477 lines
9.2 KiB
Caddyfile
Executable File
477 lines
9.2 KiB
Caddyfile
Executable File
{
|
|
# Cache module
|
|
order cache before rewrite
|
|
cache {
|
|
ttl 10m
|
|
}
|
|
log {
|
|
output file /data/caddy_global.log
|
|
}
|
|
}
|
|
|
|
portfolio.lucasroyer.fr {
|
|
# Server cache
|
|
cache {
|
|
ttl 24h
|
|
stale 12h
|
|
}
|
|
# Security
|
|
header {
|
|
X-Frame-Options "DENY"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Errors
|
|
handle_errors {
|
|
# If error is 502, 503 or 504, show error.html without changing client URL
|
|
@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
|
|
|
|
handle @service_out {
|
|
root * /srv
|
|
rewrite * /error.html
|
|
file_server
|
|
}
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/portfolio_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy portfolio:80
|
|
}
|
|
|
|
gitea.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Large files
|
|
request_body {
|
|
max_size 512MB
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/gitea_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy gitea-app:3000 {
|
|
flush_interval -1
|
|
}
|
|
}
|
|
|
|
kuma.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/uptime-kuma-lucas_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy uptime-kuma-lucas:3001 {
|
|
}
|
|
}
|
|
|
|
uptime-cyrus.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/uptime-kuma-cyrus_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy uptime-kuma-cyrus:3001 {
|
|
}
|
|
}
|
|
|
|
n8n.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/n8n_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy n8n:5678 {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|
|
|
|
ntfy.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# No cache
|
|
header -Cache-Control
|
|
header -Expires
|
|
|
|
# Large files
|
|
request_body {
|
|
max_size 512MB
|
|
}
|
|
|
|
# Compression
|
|
encode gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/ntfy_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy ntfy:80 {
|
|
flush_interval -1
|
|
}
|
|
}
|
|
|
|
syncthing.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/syncthing_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy syncthing:8384 {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|
|
|
|
vaultwarden.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
Permissions-Policy "geolocation=(), microphone=(), camera=()"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/vaultwarden_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy vaultwarden-lucas:80 {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|
|
|
|
motsdepasse.interstices.pro {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
Permissions-Policy "geolocation=(), microphone=(), camera=()"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/vaultwarden_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy vaultwarden-interstices:80 {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|
|
|
|
nextcloud.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy "no-referrer"
|
|
Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
|
|
-Server
|
|
}
|
|
|
|
# Large files
|
|
request_body {
|
|
max_size 10GB
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/nextcloud_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy nextcloud-web:80 {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
header_down X-Frame-Options "SAMEORIGIN"
|
|
header_down X-Content-Type-Options "nosniff"
|
|
}
|
|
}
|
|
|
|
onlyoffice.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
Content-Security-Policy "frame-ancestors 'self' nextcloud.lucasroyer.fr"
|
|
X-Frame-Options "ALLOW-FROM https://nextcloud.lucasroyer.fr"
|
|
X-Content-Type-Options nosniff
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Redirect
|
|
reverse_proxy onlyoffice:80 {
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
}
|
|
|
|
spationautes.fr {
|
|
root * /srv/site-spationautes/html
|
|
|
|
# Server cache
|
|
cache {
|
|
ttl 24h
|
|
stale 12h
|
|
}
|
|
# Security
|
|
header {
|
|
X-Frame-Options "DENY"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Errors
|
|
handle_errors {
|
|
@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
|
|
handle @service_out {
|
|
root * /srv
|
|
rewrite * /error.html
|
|
file_server
|
|
}
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/site-spationautes_access.log
|
|
}
|
|
|
|
# Redirect
|
|
file_server
|
|
}
|
|
|
|
veloboomboom.internantes.ovh, veloboomboom.lucasroyer.fr {
|
|
# Server cache
|
|
cache {
|
|
ttl 24h
|
|
stale 12h
|
|
}
|
|
|
|
# Security
|
|
header {
|
|
X-Frame-Options "DENY"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Errors
|
|
handle_errors {
|
|
# If error is 502, 503 or 504, show error.html without changing client URL
|
|
@service_out expression {err.status_code} >= 502 && {err.status_code} <= 504
|
|
handle @service_out {
|
|
root * /srv
|
|
rewrite * /error.html
|
|
file_server
|
|
}
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/site-veloboomboom_access.log
|
|
}
|
|
|
|
# Prod redirect
|
|
@prod host veloboomboom.internantes.ovh
|
|
handle @prod {
|
|
root * /srv/site-veloboomboom/html-prod
|
|
file_server
|
|
}
|
|
|
|
# Test redirect
|
|
@test host veloboomboom.lucasroyer.fr
|
|
handle @test {
|
|
basic_auth {
|
|
testuser $2a$14$hNv5hbag695p/jcyB.7qeOoCvqxQ0L6zyBptfHU15qnTtmivfXAea
|
|
}
|
|
root * /srv/site-veloboomboom/html
|
|
file_server
|
|
}
|
|
|
|
# Fallback
|
|
handle {
|
|
respond "Not Found" 404
|
|
}
|
|
}
|
|
|
|
csv.lucasroyer.fr {
|
|
root * /srv/csv
|
|
file_server browse
|
|
|
|
header Content-Type "text/csv; charset=utf-8"
|
|
header Access-Control-Allow-Origin "*"
|
|
}
|
|
|
|
ghost.pauline.lucasroyer.fr {
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
X-XSS-Protection "1; mode=block"
|
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Log
|
|
log {
|
|
output file /data/pauline_ghost_access.log
|
|
}
|
|
|
|
# Redirect
|
|
reverse_proxy ghost:2368
|
|
}
|
|
|
|
paulinebouillaud.fr {
|
|
root * /var/www/html
|
|
|
|
# Security
|
|
header {
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-Content-Type-Options "nosniff"
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
X-XSS-Protection "1; mode=block"
|
|
Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.doubleclick.net; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self';"
|
|
}
|
|
|
|
# Compression
|
|
encode zstd gzip
|
|
|
|
# Logs
|
|
log {
|
|
output file /data/pauline_wordpress_access.log
|
|
}
|
|
|
|
# --- Wordpress FPM ---
|
|
file_server
|
|
|
|
php_fastcgi wordpress-app:9000 {
|
|
resolve_root_symlink
|
|
}
|
|
|
|
# Security
|
|
@forbidden {
|
|
path /xmlrpc.php
|
|
path /.htaccess
|
|
path /wp-config.php
|
|
path /readme.html
|
|
}
|
|
respond @forbidden 403
|
|
}
|