init: Caddy setup
This commit is contained in:
SauravDhakal
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
.env
|
||||||
63
caddy/Caddyfile
Normal file
63
caddy/Caddyfile
Normal file
@@ -0,0 +1,63 @@
|
|||||||
|
# Global config
|
||||||
|
{
|
||||||
|
email me@sauravdhakal.com.np
|
||||||
|
acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
||||||
|
}
|
||||||
|
|
||||||
|
# -----------------------------------------------
|
||||||
|
# PUBLIC services (resolves to your public VPS IP)
|
||||||
|
# -----------------------------------------------
|
||||||
|
|
||||||
|
# blog.sauravdhakal.com.np {
|
||||||
|
# reverse_proxy blog:3000
|
||||||
|
# }
|
||||||
|
|
||||||
|
#n8n-webhook.sauravdhakal.com.np {
|
||||||
|
# reverse_proxy n8n:5678
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Public — only webhook endpoint, no UI
|
||||||
|
n8n.sauravdhakal.com.np {
|
||||||
|
reverse_proxy n8n:5678 {
|
||||||
|
# Only allow webhook paths publicly
|
||||||
|
header_up Host {host}
|
||||||
|
}
|
||||||
|
@public path /webhook/* /webhook-test/*
|
||||||
|
handle @public {
|
||||||
|
reverse_proxy n8n:5678
|
||||||
|
}
|
||||||
|
handle {
|
||||||
|
abort # block everything else (UI, API, etc)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Private — full n8n UI through VPN
|
||||||
|
n8n-admin.sauravdhakal.com.np {
|
||||||
|
bind 100.81.85.182
|
||||||
|
reverse_proxy n8n:5678
|
||||||
|
}
|
||||||
|
|
||||||
|
# -----------------------------------------------
|
||||||
|
# VPN-ONLY services (resolves to 100.81.85.182)
|
||||||
|
# bind tells Caddy to only listen on Netbird interface
|
||||||
|
# -----------------------------------------------
|
||||||
|
|
||||||
|
vault.sauravdhakal.com.np {
|
||||||
|
bind 100.81.85.182
|
||||||
|
reverse_proxy vaultwarden:80
|
||||||
|
}
|
||||||
|
|
||||||
|
actual.sauravdhakal.com.np {
|
||||||
|
bind 100.81.85.182
|
||||||
|
reverse_proxy actual:5006
|
||||||
|
}
|
||||||
|
|
||||||
|
immich.sauravdhakal.com.np {
|
||||||
|
bind 100.81.85.182
|
||||||
|
reverse_proxy immich-server:2283
|
||||||
|
}
|
||||||
|
|
||||||
|
filebrowser.sauravdhakal.com.np {
|
||||||
|
bind 100.81.85.182
|
||||||
|
reverse_proxy filebrowser:80
|
||||||
|
}
|
||||||
7
caddy/Dockerfile
Normal file
7
caddy/Dockerfile
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
# Custom build of caddy with Cloudflare API
|
||||||
|
FROM caddy:builder AS builder
|
||||||
|
RUN xcaddy build \
|
||||||
|
--with github.com/caddy-dns/cloudflare
|
||||||
|
|
||||||
|
FROM caddy:latest
|
||||||
|
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
|
||||||
6
docker-compose.yml
Normal file
6
docker-compose.yml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
include:
|
||||||
|
- services/caddy.yml
|
||||||
|
|
||||||
|
networks:
|
||||||
|
caddy_net:
|
||||||
|
driver: bridge
|
||||||
20
services/caddy.yml
Normal file
20
services/caddy.yml
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
services:
|
||||||
|
caddy:
|
||||||
|
build: ../caddy
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
- "100.81.85.182:443:443" # VPN interface for private services
|
||||||
|
environment:
|
||||||
|
- CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
|
||||||
|
volumes:
|
||||||
|
- ../caddy/Caddyfile:/etc/caddy/Caddyfile
|
||||||
|
- ../caddy/data:/data
|
||||||
|
- ../caddy/config:/config
|
||||||
|
networks:
|
||||||
|
- caddy_net
|
||||||
|
|
||||||
|
networks:
|
||||||
|
caddy_net:
|
||||||
|
external: true
|
||||||
Reference in New Issue
Block a user