# Global Config { email certs@tremendousturtle.tools default_sni tremendousturtle.tools acme_ca https://acme-v02.api.letsencrypt.org/directory admin :2019 # debug # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory servers { trusted_proxies cloudflare { interval 12h timeout 15s } client_ip_headers Cf-Connecting-Ip X-Forwarded-For X-Real-IP } } # Global Reusable Blocks (tls) { tls { dns cloudflare { zone_token {env.CF_ZONE_TOKEN} api_token {env.CF_API_TOKEN} } resolvers 1.1.1.1 1.0.0.1 } } (secure) { forward_auth {args[0]} authelia-app-1:9091 { uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Name Remote-Email } } (secure-external) { forward_auth {args[0]} https://auth.tremendousturtle.tools { uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Name Remote-Email header_up Host {upstream_hostport} } } (ttt-log) { log { output file /logs/{args[0]}.tremendousturtle.tools.log } } (ttt-proxy) { reverse_proxy {args[0]}:{args[1]} { header_up X-Real-IP {http.request.header.CF-Connecting-IP} header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} } } (ttt-app) { {args[0]}.tremendousturtle.tools { import ttt-log {args[0]} import tls import secure * import ttt-proxy {args[0]}-app-1 {args[1]} } } (ttt-app-local) { {args[0]}.tremendousturtle.tools { import ttt-log {args[0]} import tls import secure * import ttt-proxy host.docker.internal {args[1]} } } (ttt-app-alt) { {args[0]}.tremendousturtle.tools { import ttt-log {args[0]} import tls import secure * import ttt-proxy {args[1]} {args[2]} } } (authentik) { {args[0]}.tremendousturtle.tools { import ttt-log {args[0]} import tls reverse_proxy authentik-app-1:9000 { header_up X-Real-IP {http.request.header.CF-Connecting-IP} header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} } } } (redirect) { {args[0]}.tremendousturtle.tools { import tls redir https://{args[1]}.tremendousturtle.tools{uri} } } (authentik-forward) { {args[0]}.tremendousturtle.tools { import ttt-log {args[0]} import tls route { # always forward outpost path to actual outpost reverse_proxy /outpost.goauthentik.io/* http://authentik-app-1:9000 # forward authentication to outpost forward_auth http://authentik-app-1:9000 { uri /outpost.goauthentik.io/auth/caddy # capitalization of the headers is important, otherwise they will be empty copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version # optional, in this config trust all private ranges, should probably be set to the outposts IP trusted_proxies private_ranges } # actual site configuration below, for example reverse_proxy {args[1]}:{args[2]} } } } # Web Config tremendousturtle.tools { import tls respond "I'm Alive!" } auth.tremendousturtle.tools { import tls reverse_proxy authelia-app-1:9091 } authentik.tremendousturtle.tools { import tls reverse_proxy authentik-app-1:9000 } # Define code.tremendousturtle.tools # Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost) #import ttt-app-local code 8020 import ttt-app-local pihole 1080 import ttt-app-local sonarr 8989 import ttt-app-local radarr 7878 import ttt-app-local prowlarr 9696 import ttt-app-local cockpit 9090 # Docker apps with same subdomain as docker compose project name #import ttt-app frigate 8971 import ttt-app overseerr 5055 import ttt-app openobserve 5080 #import ttt-app gitea 3000 #import ttt-app homepage 3000 import ttt-app requestrr 4545 # Alternate configuration (different subdomain and docker compose project name) import ttt-app-alt budget actual-server-app-1 5006 import ttt-app-alt trilium triliumnext-notes-app-1 8080 import ttt-app-alt notes triliumnext-notes-app-1 8080 import ttt-app-alt stash stashapp-app-1 9999 import ttt-app-alt pihole1 192.168.1.116 80 # Authentik Configs import authentik homepage import redirect home homepage import authentik frigate import authentik code import authentik gitea import authentik dozzle