saurav12/hetzner_server
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Make it push pushable

Browse Source
This commit is contained in:
SauravDhakal
2026-04-11 21:36:35 +05:45
parent 1026fd6ff2
commit e584b9ae20
1 changed files with 2 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
caddy/Caddyfile
View File

@@ -74,12 +74,10 @@ uptime.sauravdhakal.com.np {
} }
# ----------------------------------------------- # -----------------------------------------------
# Gitea — DUAL MODE # Gitea — PUBLIC WEB UI
# Public: Web UI (read-only via matchers) # Gitea's built-in auth handles write restrictions
# Private: Full access (SSH + push/pull via VPN)
# ----------------------------------------------- # -----------------------------------------------
# PUBLIC Gitea Web UI
gitea.sauravdhakal.com.np { gitea.sauravdhakal.com.np {
# Allow public access (no bind = all interfaces) # Allow public access (no bind = all interfaces)
@@ -90,31 +88,12 @@ gitea.sauravdhakal.com.np {
Referrer-Policy strict-origin-when-cross-origin Referrer-Policy strict-origin-when-cross-origin
} }
# Restrict dangerous endpoints on public access
# Block only git PUSH operations (write), allow clone (read)
@publicDangerous {
path /api/v1/repos/*/archive/*
path /repos/*/archive/*
path /*/git-receive-pack
}
handle @publicDangerous {
respond 403
}
# Allow everything else (UI, API read, etc)
reverse_proxy localhost:3000 { reverse_proxy localhost:3000 {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host} header_up X-Forwarded-For {remote_host}
} }
} }
# PRIVATE Gitea (Full Access via VPN)
gitea-private.sauravdhakal.com.np {
bind 100.81.85.182
reverse_proxy localhost:3000
}
# Woodpecker CI — VPN only # Woodpecker CI — VPN only
ci.sauravdhakal.com.np { ci.sauravdhakal.com.np {
bind 100.81.85.182 bind 100.81.85.182