From 77803655c04ece48db88c2276b1a69b85e2fa324 Mon Sep 17 00:00:00 2001 From: Chris King Date: Sun, 12 Jan 2025 22:47:49 -0800 Subject: [PATCH] add Caddy docker configuration add Caddy Dockerfile to build image using xcaddy including cloudflare modules docker-compose.yml file builds image instead of pulling it --- caddy/Caddyfile | 118 +++++++++++++++++++++++++++++++++++++++ caddy/Dockerfile | 9 +++ caddy/docker-compose.yml | 32 +++++++++++ 3 files changed, 159 insertions(+) create mode 100644 caddy/Caddyfile create mode 100644 caddy/Dockerfile create mode 100644 caddy/docker-compose.yml diff --git a/caddy/Caddyfile b/caddy/Caddyfile new file mode 100644 index 0000000..4e6ce07 --- /dev/null +++ b/caddy/Caddyfile @@ -0,0 +1,118 @@ +# Global Config +{ + email certs@tremendousturtle.tools + default_sni tremendousturtle.tools + acme_ca https://acme-v02.api.letsencrypt.org/directory + admin localhost:2019 + # debug + # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory + + servers { + trusted_proxies cloudflare { + interval 12h + timeout 15s + } + client_ip_headers Cf-Connecting-Ip X-Forwarded-For X-Real-IP + } +} + +# Global Reusable Blocks +(tls) { + tls { + dns cloudflare { + zone_token {env.CF_ZONE_TOKEN} + api_token {env.CF_API_TOKEN} + } + } +} +(secure) { + forward_auth {args[0]} authelia:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } +} +(secure-external) { + forward_auth {args[0]} https://auth.tremendousturtle.tools { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + header_up Host {upstream_hostport} + } +} +(ttt-log) { + log { + output file /logs/{args[0]}.tremendousturtle.tools.log + } +} +(ttt-proxy) { + reverse_proxy {args[0]}:{args[1]} { + header_up X-Real-IP {http.request.header.CF-Connecting-IP} + header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} + } +} +(ttt-app) { + {args[0]}.tremendousturtle.tools { + import ttt-log {args[0]} + import tls + import secure * + import ttt-proxy {args[0]} {args[1]} + } +} +(ttt-app-alt) { + {args[0]}.tremendousturtle.tools { + import ttt-log {args[0]} + import tls + import secure * + import ttt-proxy {args[1]} {args[2]} + } +} + +# Web Config +tremendousturtle.tools { + import tls + respond "I'm Alive!" +} + +auth.tremendousturtle.tools { + import tls + reverse_proxy 127.0.0.1:9091 +} + +authentik.tremendousturtle.tools { + import tls + reverse_proxy 127.0.0.1:9000 +} + +# Define code.tremendousturtle.tools +import ttt-app code 8020 + +import ttt-app frigate 8971 + +import ttt-app pihole 1080 + +import ttt-app stash 9999 + +import ttt-app sonarr 8989 + +import ttt-app radarr 7878 + +import ttt-app overseerr 5055 + +import ttt-app prowlarr 9696 + +import ttt-app openobserve 5080 + +import ttt-app cockpit 9090 + +import ttt-app budget 5006 + +import ttt-app gitea 3000 + +import ttt-app trilium 8040 + +import ttt-app notes 8040 + +import ttt-app-alt pihole1 192.168.1.116 80 + +import ttt-app homepage 3001 + + diff --git a/caddy/Dockerfile b/caddy/Dockerfile new file mode 100644 index 0000000..e957532 --- /dev/null +++ b/caddy/Dockerfile @@ -0,0 +1,9 @@ +FROM caddy:2.9.1-builder AS builder + +RUN xcaddy build \ + --with github.com/caddy-dns/cloudflare \ + --with github.com/WeidiDeng/caddy-cloudflare-ip + +FROM caddy:2.9.1 + +COPY --from=builder /usr/bin/caddy /usr/bin/caddy \ No newline at end of file diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml new file mode 100644 index 0000000..26c7c16 --- /dev/null +++ b/caddy/docker-compose.yml @@ -0,0 +1,32 @@ +name: caddy +services: + caddy: + build: . + restart: unless-stopped + networks: + - proxy-net + ports: + - "80:80" + - "443:443" + - "443:443/udp" + - "2019:2019" + configs: + - source: caddyfile + target: /etc/caddy/Caddyfile + volumes: + - ./data/site:/srv + - ./data/logs:/logs + - caddy_data:/data + - caddy_config:/config + +networks: + proxy-net: + external: true + +configs: + caddyfile: + file: ./Caddyfile + +volumes: + caddy_data: + caddy_config: \ No newline at end of file