chriswin/vps-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

headscale config and caddy service

Browse Source
This commit is contained in:
debian
2025-10-22 18:15:04 +02:00
parent e19f86a87d
commit 79f7ccdf3f
3 changed files with 206 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
services/caddy/Caddyfile Normal file
View File

@@ -0,0 +1,174 @@
(forward_headers) {
header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Robots-Tag noindex, nofollow
Referrer-Policy "same-origin"
Content-Security-Policy "frame-ancestors {$public_domain }} *.{$public_domain}"
-Server
Permissions-Policy "geolocation=(self {$public_domain }} *.{$public_domain}), microphone=()"
}
}
auth.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
audiobookshelf.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
gitea.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
headscale.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
immich.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
ldap.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
linkwarden.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
mealie.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
paperless.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
radicale.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
shlink.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
stirling-pdf.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
superset.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
vaultwarden.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
vikunja.{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}
{$public_domain} {
reverse_proxy ${node_local_ip} {
transport http {
tls_insecure_skip_verify
}
}
tls {$email}
import forward_headers
}

30
services/caddy/caddy.yml
View File

@@ -0,0 +1,30 @@
services:
caddy:
extends:
file: ${TEMPLATES_PATH}
service: default
image: caddy
container_name: caddy
volumes:
- ${SERVICE_PATH}/caddy/config:/etc/headscale
- ${SERVICE_PATH}/caddy/Caddyfile:/etc/caddy/Caddyfile
- ${SERVICE_PATH}/caddy/site:/srv
- ${SERVICE_PATH}/caddy/data:/data
- ${SERVICE_PATH}/caddy/config:/config
- ${SERVICE_PATH}/caddy/certs:/certs
ports:
- "80:80"
- "443:443"
- "443:443/udp"
environment:
email: ${EMAIL}
public_domain: ${PUBLIC_DOMAIN}
private_domain: ${LOCAL_DOMAIN}
node_local_ip: ${NODE_LOCAL_IP}
cap_add:
- NET_ADMIN
networks:
- ip4net
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"