# Caddyfile on production cluster { # Global options, omly one such block at the head of the file servers { trusted_proxies static 192.168.1.0/24 2a00:23c6::/32 } # make admin available to all trusted nodes on the network admin :2019 metrics } # # # For Authelis # (trusted_proxy_list) { trusted_proxies 192.168.1.0/24 2a00:23c6::/32 } (secure_site) { forward_auth {args[0]} 192.168.1.1:9091 { uri /api/verify?rd=https://auth.johnsnexus.click copy_headers Remote-User Remote-Groups Remote-Name Remote-Email import trusted_proxy_list header_up Host {upstream_hostport} } } # # it appears you need this to allow prometheus on a remote node to scrape the metrics :2019 { handle { metrics } } # # Snippet for basic authorisation # (basic-auth) { basic_auth { john.anderson $2a$10$T.yetVs9CmektYsaU8RqYu37fVaFAsPDLf90lsDDfxLkaC.zWH3Oi mary.anderson $2a$10$UOuB5DpDcKRho0rRPDCmCeFlDSx/f6Bkwqpw8CEeQCbAGA0yULcny frazer.anderson $2a$10$UleGw5O0BB18XtSenFSawudO.qKbNVMFU772XMP4cAAUbWzRo/zr6 chris.anderson $2a$10$1MeL9m8M7FW/k6/DW3HB1.rkijS3qao8RraNO/tJKN8OuRTCzc3fK ruth.hoyos $2a$10$9z/3SajAWhxJfu6Xs1lbEeuPpZWUzcuBI/8n5hfv5FUqt11Uxo92S sarah.anderson-beecham $2a$10$.8J1FMBwGDr8XSXCMWcn2ODxSW6txLEqSBHZmA6zQs8qQCDT2KbR2 fiona.green $2a$10$Nid0Lg6Wauwi/5BN4N2H5u8T6XumK4EE2MBxZaKXajxUAuUXPEvGO helen.crichton $2a$10$zOcnxMCr62NtNK3YTaWbRuOclI/lC1Lkn1RidTOxkgBTgruQgfg9K david.rawsthorne $2a$10$OIALdPjjQT6i5exUg8GtmOGk4BD4WmanmDhF7wCVH/IbpQQSt6PAS peter.rawsthorne $2a$10$asUwJpdwc4QlGc8b1A1v7ukBCIQTlzm59uRnBH6AnWiK6NAECW03S marilyn.pope $2a$10$6iD1J3FVmFbY7i02gQaF0eu1fY4ufUsXiXMyc1G9YfXbYKwuamjI2 alan.potts $2a$10$tzbIZwIuzcdrIzJICIS1oeadwoKyr3JqL2Ec9aB8Dj.MR4Q7lMcV. kate.griffin $2a$10$9R57yOgGilEPZNwCbjWHeOu/ytTv4SLbW0P/plRnI.GqHe3w3IJjO craig.johnson $2a$10$LQf3tK0ZHl63LHybpDfSdu1WT9OtcLeNZTfCwniPlmuqHiNF.yOq6 grant.johnson $2a$10$7XZ3aoQdL/fLex48t6hgi.p9Xt3yNJNIXJKflxChprwT5O9zPy2hG barbara.wright $2a$10$Mlp0Y2wPzzomL1EnTInS2u18yv7ksMY.ATURzQz4luRRe2JwBMEJS janet.kennedy $2a$10$/8VCpm68CLSF2zSL5sHtR.hzwJ.h3cX3r8XHogHbz8o7KIYPDHOVW } } # # Authelia from HOSTS # auth.johnsnexus.click { reverse_proxy 192.168.1.1:9091 { import trusted_proxy_list } } # # Locally hosted site # testcaddy.johnsnexus.click { root * /usr/share/caddy # compose file points to this php_fastcgi 192.168.1.1:80 file_server } # # Family history web site via container on this cluster # sandancer.ddnsfree.com { root * /var/www/html file_server # reverse_proxy 192.168.1.1:8888 reverse_proxy famhistweb_famhistweb } # # PocketID OIDC security, come here from DYNU, running on OMEGA to access token device # https://hold.johnsnexus.click { reverse_proxy 192.168.1.5:1411 } # # Test GHOST site on ELITE cluster # ghost.johnsnexus.click { root * /var/www/mymag file_server reverse_proxy 192.168.1.4:2368 } # # Fanily History Web site on Production cluster system, come here via HOSTS file # nextfamhistweb.johnsnexus.click { # import basic-auth import secure_site * # root * /usr/local/apache2/htdocs # file_server reverse_proxy nextfamhistweb_nextfamhistweb { import trusted_proxy_list } } # # Test web site on Production Cluster, come here via HOSTS file # an example of a non-secure site on a different domain # http://northweb.johns.study { import basic-auth root * /usr/local/apache2/htdocs file_server reverse_proxy testweb_testweb } # # Test version of paperless-ngx on Elite cluster, come here via HOSTS file # wastebin.johnsnexus.click { file_server reverse_proxy 192.168.1.4:8600 } # # Version of pydio cells on NODE-16 using SAMBA volume - DYNU public address # pydiocells.johnsnexus.click { # tls tls@johnsnexus.click reverse_proxy 192.168.1.4:8888 { transport http { tls tls_insecure_skip_verify } } } # # Nextcloud AIO on NODE-16, was Beta (220 or 9) # https://amudanan.johnsnexus.click:443 { header Strict-Transport-Security max-age=15552000 file_server reverse_proxy http://192.168.1.16:11000 } # # OWNCLOUD on BEES swarm via DYNU # mycloud.johnsnexus.click { header Strict-Transport-Security max-age=15552000 file_server reverse_proxy 192.168.1.3:8080 } # code.johnsnexus.click { encode gzip file_server reverse_proxy https://192.168.1.3:9980 { transport http { tls_insecure_skip_verify } } } # # Vaultwarden on Production Cluster, come here via HOSTS # #warden.johnsnexus.click { # reverse_proxy http://192.168.1.1:80 #} # # SongKong on VALHALLA, come here via DYNU https://chord.johnsnexus.click { root * /music file_server reverse_proxy http://192.168.1.7:4567 } ## # n8n running on DELTA, come here via DYNU # donut.johnsnexus.click { reverse_proxy http://192.168.1.10:5678 { flush_interval -1 } } # # CTiO magazine using Ghost on production # ctio.johnsnexus.click { file_server reverse_proxy 192.168.1.1:2368 } # #**************************************** # # Hoarder from hosts file, keep in extenal domain # Needs SSL; leave as explicit address; use 3200 as gitea uses 3000 # hoarder.johnsnexus.click { reverse_proxy 192.168.1.4:3200 } # # # although "prod" it runs on Elite Cluster grafana.johnsnexus.click { # file_server reverse_proxy 192.168.1.4:3030 } # new gitea on elite cluster mygit.johnsnexus.click { reverse_proxy 192.168.1.4:3000 } # # copy of mygit on the production cluster gitea.johnsnexus.click { file_server reverse_proxy 192.168.1.1:3000 } # gotify.johnsnexus.click { reverse_proxy 192.168.1.4:8111 } # # Portainer manageed on ELITE cluster, come here via HOSTS # Use port 9000 not 9443 portainer.johnsnexus.click { reverse_proxy 192.168.1.4:9000 } # # Open Media Vault from HOSTS file # omv.valhalla.johnsnexus.click { reverse_proxy 192.168.1.7 } # omv.paradise.johnsnexus.click { reverse_proxy 192.168.1.8 }