stacks/homelab/Caddyfile

132 lines
2.4 KiB
Caddyfile
Raw Normal View History

2022-09-04 08:37:29 -06:00
{
2023-01-28 16:34:47 -07:00
email neale@woozle.org
2023-02-06 12:14:14 -07:00
#debug
}
(authelia) {
uri /api/verify?rd=https://auth.woozle.org/
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
2022-09-04 08:37:29 -06:00
}
# This has to be at the same level as other `handle` directives,
# since `handle` is a mutually-exclusive thingy.
# https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827
2022-09-04 08:37:29 -06:00
(restricted-access) {
2023-02-09 14:34:56 -07:00
@noAuth header !Authorization
@hasAuth not header !Authorization
forward_auth @noAuth authelia:9091 {
import authelia
2023-02-06 12:14:14 -07:00
}
2023-02-09 14:34:56 -07:00
forward_auth @hasAuth authelia:9091 {
import authelia
header_up Proxy-Authorization {header.authorization}
}
# XXX: If the client sends an "Accept" header, Authelia returns 401 with no Www-Authenticate header, violating HTTP
@unauthorized `{err.status_code} == 401`
header @unauthorized Www-Authenticate "Basic realm=goober"
2023-02-06 12:14:14 -07:00
}
auth.woozle.org {
reverse_proxy authelia:9091
2022-09-04 08:37:29 -06:00
}
2022-11-12 17:08:10 -07:00
git.woozle.org {
2023-01-07 15:30:03 -07:00
reverse_proxy forgejo:3000
2022-09-04 08:37:29 -06:00
}
2022-11-12 17:08:10 -07:00
drive.woozle.org {
2022-09-04 08:37:29 -06:00
import restricted-access
# XXX: browsing says method not allowed
2022-09-11 15:42:18 -06:00
@nondav {
method HEAD GET
2022-09-04 08:37:29 -06:00
}
# route overrides built-in ordering
route {
2022-09-11 15:42:18 -06:00
file_server @nondav {
2022-10-30 18:20:32 -06:00
root /srv/
2022-12-16 15:02:50 -07:00
browse /browser.html
2022-09-04 08:37:29 -06:00
}
reverse_proxy webdav:8000
}
}
2023-01-28 16:34:47 -07:00
media.woozle.org {
reverse_proxy jellyfin:8096
}
2022-09-04 08:37:29 -06:00
# XXX: have this use caddy auth
2022-11-12 17:08:10 -07:00
ancestry.woozle.org {
2022-09-04 08:37:29 -06:00
reverse_proxy geneweb:2317
}
2023-02-15 16:39:09 -07:00
photos.woozle.org {
import restricted-access
reverse_proxy pigallery2:80
}
2022-10-12 17:45:23 -06:00
##
## handle sends original path
## handle_path truncates path
##
deergrove.woozle.org {
import restricted-access
handle_path /ddns/* {
reverse_proxy ddns:8000
}
2022-11-22 20:15:37 -07:00
handle /transmission/* {
2023-02-08 11:43:18 -07:00
reverse_proxy transmission:9091
2022-11-22 20:15:37 -07:00
}
2022-10-12 17:45:23 -06:00
handle /nzbget/* {
reverse_proxy nzbget:6789
}
handle /sonarr/* {
reverse_proxy sonarr:8989
}
2022-10-12 22:05:20 -06:00
handle /radarr/* {
reverse_proxy radarr:7878
}
handle /readarr/* {
reverse_proxy readarr:8787
}
2022-10-13 14:38:46 -06:00
handle /lidarr/* {
reverse_proxy lidarr:8686
}
2022-10-13 10:22:51 -06:00
handle /prowlarr/* {
reverse_proxy prowlarr:9696
2022-10-12 17:45:23 -06:00
}
2023-02-15 16:39:09 -07:00
handle /unmanic/* {
reverse_proxy unmanic:8888
}
2022-10-12 17:45:23 -06:00
2022-09-04 08:37:29 -06:00
handle_path /sucker/* {
2023-02-08 11:43:18 -07:00
reverse_proxy host.lan:5801
2022-09-04 08:37:29 -06:00
}
2022-09-25 17:54:54 -06:00
2023-02-09 14:34:56 -07:00
handle_path /netdata/* {
reverse_proxy netdata:19999
}
# Octoprint serves up broken webcam URLs
uri replace /webcam/ /octoprint/webcam/
2022-09-07 16:53:39 -06:00
handle_path /octoprint/* {
reverse_proxy {
to 192.168.86.20:80
2022-09-07 16:53:39 -06:00
header_up X-Script-Name "/octoprint"
}
}
2022-09-25 17:54:54 -06:00
2022-09-04 17:12:30 -06:00
handle {
file_server {
root /www
}
2022-09-04 08:37:29 -06:00
}
}