add Caddy docker configuration

add Caddy Dockerfile to build image using xcaddy including cloudflare modules docker-compose.yml file builds image instead of pulling it
2025-01-12 22:47:49 -08:00
parent eb0f41261f
commit 77803655c0
3 changed files with 159 additions and 0 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -0,0 +1,118 @@
+# Global Config
+{
+	email certs@tremendousturtle.tools
+	default_sni tremendousturtle.tools
+	acme_ca https://acme-v02.api.letsencrypt.org/directory
+	admin localhost:2019
+	# debug
+	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
+
+	servers {
+		trusted_proxies cloudflare {
+			interval 12h
+			timeout 15s
+		}
+		client_ip_headers Cf-Connecting-Ip X-Forwarded-For X-Real-IP
+	}
+}
+
+# Global Reusable Blocks
+(tls) {
+	tls {
+		dns cloudflare {
+			zone_token {env.CF_ZONE_TOKEN}
+			api_token {env.CF_API_TOKEN}
+		}
+	}
+}
+(secure) {
+	forward_auth {args[0]} authelia:9091 {
+		uri /api/authz/forward-auth
+		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+	}
+}
+(secure-external) {
+	forward_auth {args[0]} https://auth.tremendousturtle.tools {
+		uri /api/authz/forward-auth
+		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+		header_up Host {upstream_hostport}
+	}
+}
+(ttt-log) {
+	log {
+		output file /logs/{args[0]}.tremendousturtle.tools.log
+	}
+}
+(ttt-proxy) {
+	reverse_proxy {args[0]}:{args[1]} {
+		header_up X-Real-IP {http.request.header.CF-Connecting-IP}
+		header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
+	}
+}
+(ttt-app) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		import secure *
+		import ttt-proxy {args[0]} {args[1]}
+	}
+}
+(ttt-app-alt) {
+	{args[0]}.tremendousturtle.tools {
+		import ttt-log {args[0]}
+		import tls
+		import secure *
+		import ttt-proxy {args[1]} {args[2]}
+	}
+}
+
+# Web Config
+tremendousturtle.tools {
+	import tls
+	respond "I'm Alive!"
+}
+
+auth.tremendousturtle.tools {
+	import tls
+	reverse_proxy 127.0.0.1:9091
+}
+
+authentik.tremendousturtle.tools {
+	import tls
+	reverse_proxy 127.0.0.1:9000
+}
+
+# Define code.tremendousturtle.tools
+import ttt-app code 8020
+
+import ttt-app frigate 8971
+
+import ttt-app pihole 1080
+
+import ttt-app stash 9999
+
+import ttt-app sonarr 8989
+
+import ttt-app radarr 7878
+
+import ttt-app overseerr 5055
+
+import ttt-app prowlarr 9696
+
+import ttt-app openobserve 5080
+
+import ttt-app cockpit 9090
+
+import ttt-app budget 5006
+
+import ttt-app gitea 3000
+
+import ttt-app trilium 8040
+
+import ttt-app notes 8040
+
+import ttt-app-alt pihole1 192.168.1.116 80
+
+import ttt-app homepage 3001
+
+
--- a/caddy/Dockerfile
+++ b/caddy/Dockerfile
@@ -0,0 +1,9 @@
+FROM caddy:2.9.1-builder AS builder
+
+RUN xcaddy build \
+    --with github.com/caddy-dns/cloudflare \
+    --with github.com/WeidiDeng/caddy-cloudflare-ip
+
+FROM caddy:2.9.1
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@@ -0,0 +1,32 @@
+name: caddy
+services:
+  caddy:
+    build: .
+    restart: unless-stopped
+    networks:
+      - proxy-net
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+      - "2019:2019"
+    configs:
+      - source: caddyfile
+        target: /etc/caddy/Caddyfile
+    volumes:
+      - ./data/site:/srv
+      - ./data/logs:/logs
+      - caddy_data:/data
+      - caddy_config:/config
+
+networks:
+  proxy-net:
+    external: true
+
+configs:
+  caddyfile:
+    file: ./Caddyfile
+
+volumes:
+  caddy_data:
+  caddy_config: