commit 2ba0ab50090ead6f29f3504e93379f2810c7fe98 Author: SauravDhakal Date: Mon Mar 30 20:57:12 2026 +0545 init: Caddy setup diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/caddy/Caddyfile b/caddy/Caddyfile new file mode 100644 index 0000000..56b74db --- /dev/null +++ b/caddy/Caddyfile @@ -0,0 +1,63 @@ +# Global config +{ + email me@sauravdhakal.com.np + acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN} +} + +# ----------------------------------------------- +# PUBLIC services (resolves to your public VPS IP) +# ----------------------------------------------- + +# blog.sauravdhakal.com.np { +# reverse_proxy blog:3000 +# } + +#n8n-webhook.sauravdhakal.com.np { +# reverse_proxy n8n:5678 +#} + +# Public — only webhook endpoint, no UI +n8n.sauravdhakal.com.np { + reverse_proxy n8n:5678 { + # Only allow webhook paths publicly + header_up Host {host} + } + @public path /webhook/* /webhook-test/* + handle @public { + reverse_proxy n8n:5678 + } + handle { + abort # block everything else (UI, API, etc) + } +} + +# Private — full n8n UI through VPN +n8n-admin.sauravdhakal.com.np { + bind 100.81.85.182 + reverse_proxy n8n:5678 +} + +# ----------------------------------------------- +# VPN-ONLY services (resolves to 100.81.85.182) +# bind tells Caddy to only listen on Netbird interface +# ----------------------------------------------- + +vault.sauravdhakal.com.np { + bind 100.81.85.182 + reverse_proxy vaultwarden:80 +} + +actual.sauravdhakal.com.np { + bind 100.81.85.182 + reverse_proxy actual:5006 +} + +immich.sauravdhakal.com.np { + bind 100.81.85.182 + reverse_proxy immich-server:2283 +} + +filebrowser.sauravdhakal.com.np { + bind 100.81.85.182 + reverse_proxy filebrowser:80 +} diff --git a/caddy/Dockerfile b/caddy/Dockerfile new file mode 100644 index 0000000..179f79a --- /dev/null +++ b/caddy/Dockerfile @@ -0,0 +1,7 @@ +# Custom build of caddy with Cloudflare API +FROM caddy:builder AS builder +RUN xcaddy build \ + --with github.com/caddy-dns/cloudflare + +FROM caddy:latest +COPY --from=builder /usr/bin/caddy /usr/bin/caddy diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..418981f --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,6 @@ +include: + - services/caddy.yml + +networks: + caddy_net: + driver: bridge diff --git a/services/caddy.yml b/services/caddy.yml new file mode 100644 index 0000000..33be02e --- /dev/null +++ b/services/caddy.yml @@ -0,0 +1,20 @@ +services: + caddy: + build: ../caddy + restart: unless-stopped + ports: + - "80:80" + - "443:443" + - "100.81.85.182:443:443" # VPN interface for private services + environment: + - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN} + volumes: + - ../caddy/Caddyfile:/etc/caddy/Caddyfile + - ../caddy/data:/data + - ../caddy/config:/config + networks: + - caddy_net + +networks: + caddy_net: + external: true