
reverse_proxy n8n:5678 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
ntfy.lucasroyer.fr {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# No cache
header -Cache-Control
header -Expires
# Large files
request_body {
max_size 512MB
}
# Compression
encode gzip
# Log
log {
output file /data/ntfy_access.log
}
# Redirect
reverse_proxy ntfy:80 {
flush_interval -1
}
}
syncthing.lucasroyer.fr {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# Compression
encode zstd gzip
# Log
log {
output file /data/syncthing_access.log
}
# Redirect
reverse_proxy syncthing:8384 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
vaultwarden.lucasroyer.fr {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
}
# Compression
encode zstd gzip
# Log
log {
output file /data/vaultwarden_access.log
}
# Redirect
reverse_proxy vaultwarden:80 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
motsdepasse.interstices.pro {
# Security
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
}
# Compression
encode zstd gzip
# Log
log {
output file /data/vaultwarden_access.log
}
# Redirect
reverse_proxy vaultwarden-interstices:80 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
nextcloud.lucasroyer.fr {
# Large files
request_body {
max_size 10GB
}
# Compression
encode zstd gzip
# Log
log {
output file /data/nextcloud_access.log
}
# Redirect
reverse_proxy nextcloud-web:80 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
onlyoffice.lucasroyer.fr {
# Security
header {
Content-Security-Policy "frame-ancestors 'self' nextcloud.lucasroyer.fr"
X-Frame-Options "ALLOW-FROM https://nextcloud.lucasroyer.fr"
X-Content-Type-Options nosniff
}
# Compression
encode zstd gzip
# Redirect
reverse_proxy onlyoffice:80 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
Reference in New Issue View Git Blame Copy Permalink