269 lines
7.4 KiB
Caddyfile
269 lines
7.4 KiB
Caddyfile
{
|
||
email {env.CLOUDFLARE_EMAIL}
|
||
acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
||
acme_ca https://acme-v02.api.letsencrypt.org/directory
|
||
debug
|
||
|
||
# WICHTIG: replace MUSS vor encode & vor reverse_proxy laufen
|
||
order replace before encode
|
||
order replace before reverse_proxy
|
||
}
|
||
# Prod: Neue Domains
|
||
www.bizmatch.net {
|
||
handle /pictures/* {
|
||
root * /home/aknuth/git/bizmatch-project-prod/bizmatch-server # Prod-Ordner
|
||
file_server
|
||
}
|
||
handle {
|
||
root * /home/aknuth/git/bizmatch-project-prod/bizmatch/dist/bizmatch/browser # Neuer Prod-Dist-Ordner
|
||
try_files {path} {path}/ /index.html
|
||
file_server
|
||
}
|
||
log {
|
||
output file /var/log/caddy/access.prod.log # Separate Logs
|
||
}
|
||
encode gzip
|
||
}
|
||
bizmatch.net {
|
||
redir https://www.bizmatch.net{uri} permanent
|
||
}
|
||
bayarea-cc.com {
|
||
# TLS-Direktive entfernen, falls Cloudflare die Verbindung terminiert
|
||
# tls {
|
||
# dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
||
# }
|
||
|
||
handle /api {
|
||
reverse_proxy host.docker.internal:3001
|
||
}
|
||
handle {
|
||
root * /app
|
||
try_files {path} /index.html
|
||
file_server
|
||
}
|
||
log {
|
||
output stderr
|
||
format console
|
||
}
|
||
encode gzip
|
||
}
|
||
www.bayarea-cc.com {
|
||
redir https://bayarea-cc.com{uri} permanent
|
||
}
|
||
fancytextstuff.com {
|
||
# wenn du API innerhalb von Next bedienst, weiterleiten an den Next Prozess
|
||
handle {
|
||
reverse_proxy host.docker.internal:3010
|
||
}
|
||
log {
|
||
output file /var/log/caddy/fancytext.log
|
||
format console
|
||
}
|
||
encode gzip
|
||
}
|
||
cielectrical.bayarea-cc.com {
|
||
# wenn du API innerhalb von Next bedienst, weiterleiten an den Next Prozess
|
||
handle {
|
||
reverse_proxy host.docker.internal:3000
|
||
}
|
||
log {
|
||
output file /var/log/caddy/cielectrical.log
|
||
format console
|
||
}
|
||
encode gzip
|
||
}
|
||
hamptonbrown.bayarea-cc.com {
|
||
# wenn du API innerhalb von Next bedienst, weiterleiten an den Next Prozess
|
||
handle {
|
||
reverse_proxy host.docker.internal:3010
|
||
}
|
||
log {
|
||
output file /var/log/caddy/hamptonbrown.log
|
||
format console
|
||
}
|
||
encode gzip
|
||
}
|
||
nqsltd.bayarea-cc.com {
|
||
# wenn du API innerhalb von Next bedienst, weiterleiten an den Next Prozess
|
||
handle {
|
||
reverse_proxy host.docker.internal:3020
|
||
}
|
||
log {
|
||
output file /var/log/caddy/nqsltd.log
|
||
format console
|
||
}
|
||
encode gzip
|
||
}
|
||
gregknoppcpa.bayarea-cc.com {
|
||
# wenn du API innerhalb von Next bedienst, weiterleiten an den Next Prozess
|
||
handle {
|
||
reverse_proxy host.docker.internal:3030
|
||
}
|
||
log {
|
||
output file /var/log/caddy/gregknoppcpa.log
|
||
format console
|
||
}
|
||
encode gzip
|
||
}
|
||
iitwelders.bayarea-cc.com {
|
||
# KEIN encode hier oben – wir setzen encode im route-Block, damit die Reihenfolge fix ist.
|
||
|
||
route {
|
||
# 1) Hole die Seite unkomprimiert vom Origin
|
||
reverse_proxy https://iitwelders.com {
|
||
header_up Host iitwelders.com
|
||
header_up Accept-Encoding identity # Origin soll NICHT komprimieren
|
||
transport http {
|
||
tls_server_name iitwelders.com
|
||
}
|
||
# falls doch mal Redirects kommen: Location-Header auf Proxy-Domain biegen
|
||
header_down Location https://iitwelders.bayarea-cc.com{uri}
|
||
}
|
||
|
||
# 2) Ersetze absolute iitwelders-Links in Text-Antworten (HTML, CSS, JS, JSON, XML etc.)
|
||
@text header Content-Type *text/* *javascript* *json* *xml*
|
||
replace @text {
|
||
https://iitwelders.com https://iitwelders.bayarea-cc.com
|
||
//iitwelders.com //iitwelders.bayarea-cc.com
|
||
}
|
||
|
||
# Optional: wenn du sehr große Seiten streamen willst (geringerer RAM, evtl. ohne Content-Length):
|
||
# replace @text {
|
||
# stream
|
||
# https://iitwelders.com https://iitwelders.bayarea-cc.com
|
||
# //iitwelders.com //iitwelders.bayarea-cc.com
|
||
# }
|
||
|
||
# 3) Zum Schluss komprimieren für den Client
|
||
encode zstd gzip
|
||
}
|
||
|
||
# Healthcheck
|
||
@health path /_health
|
||
respond @health "ok" 200
|
||
}
|
||
www.fancytextstuff.com {
|
||
redir https://fancytextstuff.com{uri} permanent
|
||
}
|
||
auth.bizmatch.net {
|
||
reverse_proxy https://bizmatch-net.firebaseapp.com {
|
||
header_up Host bizmatch-net.firebaseapp.com
|
||
header_up X-Forwarded-For {remote_host}
|
||
header_up X-Forwarded-Proto {scheme}
|
||
header_up X-Real-IP {remote_host}
|
||
}
|
||
}
|
||
gitea.bizmatch.net {
|
||
reverse_proxy gitea:3500
|
||
}
|
||
|
||
dev.bizmatch.net {
|
||
handle /pictures/* {
|
||
root * /home/aknuth/git/bizmatch-project/bizmatch-server
|
||
file_server
|
||
}
|
||
|
||
handle {
|
||
root * /home/aknuth/git/bizmatch-project/bizmatch/dist/bizmatch/browser
|
||
try_files {path} {path}/ /index.html
|
||
file_server
|
||
}
|
||
|
||
log {
|
||
output file /var/log/caddy/access.log {
|
||
roll_size 10MB
|
||
roll_keep 5
|
||
roll_keep_for 48h
|
||
}
|
||
}
|
||
|
||
encode gzip
|
||
|
||
}
|
||
|
||
# api-dev.bizmatch.net {
|
||
# reverse_proxy host.docker.internal:3000 {
|
||
# header_up X-Real-IP {http.request.header.CF-Connecting-IP}
|
||
# header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
|
||
# header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
|
||
# header_up CF-IPCountry {http.request.header.CF-IPCountry}
|
||
# }
|
||
# }
|
||
|
||
api.bizmatch.net {
|
||
reverse_proxy host.docker.internal:3001 { # Neu: Proxy auf Prod-Port 3001
|
||
header_up X-Real-IP {http.request.header.CF-Connecting-IP}
|
||
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
|
||
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
|
||
header_up CF-IPCountry {http.request.header.CF-IPCountry}
|
||
}
|
||
}
|
||
mailsync.bizmatch.net {
|
||
reverse_proxy host.docker.internal:5000 {
|
||
header_up X-Real-IP {http.request.header.CF-Connecting-IP}
|
||
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
|
||
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
|
||
header_up CF-IPCountry {http.request.header.CF-IPCountry}
|
||
}
|
||
}
|
||
|
||
mail.andreasknuth.de {
|
||
reverse_proxy nginx-mailcow:8080
|
||
}
|
||
web.email-bayarea.com {
|
||
reverse_proxy nginx-mailcow:8080
|
||
}
|
||
mail.email-srvr.com autodiscover.mail.email-srvr.com autoconfig.mail.email-srvr.com {
|
||
reverse_proxy nginx-mailcow:8080
|
||
}
|
||
# Roundcube für docker-mailserver
|
||
app.email-bayarea.com {
|
||
reverse_proxy roundcube-new:80
|
||
|
||
log {
|
||
output stderr
|
||
format console
|
||
}
|
||
|
||
encode gzip
|
||
}
|
||
|
||
# IMAP/SMTP Server für E-Mail-Clients
|
||
email-srvr.com {
|
||
# Für E-Mail-Client-Konfiguration (Autodiscover)
|
||
handle /.well-known/autoconfig/mail/config-v1.1.xml {
|
||
header Content-Type "application/xml"
|
||
respond `<?xml version="1.0" encoding="UTF-8"?>
|
||
<clientConfig version="1.1">
|
||
<emailProvider id="email-srvr.com">
|
||
<domain>andreasknuth.de</domain>
|
||
<displayName>Andreas Knuth Mail</displayName>
|
||
<displayShortName>AK Mail</displayShortName>
|
||
<incomingServer type="imap">
|
||
<hostname>email-srvr.com</hostname>
|
||
<port>993</port>
|
||
<socketType>SSL</socketType>
|
||
<authentication>password-cleartext</authentication>
|
||
<username>%EMAILADDRESS%</username>
|
||
</incomingServer>
|
||
<outgoingServer type="smtp">
|
||
<hostname>email-srvr.com</hostname>
|
||
<port>587</port>
|
||
<socketType>STARTTLS</socketType>
|
||
<authentication>password-cleartext</authentication>
|
||
<username>%EMAILADDRESS%</username>
|
||
</outgoingServer>
|
||
</emailProvider>
|
||
</clientConfig>`
|
||
}
|
||
|
||
# Fallback für andere Anfragen
|
||
handle {
|
||
respond "Mail Server Configuration" 200
|
||
}
|
||
|
||
log {
|
||
output stderr
|
||
format console
|
||
}
|
||
} |