commit 24620c7b8883e2e6e48faaf7f130a7fbd0135692 Author: julien Date: Tue Jan 14 17:48:50 2025 +0100 first commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57d9655 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +volumes/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..ddd1742 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# caddy + +Make sur to use plain `tabs` into the Caddyfiles and one empty line at the end. diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..196b401 --- /dev/null +++ b/compose.yml @@ -0,0 +1,20 @@ +services: + caddy: + image: caddy:latest + container_name: caddy + network_mode: "host" + restart: unless-stopped + ports: + - "80:80" + - "443:443" + - "443:443/udp" + volumes: + - ./volumes/data:/data + - ./volumes/config:/config + - ./conf/Caddyfile:/etc/caddy/Caddyfile + - ./conf/files.caddy:/etc/caddy/files.caddy + - ./conf/mails.caddy:/etc/caddy/mails.caddy + - ./conf/services.caddy:/etc/caddy/services.caddy + - ./conf/websites.caddy:/etc/caddy/websites.caddy + # Static files + - /srv/dwalin/chimera.netig.net/public:/srv/dwalin/chimera.netig.net/public:ro diff --git a/conf/Caddyfile b/conf/Caddyfile new file mode 100644 index 0000000..a7809bc --- /dev/null +++ b/conf/Caddyfile @@ -0,0 +1,4 @@ +import files.caddy +import mails.caddy +import services.caddy +import websites.caddy diff --git a/conf/files.caddy b/conf/files.caddy new file mode 100644 index 0000000..fd3ddb3 --- /dev/null +++ b/conf/files.caddy @@ -0,0 +1,4 @@ +https://chimera.netig.net { + root * /srv/dwalin/chimera.netig.net/public + file_server browse +} diff --git a/conf/mails.caddy b/conf/mails.caddy new file mode 100644 index 0000000..0c240a0 --- /dev/null +++ b/conf/mails.caddy @@ -0,0 +1,11 @@ +mail.netig.net { + respond "Mail domain only" +} + +mail.lachaussettedebrasparts.fr { + respond "Mail domain only" +} + +mail.lachaussettedelocquirec.fr { + respond "Mail domain only" +} diff --git a/conf/services.caddy b/conf/services.caddy new file mode 100644 index 0000000..e9ec755 --- /dev/null +++ b/conf/services.caddy @@ -0,0 +1,59 @@ +https://git.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9000 +} + +https://webmail.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9001 +} + +https://cloud.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9002 +} + +https://collabora.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9003 +} + +https://calc.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9004 +} + +https://pad.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9005 +} + +https://drop.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9006 +} + +https://p2e.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9007 +} + +https://list.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9008 +} + +https://status.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9009 +} + +https://info-marche-quimper.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9010 +} + +https://doli.netig.net { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:9011 +} diff --git a/conf/websites.caddy b/conf/websites.caddy new file mode 100644 index 0000000..7e6caf5 --- /dev/null +++ b/conf/websites.caddy @@ -0,0 +1,25 @@ +https://netig.net { + # enable HSTS + header Strict-Transport-Security max-age=31536000; + # disable clients from sniffing the media type + header X-Content-Type-Options nosniff + # clickjacking protection + header X-Frame-Options DENY + + reverse_proxy localhost:8000 +} + +https://taal-academie.arree.bzh { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:8001 +} + +https://lachaussettedebrasparts.fr { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:8002 +} + +https://www.lachaussettedelocquirec.fr { + header Strict-Transport-Security max-age=31536000; + reverse_proxy localhost:8003 +}