diff --git a/caddy/config/Caddyfile b/caddy/config/Caddyfile index d7961ecd..3f24911e 100644 --- a/caddy/config/Caddyfile +++ b/caddy/config/Caddyfile @@ -1,39 +1,35 @@ audiobookshelf.karnwong.me { reverse_proxy 192.168.1.36:30027 } -harbor.karnwong.me { - reverse_proxy 192.168.1.36:30500 +authentik.karnwong.me { + reverse_proxy 192.168.1.36:30047 } -immich.karnwong.me { - reverse_proxy 192.168.1.36:30030 +books.karnwong.me { + reverse_proxy 192.168.1.36:30032 } -jellyfin.karnwong.me { - reverse_proxy 192.168.1.36:30003 +console.minio.karnwong.me { + reverse_proxy 192.168.1.36:30021 } -music.karnwong.me { - reverse_proxy 192.168.1.36:30006 +excalidraw.karnwong.me { + reverse_proxy 192.168.1.36:30034 } -syncthing.karnwong.me { - reverse_proxy 192.168.1.36:8384 +gist.karnwong.me { + reverse_proxy 192.168.1.36:30039 } git.karnwong.me { reverse_proxy 192.168.1.36:30026 } -#linkding.karnwong.me { -# reverse_proxy 192.168.1.36:30005 -#} -linkding.karnwong.me { - route { - reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 - - forward_auth http://192.168.1.36:30047 { - uri /outpost.goauthentik.io/auth/caddy - copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version - trusted_proxies private_ranges - } - - reverse_proxy 192.168.1.36:30005 - } +go.karnwong.me { + reverse_proxy 192.168.1.36:30042 +} +harbor.karnwong.me { + reverse_proxy 192.168.1.36:30500 +} +immich.karnwong.me { + reverse_proxy 192.168.1.36:30030 +} +jellyfin.karnwong.me { + reverse_proxy 192.168.1.36:30003 } memos.karnwong.me { reverse_proxy 192.168.1.36:30031 @@ -44,12 +40,21 @@ miniflux.karnwong.me { minio.karnwong.me { reverse_proxy 192.168.1.36:30020 } -console.minio.karnwong.me { - reverse_proxy 192.168.1.36:30021 +music.karnwong.me { + reverse_proxy 192.168.1.36:30006 } ntfy.karnwong.me { reverse_proxy 192.168.1.36:30022 } +pdf.karnwong.me { + reverse_proxy 192.168.1.36:30040 +} +plausible.karnwong.me { + reverse_proxy 192.168.1.36:30044 +} +qa-api.karnwong.me { + reverse_proxy 192.168.1.36:30043 +} rustpad.karnwong.me { reverse_proxy 192.168.1.36:30019 } @@ -59,74 +64,19 @@ secrets.karnwong.me { share.karnwong.me { reverse_proxy 192.168.1.36:30017 } -wallabag.karnwong.me { - reverse_proxy 192.168.1.36:30009 { - transport http { - dial_timeout 5m - response_header_timeout 5m - read_timeout 5m - write_timeout 5m - } - } -} - -(cors) { - @cors_preflight method OPTIONS - @cors header Origin {args.0} - - handle @cors_preflight { - header Access-Control-Allow-Origin "{args.0}" - header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, HEAD" - header Access-Control-Allow-Headers "Range,If-Match" - header Access-Control-Max-Age "3600" - respond "" 204 - } - - handle @cors { - header Access-Control-Allow-Origin "{args.0}" - header Access-Control-Expose-Headers "ETag" - } -} -pmtiles.karnwong.me { - root * /opt/pmtiles - file_server - - import cors https://maps.karnwong.me -} -excalidraw.karnwong.me { - reverse_proxy 192.168.1.36:30034 -} -books.karnwong.me { - reverse_proxy 192.168.1.36:30032 -} subsonic-widgets.karnwong.me { reverse_proxy 192.168.1.36:30038 } -gist.karnwong.me { - reverse_proxy 192.168.1.36:30039 -} -wakapi.karnwong.me { - reverse_proxy 192.168.1.36:30041 -} -go.karnwong.me { - reverse_proxy 192.168.1.36:30042 -} -qa-api.karnwong.me { - reverse_proxy 192.168.1.36:30043 -} -pdf.karnwong.me { - reverse_proxy 192.168.1.36:30040 -} -plausible.karnwong.me { - reverse_proxy 192.168.1.36:30044 +syncthing.karnwong.me { + reverse_proxy 192.168.1.36:8384 } thai-tech-cal.karnwong.me { reverse_proxy 192.168.1.36:30046 } -authentik.karnwong.me { - reverse_proxy 192.168.1.36:30047 +wakapi.karnwong.me { + reverse_proxy 192.168.1.36:30041 } -livegrep.karnwong.me { +console.mlflow.karnwong.me { route { reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 @@ -136,10 +86,10 @@ livegrep.karnwong.me { trusted_proxies private_ranges } - reverse_proxy 192.168.1.36:30033 + reverse_proxy 192.168.1.36:30037 } } -podgrab.karnwong.me { +dashy.karnwong.me { route { reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 @@ -149,10 +99,10 @@ podgrab.karnwong.me { trusted_proxies private_ranges } - reverse_proxy 192.168.1.36:30004 + reverse_proxy 192.168.1.36:30023 } } -dashy.karnwong.me { +gatus.karnwong.me { route { reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 @@ -162,10 +112,10 @@ dashy.karnwong.me { trusted_proxies private_ranges } - reverse_proxy 192.168.1.36:30023 + reverse_proxy 192.168.1.36:30029 } } -gatus.karnwong.me { +linkding.karnwong.me { route { reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 @@ -175,17 +125,23 @@ gatus.karnwong.me { trusted_proxies private_ranges } - reverse_proxy 192.168.1.36:30029 + reverse_proxy 192.168.1.36:30005 } } -proxmox.karnwong.me { - reverse_proxy 192.168.1.70:8006 { - transport http { - tls_insecure_skip_verify +livegrep.karnwong.me { + route { + reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 + + forward_auth http://192.168.1.36:30047 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version + trusted_proxies private_ranges } + + reverse_proxy 192.168.1.36:30033 } } -console.mlflow.karnwong.me { +podgrab.karnwong.me { route { reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 @@ -195,6 +151,6 @@ console.mlflow.karnwong.me { trusted_proxies private_ranges } - reverse_proxy 192.168.1.36:30037 + reverse_proxy 192.168.1.36:30004 } } diff --git a/caddy/config/Caddyfile.misc b/caddy/config/Caddyfile.misc new file mode 100644 index 00000000..bd1b4749 --- /dev/null +++ b/caddy/config/Caddyfile.misc @@ -0,0 +1,40 @@ +wallabag.karnwong.me { + reverse_proxy 192.168.1.36:30009 { + transport http { + dial_timeout 5m + response_header_timeout 5m + read_timeout 5m + write_timeout 5m + } + } +} +(cors) { + @cors_preflight method OPTIONS + @cors header Origin {args.0} + + handle @cors_preflight { + header Access-Control-Allow-Origin "{args.0}" + header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, HEAD" + header Access-Control-Allow-Headers "Range,If-Match" + header Access-Control-Max-Age "3600" + respond "" 204 + } + + handle @cors { + header Access-Control-Allow-Origin "{args.0}" + header Access-Control-Expose-Headers "ETag" + } +} +pmtiles.karnwong.me { + root * /opt/pmtiles + file_server + + import cors https://maps.karnwong.me +} +proxmox.karnwong.me { + reverse_proxy 192.168.1.70:8006 { + transport http { + tls_insecure_skip_verify + } + } +} diff --git a/caddy/main.go b/caddy/main.go index 9e1ab5e7..f90abcf3 100644 --- a/caddy/main.go +++ b/caddy/main.go @@ -1,7 +1,111 @@ package main -import "fmt" +import ( + "fmt" + "os" + "sort" +) + +func generateConfig(services map[string]int) string { + config := "" + + keys := make([]string, 0, len(services)) + + for k := range services { + keys = append(keys, k) + } + sort.Strings(keys) + + for _, k := range keys { + config += fmt.Sprintf(`%s.karnwong.me { + reverse_proxy 192.168.1.36:%v +} +`, k, services[k]) + } + + return config +} + +func generateConfigForwardAuth(services map[string]int) string { + config := "" + + keys := make([]string, 0, len(services)) + + for k := range services { + keys = append(keys, k) + } + sort.Strings(keys) + + for _, k := range keys { + config += fmt.Sprintf(`%s.karnwong.me { + route { + reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047 + + forward_auth http://192.168.1.36:30047 { + uri /outpost.goauthentik.io/auth/caddy + copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version + trusted_proxies private_ranges + } + + reverse_proxy 192.168.1.36:%v + } +} +`, k, services[k]) + } + + return config +} func main() { - fmt.Println("caddy") + services := map[string]int{ + "audiobookshelf": 30027, + "authentik": 30047, + "books": 30032, + "console.minio": 30021, + "excalidraw": 30034, + "gist": 30039, + "git": 30026, + "go": 30042, + "harbor": 30500, + "immich": 30030, + "jellyfin": 30003, + "memos": 30031, + "miniflux": 30007, + "minio": 30020, + "music": 30006, + "ntfy": 30022, + "pdf": 30040, + "plausible": 30044, + "qa-api": 30043, + "rustpad": 30019, + "secrets": 30025, + "share": 30017, + "subsonic-widgets": 30038, + "syncthing": 8384, + "thai-tech-cal": 30046, + "wakapi": 30041, + } + servicesForwardAuth := map[string]int{ + "console.mlflow": 30037, + "dashy": 30023, + "gatus": 30029, + "linkding": 30005, + "livegrep": 30033, + "podgrab": 30004, + } + + // generate config + config := generateConfig(services) + configForwardAuth := generateConfigForwardAuth(servicesForwardAuth) + + configAll := config + configForwardAuth + fmt.Println(configAll) + + // write to file + err := os.WriteFile("./config/Caddyfile", []byte(configAll), 0644) + if err != nil { + panic(err) + } + fmt.Println("Caddyfile configured") + } diff --git a/scripts/caddy_reload.sh b/scripts/caddy_reload.sh index 446889e7..e7270016 100755 --- a/scripts/caddy_reload.sh +++ b/scripts/caddy_reload.sh @@ -4,6 +4,7 @@ git pull cd /home/ubuntu/self-hosted/caddy/config || exit 1 cat Caddyfile >all.Caddyfile +cat Caddyfile.misc >>all.Caddyfile { echo -e "\n"