Update caddy config

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2025-08-16 22:44:55 +02:00 · 2025-08-06 14:01:14 +02:00
parent fcd4dc85bc
commit 2b902e54be
31 changed files with 222 additions and 244 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /*.tar.gz
--- a/21
+++ b/21
@@ -11,17 +11,18 @@
 #//                                                          //
 #//////////////////////////////////////////////////////////////
-ADMIN_SERVICES := openssh uptime-kuma yacht
+ADMIN_SERVICES := openssh 
-BLOG_SERVICES := wordpress
+#uptime-kuma yacht
-7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup
+#BLOG_SERVICES := wordpress
-MINECRAFT_SERVICES := minecraft_server minecraft_backup
+#7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup
-SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup
+#MINECRAFT_SERVICES := minecraft_server minecraft_backup
-GIT_SERVICES := forgejo forgejo-runner
+#SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup
 #GIT_SERVICES := forgejo forgejo-runner
 # gitea gitea-runner
-IA_SERVICES := open-webui
+#IA_SERVICES := open-webui
-SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing
+#SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing
-TORRENTS_SERVICES := qbittorrent transmission
+#TORRENTS_SERVICES := qbittorrent transmission
-UTILS_SERVICES := it-tools stirlingpdf omni-tools
+#UTILS_SERVICES := it-tools stirlingpdf omni-tools
 MAIN_SERVICES := main_infrastructure caddy homepage
--- a/README.md
+++ b/README.md
@@ -121,10 +121,6 @@ And then, caddy will generate the certificate for you and renew it automatically
 | [public.bensuperpc.org](https://public.bensuperpc.org)             | Sub  | Caddy for file sharing                                       |
 | [memos.bensuperpc.org](https://memos.bensuperpc.org)               | Sub  | Caddy for file sharing                                       |
 | [stirlingpdf.bensuperpc.org](https://stirlingpdf.bensuperpc.org)   | Sub  | Stirling PDF tools                                           |
 | bensuperpc.com                                                     | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
 | bensuperpc.fr                                                      | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
 | bensuperpc.net                                                     | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
 | bensuperpc.ovh                                                     | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
 ### Configure the infrastructure
--- a/infrastructure/services/caddy/config/Caddyfile
+++ b/infrastructure/services/caddy/config/Caddyfile
@@ -3,13 +3,13 @@
 	key_type p384
 	log {
-		output file /data/logs/access.log
+		output file /data/logs/access.log {
 			roll_size 1GiB
 			roll_keep 20
 			roll_keep_for 720h
 		}
 		format json
 	}
 }
-import bensuperpc.org/*
+import website/*
 import bensuperpc.com/*
 import bensuperpc.net/*
 import bensuperpc.ovh/*
 import bensuperpc.fr/*
--- a/infrastructure/services/caddy/config/bensuperpc.com/Caddyfile
+++ b/infrastructure/services/caddy/config/bensuperpc.com/Caddyfile
@@ -1,7 +0,0 @@
 bensuperpc.com {  
  	redir https://www.bensuperpc.org{uri} permanent
 }
 www.bensuperpc.com {  
  	redir https://www.bensuperpc.org{uri} permanent
 }
--- a/infrastructure/services/caddy/config/bensuperpc.fr/Caddyfile
+++ b/infrastructure/services/caddy/config/bensuperpc.fr/Caddyfile
@@ -1,7 +0,0 @@
 bensuperpc.fr {
 	redir https://www.bensuperpc.org{uri} permanent
 }
 www.bensuperpc.fr {
 	redir https://www.bensuperpc.org{uri} permanent
 }
--- a/infrastructure/services/caddy/config/bensuperpc.net/Caddyfile
+++ b/infrastructure/services/caddy/config/bensuperpc.net/Caddyfile
@@ -1,19 +0,0 @@
 bensuperpc.net {
 	redir https://www.bensuperpc.org{uri} permanent
 }
 www.bensuperpc.net {
 	redir https://www.bensuperpc.org{uri} permanent
 }
 git.bensuperpc.net {
 	redir https://git.bensuperpc.org{uri} permanent
 }
 jellyfin.bensuperpc.net {
 	redir https://jellyfin.bensuperpc.org{uri} permanent
 }
 uptimekuma.bensuperpc.net {
 	redir https://uptimekuma.bensuperpc.org{uri} permanent
 }
--- a/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile
+++ b/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile
@@ -1,184 +0,0 @@
 www.{$MAIN_DOMAIN} {
 	reverse_proxy homepage:3000
 }
 {$MAIN_DOMAIN} {
 	redir https://www.{host}{uri} permanent
 }
 homepage.{$MAIN_DOMAIN} {
 	redir https://www.{$MAIN_DOMAIN}{uri} permanent
 }
 public.{$MAIN_DOMAIN} {
 	root * /public_data
 	file_server browse
 }
 wordpress.{$MAIN_DOMAIN} {
 	root * /var/www/html
 	php_fastcgi wordpress:9000
 	file_server
 	encode zstd gzip
 	@disallowed {
 		path /xmlrpc.php
 		path *.sql
 		path /wp-content/uploads/*.php
 	}
 	rewrite @disallowed '/index.php'
 	respond /uploads/*.php 404
 	header {
 		# disable FLoC tracking
 		Permissions-Policy interest-cohort=()
 		# enable HSTS
 		Strict-Transport-Security max-age=31536000;
 		# disable clients from sniffing the media type
 		X-Content-Type-Options nosniff
 		# clickjacking protection
 		# X-Frame-Options DENY
 		# Disable powerful features we don't need
 		Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
 	}
 }
 it-tools.{$MAIN_DOMAIN} {
 	# Load balance between 2 instances
 	reverse_proxy {
 		to it-tools0:80 it-tools1:80
 		lb_policy round_robin
 		lb_retries 3
 		lb_try_interval 1s
 	}
 }
 omni-tools.{$MAIN_DOMAIN} {
 	# Load balance between 2 instances
 	reverse_proxy {
 		to omni-tools0:80 omni-tools1:80
 		lb_policy round_robin
 		lb_retries 3
 		lb_try_interval 1s
 	}
 }
 uptimekuma.{$MAIN_DOMAIN} {
 	reverse_proxy uptime-kuma:3001
 }
 torrent.{$MAIN_DOMAIN} {
 	reverse_proxy qbittorrent:8080
 }
 qbittorrent.{$MAIN_DOMAIN} {
 	redir https://torrent.{$MAIN_DOMAIN} permanent
 }
 transmission.{$MAIN_DOMAIN} {
 	reverse_proxy transmission:9091
 }
 gitea.{$MAIN_DOMAIN} {
 	reverse_proxy gitea:3000
 }
 git.{$MAIN_DOMAIN} {
 	reverse_proxy forgejo:3000
 }
 forgejo.{$MAIN_DOMAIN} {
 	redir https://git.{$MAIN_DOMAIN}{uri} permanent
 }
 jellyfin.{$MAIN_DOMAIN} {
 	reverse_proxy jellyfin:8096
 }
 transfer.{$MAIN_DOMAIN} {
 	reverse_proxy psitransfer:3000
 }
 psitransfer.{$MAIN_DOMAIN} {
 	redir https://transfer.{$MAIN_DOMAIN}{uri} permanent
 }
 picoshare.{$MAIN_DOMAIN} {
 	reverse_proxy picoshare:4001
 }
 syncthing.{$MAIN_DOMAIN} {
 	reverse_proxy syncthing:8384 {
 		header_up Host {upstream_hostport}
 	}
 }
 privatebin.{$MAIN_DOMAIN} {
 	reverse_proxy privatebin:8080
 }
 pastebin.{$MAIN_DOMAIN} {
 	redir https://privatebin.{$MAIN_DOMAIN} permanent
 }
 yacht.{$MAIN_DOMAIN} {
 	reverse_proxy yacht:8000
 }
 projectsend.{$MAIN_DOMAIN} {
 	reverse_proxy projectsend:80
 }
 dufs.{$MAIN_DOMAIN} {
 	reverse_proxy dufs:5000
 }
 stirlingpdf.{$MAIN_DOMAIN} {
 	reverse_proxy stirlingpdf:8080
 }
 memos.{$MAIN_DOMAIN} {
 	reverse_proxy memos:5230
 }
 open-webui.{$MAIN_DOMAIN} {
 	reverse_proxy open-webui:8080
 }
 link.{$MAIN_DOMAIN} {
 	# TODO: Use service with database
 	# Friendly links
 	redir /gnous https://gnous.eu permanent
 	redir /proxy https://imagisphe.re permanent
 	redir /patch https://spaceint.fr permanent
 	redir /greep https://greep.fr permanent
 	# Youtube links
 	redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
 	redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
 	redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent
 	redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent
 	redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent
 	redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent
 	redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent
 	redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent
 	redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent
 	redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent
 	redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent
 	redir /lechanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent
 	redir /nohero https://youtu.be/4DuUejBkMqE?si=bkB8G6PHwCp56jxb permanent
 	redir /indochine https://youtu.be/M7X6oYg6iro?si=ZRarm3qamTJ8vIJ0 permanent
 	redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent
 	redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent
 	redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent
 	redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent
 	redir /train https://youtu.be/l8mScKWj3kQ?si=BV07uJ9eP3kzV9Kl permanent
 	redir /jdg https://www.youtube.com/@joueurdugrenier permanent
 }
--- a/infrastructure/services/caddy/config/bensuperpc.ovh/Caddyfile
+++ b/infrastructure/services/caddy/config/bensuperpc.ovh/Caddyfile
@@ -1,7 +0,0 @@
 bensuperpc.ovh {
 	redir https://www.bensuperpc.org{uri} permanent
 }
 www.bensuperpc.ovh {
 	redir https://www.bensuperpc.org{uri} permanent
 }
--- a/infrastructure/services/caddy/config/website/dufs.caddy
+++ b/infrastructure/services/caddy/config/website/dufs.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 dufs.{$MAIN_DOMAIN} {
 	reverse_proxy dufs:5000
 }
--- a/infrastructure/services/caddy/config/website/forgejo.caddy
+++ b/infrastructure/services/caddy/config/website/forgejo.caddy
@@ -0,0 +1,9 @@
 import header.caddy
 git.{$MAIN_DOMAIN} {
 	reverse_proxy forgejo:3000
 }
 forgejo.{$MAIN_DOMAIN} {
 	redir https://git.{$MAIN_DOMAIN}{uri} permanent
 }
--- a/infrastructure/services/caddy/config/website/gitea.caddy
+++ b/infrastructure/services/caddy/config/website/gitea.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 gitea.{$MAIN_DOMAIN} {
 	reverse_proxy gitea:3000
 }
--- a/infrastructure/services/caddy/config/website/header.caddy
+++ b/infrastructure/services/caddy/config/website/header.caddy
@@ -0,0 +1,14 @@
 (header_common) {
 	Permissions-Policy: geolocation=(), camera=(), microphone=(), clipboard-read=(), usb=()
 	Strict-Transport-Security: max-age=31536000; includeSubDomains
 	X-Content-Type-Options: nosniff
 	X-Frame-Options: DENY
 	Referrer-Policy: strict-origin-when-cross-origin
 	# Only useful for old browsers
 	X-XSS-Protection: "1; mode=block"
 	# Can cause issues with external resources
 	#Cross-Origin-Embedder-Policy: require-corp
 	Cross-Origin-Opener-Policy: same-origin
 	#Cross-Origin-Resource-Policy: same-origin
 }
--- a/infrastructure/services/caddy/config/website/homepage.caddy
+++ b/infrastructure/services/caddy/config/website/homepage.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 homepage.{$MAIN_DOMAIN} {
 	redir reverse_proxy homepage:3000
 }
--- a/infrastructure/services/caddy/config/website/it-tools.caddy
+++ b/infrastructure/services/caddy/config/website/it-tools.caddy
@@ -0,0 +1,11 @@
 import header.caddy
 it-tools.{$MAIN_DOMAIN} {
 	# Load balance between 2 instances
 	reverse_proxy {
 		to it-tools0:80 it-tools1:80
 		lb_policy round_robin
 		lb_retries 3
 		lb_try_interval 1s
 	}
 }
--- a/infrastructure/services/caddy/config/website/jellyfin.caddy
+++ b/infrastructure/services/caddy/config/website/jellyfin.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 jellyfin.{$MAIN_DOMAIN} {
 	reverse_proxy jellyfin:8096
 }
--- a/infrastructure/services/caddy/config/website/main.caddy
+++ b/infrastructure/services/caddy/config/website/main.caddy
@@ -0,0 +1,29 @@
 import header.caddy
 www.{$MAIN_DOMAIN} {
 	header {
 		Cache-Control "public, max-age=10"
 		import header_common
 	}
 	handle_errors {
 		@notFound expression `{http.error.status_code} == 404`
 		redir @notFound https://www.{$MAIN_DOMAIN} permanent
 	}
 	reverse_proxy homepage:3000
 }
 {$MAIN_DOMAIN} {
 	redir https://www.{host}{uri} permanent
 }
 public.{$MAIN_DOMAIN} {
 	root * /public_data
 	file_server browse
 	header / {
 		Cache-Control "no-store"
 		import header_common
 	}
 }
--- a/infrastructure/services/caddy/config/website/memos.caddy
+++ b/infrastructure/services/caddy/config/website/memos.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 memos.{$MAIN_DOMAIN} {
 	reverse_proxy memos:5230
 }
--- a/infrastructure/services/caddy/config/website/omni-tools.caddy
+++ b/infrastructure/services/caddy/config/website/omni-tools.caddy
@@ -0,0 +1,11 @@
 import header.caddy
 omni-tools.{$MAIN_DOMAIN} {
 	# Load balance between 2 instances
 	reverse_proxy {
 		to omni-tools0:80 omni-tools1:80
 		lb_policy round_robin
 		lb_retries 3
 		lb_try_interval 1s
 	}
 }
--- a/infrastructure/services/caddy/config/website/open-webui.caddy
+++ b/infrastructure/services/caddy/config/website/open-webui.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 open-webui.{$MAIN_DOMAIN} {
 	reverse_proxy open-webui:8080
 }
--- a/infrastructure/services/caddy/config/website/picoshare.caddy
+++ b/infrastructure/services/caddy/config/website/picoshare.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 picoshare.{$MAIN_DOMAIN} {
 	reverse_proxy picoshare:4001
 }
--- a/infrastructure/services/caddy/config/website/privatebin.caddy
+++ b/infrastructure/services/caddy/config/website/privatebin.caddy
@@ -0,0 +1,9 @@
 import header.caddy
 privatebin.{$MAIN_DOMAIN} {
 	reverse_proxy privatebin:8080
 }
 pastebin.{$MAIN_DOMAIN} {
 	redir https://privatebin.{$MAIN_DOMAIN} permanent
 }
--- a/infrastructure/services/caddy/config/website/projectsend.caddy
+++ b/infrastructure/services/caddy/config/website/projectsend.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 projectsend.{$MAIN_DOMAIN} {
 	reverse_proxy projectsend:80
 }
--- a/infrastructure/services/caddy/config/website/psitransfer.caddy
+++ b/infrastructure/services/caddy/config/website/psitransfer.caddy
@@ -0,0 +1,9 @@
 import header.caddy
 transfer.{$MAIN_DOMAIN} {
 	reverse_proxy psitransfer:3000
 }
 psitransfer.{$MAIN_DOMAIN} {
 	redir https://transfer.{$MAIN_DOMAIN}{uri} permanent
 }
--- a/infrastructure/services/caddy/config/website/qbittorrent.caddy
+++ b/infrastructure/services/caddy/config/website/qbittorrent.caddy
@@ -0,0 +1,9 @@
 import header.caddy
 torrent.{$MAIN_DOMAIN} {
 	reverse_proxy qbittorrent:8080
 }
 qbittorrent.{$MAIN_DOMAIN} {
 	redir https://torrent.{$MAIN_DOMAIN} permanent
 }
--- a/infrastructure/services/caddy/config/website/stirlingpdf.caddy
+++ b/infrastructure/services/caddy/config/website/stirlingpdf.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 stirlingpdf.{$MAIN_DOMAIN} {
 	reverse_proxy stirlingpdf:8080
 }
--- a/infrastructure/services/caddy/config/website/syncthing.caddy
+++ b/infrastructure/services/caddy/config/website/syncthing.caddy
@@ -0,0 +1,7 @@
 import header.caddy
 syncthing.{$MAIN_DOMAIN} {
 	reverse_proxy syncthing:8384 {
 		header_up Host {upstream_hostport}
 	}
 }
--- a/infrastructure/services/caddy/config/website/transmission.caddy
+++ b/infrastructure/services/caddy/config/website/transmission.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 transmission.{$MAIN_DOMAIN} {
 	reverse_proxy transmission:9091
 }
--- a/infrastructure/services/caddy/config/website/uptimekuma.caddy
+++ b/infrastructure/services/caddy/config/website/uptimekuma.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 uptimekuma.{$MAIN_DOMAIN} {
 	reverse_proxy uptime-kuma:3001
 }
--- a/infrastructure/services/caddy/config/website/wordpress.caddy
+++ b/infrastructure/services/caddy/config/website/wordpress.caddy
@@ -0,0 +1,36 @@
 import header.caddy
 wordpress.{$MAIN_DOMAIN} {
 	root * /var/www/html
 	php_fastcgi wordpress:9000
 	file_server
 	encode zstd gzip
 	@disallowed {
 		path /xmlrpc.php
 		path *.sql
 		path /wp-content/uploads/*.php
 	}
 	rewrite @disallowed '/index.php'
 	respond /uploads/*.php 404
 	header {
 		# disable FLoC tracking
 		Permissions-Policy interest-cohort=()
 		# enable HSTS
 		Strict-Transport-Security max-age=31536000;
 		# disable clients from sniffing the media type
 		X-Content-Type-Options nosniff
 		# clickjacking protection
 		# X-Frame-Options DENY
 		# Disable powerful features we don't need
 		Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
 	}
 }
--- a/infrastructure/services/caddy/config/website/yacht.caddy
+++ b/infrastructure/services/caddy/config/website/yacht.caddy
@@ -0,0 +1,5 @@
 import header.caddy
 yacht.{$MAIN_DOMAIN} {
 	reverse_proxy yacht:8000
 }