MerceMay

caddy/Caddyfile.internal

2.8 KB · 128 lines · · c0e4b31
# caddy/Caddyfile.internal
# Internal .home.arpa reverse proxy. TLS comes from the internal CA
# (caddy/tls/internal-ca/ca.conf). Clients on the LAN have that CA in
# their trust store.
#
# Docs: mercemay.top/src/homelab-compose/
{
    admin :2019
    servers {
        metrics
    }
    storage file_system /data/caddy
    pki {
        ca local {
            name "homelab internal"
        }
    }
    log default {
        output file /var/log/caddy/access.log {
            roll_size 50mb
            roll_keep 10
        }
        format json
        level info
    }
}

# ---- shared snippet imports (see snippets/ dir) ----
(common_headers) {
    import snippets/security/hsts.snippet
    import snippets/security/frame-options.snippet
    import snippets/security/csp.snippet
}

(common_log) {
    import snippets/logging/json.snippet
}

(authelia_protect) {
    import snippets/auth/authelia-forward.snippet
}

# ---- services ----

auth.home.arpa {
    tls internal
    reverse_proxy authelia:9091
    import common_headers
    import common_log
}

jellyfin.home.arpa {
    tls internal
    import common_headers
    import common_log
    import authelia_protect
    reverse_proxy jellyfin:8096 {
        header_up X-Real-IP {remote_host}
        flush_interval -1
    }
}

grafana.home.arpa {
    tls internal
    import common_headers
    import common_log
    import authelia_protect
    reverse_proxy grafana:3000
}

prometheus.home.arpa {
    tls internal
    import common_headers
    import common_log
    import authelia_protect
    reverse_proxy prometheus:9090
}

gitea.home.arpa {
    tls internal
    import common_headers
    import common_log
    import authelia_protect
    reverse_proxy gitea:3000
}

sonarr.home.arpa, radarr.home.arpa, prowlarr.home.arpa, bazarr.home.arpa {
    tls internal
    import common_headers
    import common_log
    import authelia_protect
    @upstream {
        host sonarr.home.arpa
    }
    handle @upstream {
        reverse_proxy sonarr:8989
    }
    @radarr {
        host radarr.home.arpa
    }
    handle @radarr {
        reverse_proxy radarr:7878
    }
    @prowlarr {
        host prowlarr.home.arpa
    }
    handle @prowlarr {
        reverse_proxy prowlarr:9696
    }
    @bazarr {
        host bazarr.home.arpa
    }
    handle @bazarr {
        reverse_proxy bazarr:6767
    }
}

qbt.home.arpa {
    tls internal
    import common_headers
    import common_log
    import authelia_protect
    reverse_proxy host.docker.internal:8080
}