pez-infra/ansible/services/caddy/Caddyfile

271 lines
5.7 KiB
Caddyfile

# _ __ ___ ____ _ __ _ __ _____ ___ _
# | '_ \ / _ \_ /____| '_ \| '__/ _ \ \/ / | | |
# | |_) | __// /_____| |_) | | | (_) > <| |_| |
# | .__/ \___/___| | .__/|_| \___/_/\_\\__, |
# |_| |_| |___/
#
{
admin localhost:2019
metrics {
per_host
}
}
## LONDON-A SERVICES ##
# Proxmox
london-a.pez.sh {
tracing {
span proxmox
}
reverse_proxy 100.122.180.98:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
*.k8s.pez.sh {
tls {
dns hetzner {env.HETZNER_DNS_API_TOKEN}
}
tracing {
span k8s
}
reverse_proxy 100.123.97.26:80
}
## LONDON-B SERVICES ##
# Jellyfin
jellyfin.pez.solutions, jellyfin.pez.sh {
tracing {
span jellyfin
}
reverse_proxy 100.84.65.101:8096
}
# Plex
plex.pez.solutions, plex.pez.sh {
tracing {
span plex
}
reverse_proxy 100.84.65.101:32400
}
# Radarr
radarr.pez.solutions, radarr.pez.sh {
tracing {
span radarr
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 100.84.65.101:7878
}
# Sonarr
sonarr.pez.solutions, sonarr.pez.sh {
tracing {
span sonarr
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 100.84.65.101:8989
}
# Lidarr
lidarr.pez.solutions, lidarr.pez.sh {
tracing {
span lidarr
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 100.84.65.101:8686
}
# Readarr hostname, now serving the bookshelf service (Readarr revival)
readarr.pez.solutions, readarr.pez.sh {
tracing {
span readarr
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 100.84.65.101:8787
}
# slskd
soulseek.pez.solutions, soulseek.pez.sh {
tracing {
span soulseek
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 100.84.65.101:5030
}
# Prowlarr
prowlarr.pez.solutions, prowlarr.pez.sh {
tracing {
span prowlarr
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 100.84.65.101:9696
}
# Transmission
download.pez.solutions, download.pez.sh {
tracing {
span transmission
}
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 100.84.65.101:9091
}
# Overseerr
request.pez.solutions, request.pez.sh {
tracing {
span overseerr
}
reverse_proxy 100.84.65.101:5055
}
# Jellyfin Requests
jellyfin-requests.pez.solutions, jellyfin-requests.pez.sh {
tracing {
span jellyfin-requests
}
reverse_proxy 100.84.65.101:5056
}
music.pez.sh {
tracing {
span navidrome
}
reverse_proxy 100.84.65.101:4533
}
## COPENHAGEN-A SERVICES ##
## NUREMBERG-A SERVICES ##
# n8n (own auth)
n8n.pez.sh {
tracing {
span n8n
}
reverse_proxy 100.70.180.24:5678
}
## HELSINKI-A SERVICES ##
# Bitwarden (requires HTTPS tweaking)
https://bitwarden.pez.sh {
tracing {
span bitwarden
}
reverse_proxy localhost:8443 {
transport http {
tls_insecure_skip_verify
}
}
}
# Authelia (requires HTTPS tweaking)
auth.pez.solutions, auth.pez.sh {
tracing {
span authelia
}
reverse_proxy localhost:9091
}
ldap.pez.sh {
tracing {
span lldap
}
reverse_proxy 127.0.0.1:17170
}
# Apps dashboard
apps.pez.solutions, apps.pez.sh {
tracing {
span apps-dashboard
}
root * /srv/apps
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
file_server
}
# Pez.solutions
pez.solutions {
tracing {
span pez-solutions
}
root * /srv/pez.solutions
file_server
}
# Pez.sh
pez.sh {
tracing {
span pez-sh
}
root * /srv/pez.sh
file_server
}
# Pez-signup
signup.pez.solutions {
tracing {
span pez-signup
}
root * /srv/pez-signup
file_server
}
# Naveen
naveen.pez.sh {
tracing {
span naveen
}
root * /srv/naveen
file_server
}
## HELSINKI-A SERVICES ##
# Status page
status.pez.sh {
tracing {
span status
}
root * /srv/status
file_server
}
# Forgejo Git Server (auth handled by Forgejo itself)
git.pez.sh {
tracing {
span forgejo
}
reverse_proxy localhost:3000
}