stacks/homelab/Caddyfile

132 lines
2.4 KiB
Caddyfile

{
email neale@woozle.org
#debug
}
(authelia) {
uri /api/verify?rd=https://auth.woozle.org/
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
# This has to be at the same level as other `handle` directives,
# since `handle` is a mutually-exclusive thingy.
# https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827
(restricted-access) {
@noAuth header !Authorization
@hasAuth not header !Authorization
forward_auth @noAuth authelia:9091 {
import authelia
}
forward_auth @hasAuth authelia:9091 {
import authelia
header_up Proxy-Authorization {header.authorization}
}
# XXX: If the client sends an "Accept" header, Authelia returns 401 with no Www-Authenticate header, violating HTTP
@unauthorized `{err.status_code} == 401`
header @unauthorized Www-Authenticate "Basic realm=goober"
}
auth.woozle.org {
reverse_proxy authelia:9091
}
git.woozle.org {
reverse_proxy forgejo:3000
}
drive.woozle.org {
import restricted-access
# XXX: browsing says method not allowed
@nondav {
method HEAD GET
}
# route overrides built-in ordering
route {
file_server @nondav {
root /srv/
browse /browser.html
}
reverse_proxy webdav:8000
}
}
media.woozle.org {
reverse_proxy jellyfin:8096
}
# XXX: have this use caddy auth
ancestry.woozle.org {
reverse_proxy geneweb:2317
}
photos.woozle.org {
import restricted-access
reverse_proxy pigallery2:80
}
##
## handle sends original path
## handle_path truncates path
##
deergrove.woozle.org {
import restricted-access
handle_path /ddns/* {
reverse_proxy ddns:8000
}
handle /transmission/* {
reverse_proxy transmission:9091
}
handle /nzbget/* {
reverse_proxy nzbget:6789
}
handle /sonarr/* {
reverse_proxy sonarr:8989
}
handle /radarr/* {
reverse_proxy radarr:7878
}
handle /readarr/* {
reverse_proxy readarr:8787
}
handle /lidarr/* {
reverse_proxy lidarr:8686
}
handle /prowlarr/* {
reverse_proxy prowlarr:9696
}
handle /unmanic/* {
reverse_proxy unmanic:8888
}
handle_path /sucker/* {
reverse_proxy host.lan:5801
}
handle_path /netdata/* {
reverse_proxy netdata:19999
}
# Octoprint serves up broken webcam URLs
uri replace /webcam/ /octoprint/webcam/
handle_path /octoprint/* {
reverse_proxy {
to 192.168.86.20:80
header_up X-Script-Name "/octoprint"
}
}
handle {
file_server {
root /www
}
}
}