homelab/caddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: homelab:7ec83f72c0becaf2670a80c951e869fe8f08a80d
Branches Tags
homelab:main homelab:franken-mini
..
compare: homelab:franken-mini
Branches Tags
homelab:main homelab:franken-mini

1 Commits
7ec83f72c0 ... franken-mi

Author SHA1 Message Date
Michael Housh
9ea8380f3d feat: Updates Caddyfile for franken-mini services 2025-03-20 12:37:24 -04:00
5 changed files with 13 additions and 197 deletions
Expand all files Collapse all files

55
.gitea/workflows/ci.yaml
View File

@@ -1,55 +0,0 @@
# name: CI
#
# on:
# push:
# branches:
# - main
# pull_request: {}
# workflow_dispatch: {}
#
# jobs:
# release:
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# with:
# lfs: true
#
# - name: Setup QEMU
# uses: docker/setup-qemu-action@v3
#
# - name: Setup docker buildx
# uses: docker/setup-buildx-action@v3
#
# - name: Login to Container Registery
# uses: docker/login-action@v3
# with:
# registry: git.housh.dev
# username: ${{ secrets.DOCKER_USERNAME }}
# password: ${{ secrets.DOCKER_PASSWORD }}
#
# - name: Extract metadata for Docker
# id: meta
# uses: docker/metadata-action@v5
# with:
# images: git.housh.dev/homelab/caddy
# tags: |
# type=schedule
# type=ref,event=branch
# type=ref,event=pr
# type=semver,pattern={{version}}
# type=semver,pattern={{major}}.{{minor}}
# type=semver,pattern={{major}}
# type=sha
# type=raw,value=latest
#
# - name: Build and push Docker image
# uses: docker/build-push-action@v6
# with:
# context: .
# file: ./Dockerfile
# platforms: linux/arm64
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}

10
Dockerfile
View File

@@ -1,3 +1,7 @@
FROM ghcr.io/authcrunch/authcrunch:latest
COPY ./config /etc/caddy
RUN /usr/bin/caddy fmt --overwrite /etc/caddy/Caddyfile
FROM docker.io/library/caddy:2.9.1-builder as builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM docker.io/library/caddy:2.9.1-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

17
README.md
View File

@@ -1,18 +1,3 @@
# caddy
Caddy reverse proxy, [caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy)
This repository includes the reverse-proxy for the domain's hosted under `*.housh.dev`. The primary
proxy is on the `main` branch, there are also proxies that run on each server, that can be found on
the other branches of this repository.
This allows TLS to all backend services from the `primary` proxy.
They all share the same `Dockerfile` and `compose.yaml` file, the only differences are the
`config/Caddyfile`.
## Usage
1. Clone the repository onto your host, or setup through your container manager (such as komodo).
2. Copy the `example.env` file to `.env` and update the environment variables.
3. Deploy the proxy `sudo docker compose --env-file .env up -d`
Caddy reverse proxy.

3
compose.yaml
View File

@@ -2,6 +2,7 @@ services:
caddy:
build:
context: .
dockerfile: Dockerfile
container_name: caddy
restart: unless-stopped
env_file:
@@ -17,7 +18,7 @@ services:
cap_add:
- NET_ADMIN
volumes:
- ./config:/etc/caddy
- ./config:/etc/caddy:z
- caddy_data:/data
- caddy_config:/config
networks:

125
config/Caddyfile
View File

@@ -1,135 +1,16 @@
{
email {env.ACME_EMAIL}
# Configure caddy-security.
order authenticate before respond
security {
oauth identity provider generic {
delay_start 3
realm generic
driver generic
client_id {env.OAUTH_CLIENT_ID}
client_secret {env.OAUTH_CLIENT_SECRET}
scopes openid email profile
base_auth_url https://id.housh.dev
metadata_url https://id.housh.dev/.well-known/openid-configuration
}
authentication portal myportal {
crypto default token lifetime 3600 # Seconds until you have to re-authenticate
enable identity provider generic
cookie insecure off # Set to "on" if you're not using HTTPS
transform user {
match realm generic
action add role user
}
}
authorization policy mypolicy {
set auth url /caddy-security/oauth2/generic
allow roles user
inject headers with claims
}
}
}
# Subdomains
*.housh.dev {
*.frankenmini.housh.dev {
tls {
dns cloudflare {env.CF_AUTH_TOKEN}
resolvers 1.1.1.1
}
@pos host po.housh.dev
handle @pos {
reverse_proxy http://roguemini.housh.dev:8082
}
@legacypos host legacy-po.housh.dev
handle @legacypos {
reverse_proxy http://roguemini.housh.dev:5000
}
@gitea host git.housh.dev
handle @gitea {
reverse_proxy gitea:3000
}
@dash host dash.housh.dev
handle @dash {
reverse_proxy http://roguemini.housh.dev:7575
}
@komodo host komo.housh.dev
handle @komodo {
reverse_proxy komodo:9120
}
@excalidraw host draw.housh.dev
handle @excalidraw {
reverse_proxy excalidraw:80
}
@uptimekuma host uptime.housh.dev
handle @uptimekuma {
reverse_proxy uptime_kuma:3001
}
@immich host photos.housh.dev
@immich host photos.frankenmini.housh.dev
handle @immich {
# Immich public proxy.
@public path /share /share/*
handle @public {
reverse_proxy http://frankenmini.housh.dev:3000
}
handle {
reverse_proxy http://frankenmini.housh.dev:2283
}
reverse_proxy immich-server:2283
}
@snapp host s.housh.dev
handle @snapp {
reverse_proxy http://roguemini.housh.dev:3000
}
@docs host docs.housh.dev
handle @docs {
@auth {
path /caddy-security/*
}
route @auth {
authenticate with myportal
}
route /* {
reverse_proxy docs:80
}
}
@pocket_id host id.housh.dev
handle @pocket_id {
reverse_proxy pocket-id:80
}
}
# Console
console.mightymini.housh.dev {
tls {
dns cloudflare {env.CF_AUTH_TOKEN}
resolvers 1.1.1.1
}
reverse_proxy https://192.168.50.6:9090 {
transport http {
tls_insecure_skip_verify
}
}
}