diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..5682fd9 --- /dev/null +++ b/Caddyfile @@ -0,0 +1,128 @@ +{ + acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN} +} + +actual.archfox.org { + reverse_proxy actual:5006 +} + +searxng.archfox.org { + reverse_proxy searxng:8080 +} + +git.archfox.org { + reverse_proxy gitea:3000 +} + +jelly.archfox.org { + reverse_proxy jellyfin:8096 { + header_up +Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/accentlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/base.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/bottombarprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fixes.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/jf_font.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/overlayprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/smallercast.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_floating.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_corner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/glassy.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/pan-animation.css https://ctalvio.github.io/Monochromic/backdrop-hack_style.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/hoverglow.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/scrollfade.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_compactlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_grid.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_border.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_noborder.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent-dashboard.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_minimalistic.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/monochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/kaleidochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/novachromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/light.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/colorful.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark_withaccent.css https://fonts.googleapis.com/css2; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'" + } +} + +vault.archfox.org { + reverse_proxy vaultwarden:80 +} + +aria.archfox.org { + reverse_proxy ariang:8080 +} + +nextcloud.archfox.org { + reverse_proxy 10.0.1.45:11000 +} + +bookstack.archfox.org { + reverse_proxy bookstack:80 +} + +panel.archfox.org { + reverse_proxy tpanel:80 + + php_fastcgi unix//run/php/php8.3-fpm.sock { + root /var/www/pterodactyl/public + index index.php + + env PHP_VALUE "upload_max_filesize = 100M + post_max_size = 100M" + env HTTP_PROXY "" + env HTTPS "on" + + read_timeout 300s + dial_timeout 300s + write_timeout 300s + } + + header Strict-Transport-Security "max-age=16768000; preload;" + header X-Content-Type-Options "nosniff" + header X-XSS-Protection "1; mode=block;" + header X-Robots-Tag "none" + header Content-Security-Policy "frame-ancestors 'self'" + header X-Frame-Options "DENY" + header Referrer-Policy "same-origin" + header Access-Control-Allow-Origin "*" + header Access-Control-Allow-Methods "GET, POST, OPTIONS" + header Access-Control-Allow-Headers "Authorization, Content-Type" + + request_body { + max_size 100m + } + + respond /.ht* 403 +} + +wings.archfox.org { + reverse_proxy twings:443 +} + +omada.archfox.org { + reverse_proxy host.docker.internal:8043 { + transport http { + tls_insecure_skip_verify + } + } +} + +ai.archfox.org { + reverse_proxy open-webui:8080 +} + +p.archfox.org { + reverse_proxy pastefy:80 +} + +archfox.org { + root * /srv + file_server + + @webfinger { + path /.well-known/webfinger + method GET HEAD + query resource=acct:poslop@archfox.org + query resource=mailto:poslop@archfox.org + query resource=https://archfox.org + query resource=https://archfox.org/ + } + rewrite @webfinger /webfinger.json + header @webfinger { + Content-Type "application/jrd+json" + Access-Control-Allow-Origin "*" + X-Robots-Tag "noindex" + } +} + +(global) { + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + + # enable HSTS + Strict-Transport-Security max-age=31536000; + + # keep referrer data off + Referrer-Policy no-referrer + + # prevent for appearing in search engine for private instances (option) + #X-Robots-Tag noindex + } +}