diff --git a/.gitignore b/.gitignore index 8b13789..45cec20 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +/*.tar.gz diff --git a/Makefile b/Makefile index 9cace6c..f4125f9 100644 --- a/Makefile +++ b/Makefile @@ -11,17 +11,18 @@ #// // #////////////////////////////////////////////////////////////// -ADMIN_SERVICES := openssh uptime-kuma yacht -BLOG_SERVICES := wordpress -7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup -MINECRAFT_SERVICES := minecraft_server minecraft_backup -SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup -GIT_SERVICES := forgejo forgejo-runner +ADMIN_SERVICES := openssh +#uptime-kuma yacht +#BLOG_SERVICES := wordpress +#7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup +#MINECRAFT_SERVICES := minecraft_server minecraft_backup +#SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup +#GIT_SERVICES := forgejo forgejo-runner # gitea gitea-runner -IA_SERVICES := open-webui -SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing -TORRENTS_SERVICES := qbittorrent transmission -UTILS_SERVICES := it-tools stirlingpdf omni-tools +#IA_SERVICES := open-webui +#SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing +#TORRENTS_SERVICES := qbittorrent transmission +#UTILS_SERVICES := it-tools stirlingpdf omni-tools MAIN_SERVICES := main_infrastructure caddy homepage diff --git a/README.md b/README.md index 370c38a..bf49d66 100644 --- a/README.md +++ b/README.md @@ -121,10 +121,6 @@ And then, caddy will generate the certificate for you and renew it automatically | [public.bensuperpc.org](https://public.bensuperpc.org) | Sub | Caddy for file sharing | | [memos.bensuperpc.org](https://memos.bensuperpc.org) | Sub | Caddy for file sharing | | [stirlingpdf.bensuperpc.org](https://stirlingpdf.bensuperpc.org) | Sub | Stirling PDF tools | -| bensuperpc.com | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) | -| bensuperpc.fr | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) | -| bensuperpc.net | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) | -| bensuperpc.ovh | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) | ### Configure the infrastructure diff --git a/infrastructure/services/caddy/config/Caddyfile b/infrastructure/services/caddy/config/Caddyfile index 6b67cae..6cc5b43 100644 --- a/infrastructure/services/caddy/config/Caddyfile +++ b/infrastructure/services/caddy/config/Caddyfile @@ -3,13 +3,13 @@ key_type p384 log { - output file /data/logs/access.log + output file /data/logs/access.log { + roll_size 1GiB + roll_keep 20 + roll_keep_for 720h + } format json } } -import bensuperpc.org/* -import bensuperpc.com/* -import bensuperpc.net/* -import bensuperpc.ovh/* -import bensuperpc.fr/* +import website/* diff --git a/infrastructure/services/caddy/config/bensuperpc.com/Caddyfile b/infrastructure/services/caddy/config/bensuperpc.com/Caddyfile deleted file mode 100644 index 380d09a..0000000 --- a/infrastructure/services/caddy/config/bensuperpc.com/Caddyfile +++ /dev/null @@ -1,7 +0,0 @@ -bensuperpc.com { - redir https://www.bensuperpc.org{uri} permanent -} - -www.bensuperpc.com { - redir https://www.bensuperpc.org{uri} permanent -} diff --git a/infrastructure/services/caddy/config/bensuperpc.fr/Caddyfile b/infrastructure/services/caddy/config/bensuperpc.fr/Caddyfile deleted file mode 100644 index 897e5f0..0000000 --- a/infrastructure/services/caddy/config/bensuperpc.fr/Caddyfile +++ /dev/null @@ -1,7 +0,0 @@ -bensuperpc.fr { - redir https://www.bensuperpc.org{uri} permanent -} - -www.bensuperpc.fr { - redir https://www.bensuperpc.org{uri} permanent -} diff --git a/infrastructure/services/caddy/config/bensuperpc.net/Caddyfile b/infrastructure/services/caddy/config/bensuperpc.net/Caddyfile deleted file mode 100644 index e64d568..0000000 --- a/infrastructure/services/caddy/config/bensuperpc.net/Caddyfile +++ /dev/null @@ -1,19 +0,0 @@ -bensuperpc.net { - redir https://www.bensuperpc.org{uri} permanent -} - -www.bensuperpc.net { - redir https://www.bensuperpc.org{uri} permanent -} - -git.bensuperpc.net { - redir https://git.bensuperpc.org{uri} permanent -} - -jellyfin.bensuperpc.net { - redir https://jellyfin.bensuperpc.org{uri} permanent -} - -uptimekuma.bensuperpc.net { - redir https://uptimekuma.bensuperpc.org{uri} permanent -} diff --git a/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile b/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile deleted file mode 100644 index 5d00f8a..0000000 --- a/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile +++ /dev/null @@ -1,184 +0,0 @@ -www.{$MAIN_DOMAIN} { - reverse_proxy homepage:3000 -} - -{$MAIN_DOMAIN} { - redir https://www.{host}{uri} permanent -} - -homepage.{$MAIN_DOMAIN} { - redir https://www.{$MAIN_DOMAIN}{uri} permanent -} - -public.{$MAIN_DOMAIN} { - root * /public_data - file_server browse -} - -wordpress.{$MAIN_DOMAIN} { - root * /var/www/html - php_fastcgi wordpress:9000 - - file_server - encode zstd gzip - - @disallowed { - path /xmlrpc.php - path *.sql - path /wp-content/uploads/*.php - } - - rewrite @disallowed '/index.php' - - respond /uploads/*.php 404 - - header { - # disable FLoC tracking - Permissions-Policy interest-cohort=() - - # enable HSTS - Strict-Transport-Security max-age=31536000; - - # disable clients from sniffing the media type - X-Content-Type-Options nosniff - - # clickjacking protection - # X-Frame-Options DENY - - # Disable powerful features we don't need - Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()" - } -} - -it-tools.{$MAIN_DOMAIN} { - # Load balance between 2 instances - reverse_proxy { - to it-tools0:80 it-tools1:80 - lb_policy round_robin - lb_retries 3 - lb_try_interval 1s - } -} - -omni-tools.{$MAIN_DOMAIN} { - # Load balance between 2 instances - reverse_proxy { - to omni-tools0:80 omni-tools1:80 - lb_policy round_robin - lb_retries 3 - lb_try_interval 1s - } -} - -uptimekuma.{$MAIN_DOMAIN} { - reverse_proxy uptime-kuma:3001 -} - -torrent.{$MAIN_DOMAIN} { - reverse_proxy qbittorrent:8080 -} - -qbittorrent.{$MAIN_DOMAIN} { - redir https://torrent.{$MAIN_DOMAIN} permanent -} - -transmission.{$MAIN_DOMAIN} { - reverse_proxy transmission:9091 -} - -gitea.{$MAIN_DOMAIN} { - reverse_proxy gitea:3000 -} - -git.{$MAIN_DOMAIN} { - reverse_proxy forgejo:3000 -} - -forgejo.{$MAIN_DOMAIN} { - redir https://git.{$MAIN_DOMAIN}{uri} permanent -} - -jellyfin.{$MAIN_DOMAIN} { - reverse_proxy jellyfin:8096 -} - -transfer.{$MAIN_DOMAIN} { - reverse_proxy psitransfer:3000 -} - -psitransfer.{$MAIN_DOMAIN} { - redir https://transfer.{$MAIN_DOMAIN}{uri} permanent -} - -picoshare.{$MAIN_DOMAIN} { - reverse_proxy picoshare:4001 -} - -syncthing.{$MAIN_DOMAIN} { - reverse_proxy syncthing:8384 { - header_up Host {upstream_hostport} - } -} - -privatebin.{$MAIN_DOMAIN} { - reverse_proxy privatebin:8080 -} - -pastebin.{$MAIN_DOMAIN} { - redir https://privatebin.{$MAIN_DOMAIN} permanent -} - -yacht.{$MAIN_DOMAIN} { - reverse_proxy yacht:8000 -} - -projectsend.{$MAIN_DOMAIN} { - reverse_proxy projectsend:80 -} - -dufs.{$MAIN_DOMAIN} { - reverse_proxy dufs:5000 -} - -stirlingpdf.{$MAIN_DOMAIN} { - reverse_proxy stirlingpdf:8080 -} - -memos.{$MAIN_DOMAIN} { - reverse_proxy memos:5230 -} - -open-webui.{$MAIN_DOMAIN} { - reverse_proxy open-webui:8080 -} - -link.{$MAIN_DOMAIN} { - # TODO: Use service with database - # Friendly links - redir /gnous https://gnous.eu permanent - redir /proxy https://imagisphe.re permanent - redir /patch https://spaceint.fr permanent - redir /greep https://greep.fr permanent - - # Youtube links - redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent - redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent - redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent - redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent - redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent - redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent - redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent - redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent - redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent - redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent - redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent - redir /lechanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent - redir /nohero https://youtu.be/4DuUejBkMqE?si=bkB8G6PHwCp56jxb permanent - redir /indochine https://youtu.be/M7X6oYg6iro?si=ZRarm3qamTJ8vIJ0 permanent - redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent - redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent - redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent - redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent - redir /train https://youtu.be/l8mScKWj3kQ?si=BV07uJ9eP3kzV9Kl permanent - redir /jdg https://www.youtube.com/@joueurdugrenier permanent -} diff --git a/infrastructure/services/caddy/config/bensuperpc.ovh/Caddyfile b/infrastructure/services/caddy/config/bensuperpc.ovh/Caddyfile deleted file mode 100644 index 703214f..0000000 --- a/infrastructure/services/caddy/config/bensuperpc.ovh/Caddyfile +++ /dev/null @@ -1,7 +0,0 @@ -bensuperpc.ovh { - redir https://www.bensuperpc.org{uri} permanent -} - -www.bensuperpc.ovh { - redir https://www.bensuperpc.org{uri} permanent -} diff --git a/infrastructure/services/caddy/config/website/dufs.caddy b/infrastructure/services/caddy/config/website/dufs.caddy new file mode 100644 index 0000000..1684fba --- /dev/null +++ b/infrastructure/services/caddy/config/website/dufs.caddy @@ -0,0 +1,5 @@ +import header.caddy + +dufs.{$MAIN_DOMAIN} { + reverse_proxy dufs:5000 +} diff --git a/infrastructure/services/caddy/config/website/forgejo.caddy b/infrastructure/services/caddy/config/website/forgejo.caddy new file mode 100644 index 0000000..7732ad7 --- /dev/null +++ b/infrastructure/services/caddy/config/website/forgejo.caddy @@ -0,0 +1,9 @@ +import header.caddy + +git.{$MAIN_DOMAIN} { + reverse_proxy forgejo:3000 +} + +forgejo.{$MAIN_DOMAIN} { + redir https://git.{$MAIN_DOMAIN}{uri} permanent +} diff --git a/infrastructure/services/caddy/config/website/gitea.caddy b/infrastructure/services/caddy/config/website/gitea.caddy new file mode 100644 index 0000000..4dac03a --- /dev/null +++ b/infrastructure/services/caddy/config/website/gitea.caddy @@ -0,0 +1,5 @@ +import header.caddy + +gitea.{$MAIN_DOMAIN} { + reverse_proxy gitea:3000 +} diff --git a/infrastructure/services/caddy/config/website/header.caddy b/infrastructure/services/caddy/config/website/header.caddy new file mode 100644 index 0000000..68bf659 --- /dev/null +++ b/infrastructure/services/caddy/config/website/header.caddy @@ -0,0 +1,14 @@ +(header_common) { + Permissions-Policy: geolocation=(), camera=(), microphone=(), clipboard-read=(), usb=() + Strict-Transport-Security: max-age=31536000; includeSubDomains + X-Content-Type-Options: nosniff + X-Frame-Options: DENY + Referrer-Policy: strict-origin-when-cross-origin + # Only useful for old browsers + X-XSS-Protection: "1; mode=block" + + # Can cause issues with external resources + #Cross-Origin-Embedder-Policy: require-corp + Cross-Origin-Opener-Policy: same-origin + #Cross-Origin-Resource-Policy: same-origin +} diff --git a/infrastructure/services/caddy/config/website/homepage.caddy b/infrastructure/services/caddy/config/website/homepage.caddy new file mode 100644 index 0000000..f779d2e --- /dev/null +++ b/infrastructure/services/caddy/config/website/homepage.caddy @@ -0,0 +1,5 @@ +import header.caddy + +homepage.{$MAIN_DOMAIN} { + redir reverse_proxy homepage:3000 +} diff --git a/infrastructure/services/caddy/config/website/it-tools.caddy b/infrastructure/services/caddy/config/website/it-tools.caddy new file mode 100644 index 0000000..1b8f2e3 --- /dev/null +++ b/infrastructure/services/caddy/config/website/it-tools.caddy @@ -0,0 +1,11 @@ +import header.caddy + +it-tools.{$MAIN_DOMAIN} { + # Load balance between 2 instances + reverse_proxy { + to it-tools0:80 it-tools1:80 + lb_policy round_robin + lb_retries 3 + lb_try_interval 1s + } +} diff --git a/infrastructure/services/caddy/config/website/jellyfin.caddy b/infrastructure/services/caddy/config/website/jellyfin.caddy new file mode 100644 index 0000000..e442667 --- /dev/null +++ b/infrastructure/services/caddy/config/website/jellyfin.caddy @@ -0,0 +1,5 @@ +import header.caddy + +jellyfin.{$MAIN_DOMAIN} { + reverse_proxy jellyfin:8096 +} diff --git a/infrastructure/services/caddy/config/website/main.caddy b/infrastructure/services/caddy/config/website/main.caddy new file mode 100644 index 0000000..e4928c1 --- /dev/null +++ b/infrastructure/services/caddy/config/website/main.caddy @@ -0,0 +1,29 @@ +import header.caddy + +www.{$MAIN_DOMAIN} { + header { + Cache-Control "public, max-age=10" + import header_common + } + + handle_errors { + @notFound expression `{http.error.status_code} == 404` + redir @notFound https://www.{$MAIN_DOMAIN} permanent + } + + reverse_proxy homepage:3000 +} + +{$MAIN_DOMAIN} { + redir https://www.{host}{uri} permanent +} + +public.{$MAIN_DOMAIN} { + root * /public_data + file_server browse + + header / { + Cache-Control "no-store" + import header_common + } +} diff --git a/infrastructure/services/caddy/config/website/memos.caddy b/infrastructure/services/caddy/config/website/memos.caddy new file mode 100644 index 0000000..cdc42a7 --- /dev/null +++ b/infrastructure/services/caddy/config/website/memos.caddy @@ -0,0 +1,5 @@ +import header.caddy + +memos.{$MAIN_DOMAIN} { + reverse_proxy memos:5230 +} diff --git a/infrastructure/services/caddy/config/website/omni-tools.caddy b/infrastructure/services/caddy/config/website/omni-tools.caddy new file mode 100644 index 0000000..97890c4 --- /dev/null +++ b/infrastructure/services/caddy/config/website/omni-tools.caddy @@ -0,0 +1,11 @@ +import header.caddy + +omni-tools.{$MAIN_DOMAIN} { + # Load balance between 2 instances + reverse_proxy { + to omni-tools0:80 omni-tools1:80 + lb_policy round_robin + lb_retries 3 + lb_try_interval 1s + } +} diff --git a/infrastructure/services/caddy/config/website/open-webui.caddy b/infrastructure/services/caddy/config/website/open-webui.caddy new file mode 100644 index 0000000..6082023 --- /dev/null +++ b/infrastructure/services/caddy/config/website/open-webui.caddy @@ -0,0 +1,5 @@ +import header.caddy + +open-webui.{$MAIN_DOMAIN} { + reverse_proxy open-webui:8080 +} diff --git a/infrastructure/services/caddy/config/website/picoshare.caddy b/infrastructure/services/caddy/config/website/picoshare.caddy new file mode 100644 index 0000000..f0f9890 --- /dev/null +++ b/infrastructure/services/caddy/config/website/picoshare.caddy @@ -0,0 +1,5 @@ +import header.caddy + +picoshare.{$MAIN_DOMAIN} { + reverse_proxy picoshare:4001 +} diff --git a/infrastructure/services/caddy/config/website/privatebin.caddy b/infrastructure/services/caddy/config/website/privatebin.caddy new file mode 100644 index 0000000..520f490 --- /dev/null +++ b/infrastructure/services/caddy/config/website/privatebin.caddy @@ -0,0 +1,9 @@ +import header.caddy + +privatebin.{$MAIN_DOMAIN} { + reverse_proxy privatebin:8080 +} + +pastebin.{$MAIN_DOMAIN} { + redir https://privatebin.{$MAIN_DOMAIN} permanent +} diff --git a/infrastructure/services/caddy/config/website/projectsend.caddy b/infrastructure/services/caddy/config/website/projectsend.caddy new file mode 100644 index 0000000..9289eec --- /dev/null +++ b/infrastructure/services/caddy/config/website/projectsend.caddy @@ -0,0 +1,5 @@ +import header.caddy + +projectsend.{$MAIN_DOMAIN} { + reverse_proxy projectsend:80 +} diff --git a/infrastructure/services/caddy/config/website/psitransfer.caddy b/infrastructure/services/caddy/config/website/psitransfer.caddy new file mode 100644 index 0000000..f9ccf9c --- /dev/null +++ b/infrastructure/services/caddy/config/website/psitransfer.caddy @@ -0,0 +1,9 @@ +import header.caddy + +transfer.{$MAIN_DOMAIN} { + reverse_proxy psitransfer:3000 +} + +psitransfer.{$MAIN_DOMAIN} { + redir https://transfer.{$MAIN_DOMAIN}{uri} permanent +} diff --git a/infrastructure/services/caddy/config/website/qbittorrent.caddy b/infrastructure/services/caddy/config/website/qbittorrent.caddy new file mode 100644 index 0000000..b9f4533 --- /dev/null +++ b/infrastructure/services/caddy/config/website/qbittorrent.caddy @@ -0,0 +1,9 @@ +import header.caddy + +torrent.{$MAIN_DOMAIN} { + reverse_proxy qbittorrent:8080 +} + +qbittorrent.{$MAIN_DOMAIN} { + redir https://torrent.{$MAIN_DOMAIN} permanent +} diff --git a/infrastructure/services/caddy/config/website/stirlingpdf.caddy b/infrastructure/services/caddy/config/website/stirlingpdf.caddy new file mode 100644 index 0000000..cc78412 --- /dev/null +++ b/infrastructure/services/caddy/config/website/stirlingpdf.caddy @@ -0,0 +1,5 @@ +import header.caddy + +stirlingpdf.{$MAIN_DOMAIN} { + reverse_proxy stirlingpdf:8080 +} diff --git a/infrastructure/services/caddy/config/website/syncthing.caddy b/infrastructure/services/caddy/config/website/syncthing.caddy new file mode 100644 index 0000000..cfcd1fa --- /dev/null +++ b/infrastructure/services/caddy/config/website/syncthing.caddy @@ -0,0 +1,7 @@ +import header.caddy + +syncthing.{$MAIN_DOMAIN} { + reverse_proxy syncthing:8384 { + header_up Host {upstream_hostport} + } +} diff --git a/infrastructure/services/caddy/config/website/transmission.caddy b/infrastructure/services/caddy/config/website/transmission.caddy new file mode 100644 index 0000000..1cc2ad9 --- /dev/null +++ b/infrastructure/services/caddy/config/website/transmission.caddy @@ -0,0 +1,5 @@ +import header.caddy + +transmission.{$MAIN_DOMAIN} { + reverse_proxy transmission:9091 +} diff --git a/infrastructure/services/caddy/config/website/uptimekuma.caddy b/infrastructure/services/caddy/config/website/uptimekuma.caddy new file mode 100644 index 0000000..f3c5462 --- /dev/null +++ b/infrastructure/services/caddy/config/website/uptimekuma.caddy @@ -0,0 +1,5 @@ +import header.caddy + +uptimekuma.{$MAIN_DOMAIN} { + reverse_proxy uptime-kuma:3001 +} diff --git a/infrastructure/services/caddy/config/website/wordpress.caddy b/infrastructure/services/caddy/config/website/wordpress.caddy new file mode 100644 index 0000000..68e00ce --- /dev/null +++ b/infrastructure/services/caddy/config/website/wordpress.caddy @@ -0,0 +1,36 @@ +import header.caddy + +wordpress.{$MAIN_DOMAIN} { + root * /var/www/html + php_fastcgi wordpress:9000 + + file_server + encode zstd gzip + + @disallowed { + path /xmlrpc.php + path *.sql + path /wp-content/uploads/*.php + } + + rewrite @disallowed '/index.php' + + respond /uploads/*.php 404 + + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + + # enable HSTS + Strict-Transport-Security max-age=31536000; + + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + + # clickjacking protection + # X-Frame-Options DENY + + # Disable powerful features we don't need + Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()" + } +} diff --git a/infrastructure/services/caddy/config/website/yacht.caddy b/infrastructure/services/caddy/config/website/yacht.caddy new file mode 100644 index 0000000..1dadc3e --- /dev/null +++ b/infrastructure/services/caddy/config/website/yacht.caddy @@ -0,0 +1,5 @@ +import header.caddy + +yacht.{$MAIN_DOMAIN} { + reverse_proxy yacht:8000 +}