diff --git a/Caddyfile b/Caddyfile index 0101ff1..d0cd82c 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,15 +1,5 @@ # Components -(private_network_only) { - @ipfilter { - not header X-Forwarded-For {$PRIVATE_NET_IP} - } - - route @ipfilter { - respond "nty. :3" 418 - } -} - (application_logging) { log { level INFO @@ -24,12 +14,16 @@ } (reverse_proxy_host) { - reverse_proxy host.containers.internal:{args[0]} } (application_base) { import application_logging {args[0]} - import reverse_proxy_host {args[1]} + reverse_proxy host.containers.internal:{args[1]} +} + +(internal_base) { + import application_base {args[0]} {args[1]} + tls internal } { @@ -50,13 +44,26 @@ admin :2019 } -# Routes +# Internal routes +# +# Local DNS is expected to set up and map +# these routes. -:53100 { - import private_network_only - import application_base "grafana" 3100 +https://deluge.home.karnov.club { + import internal_base "deluge-web" 8112 } +https://panopticon.home.karnov.club { + import internal_base "grafana" 3100 +} + +https://cr.home.karnov.club { + import internal_base "registry" 5000 +} + +# External routes +# +# Port-based routes face the outside world. :53000 { import application_base "forgejo" 3000 } @@ -65,11 +72,6 @@ import application_base "forgejo-pg-exporter" 3001 } -:55000 { - import private_network_only - import application_base "registry" 5000 -} - :58082 { import application_base "vault-web" 8082 } @@ -77,8 +79,3 @@ :53010 { import application_base "bookstack-web" 3010 } - -:58112 { - import private_network_only - import application_base "deluge-web" 8112 -} diff --git a/service.yml b/service.yml index 9255016..3949964 100644 --- a/service.yml +++ b/service.yml @@ -1,18 +1,12 @@ name: sesame ports: # Reverse proxied ports. - - host: 53100 - container: 53100 - host: 53000 container: 53000 - host: 53001 container: 53001 - - host: 55000 - container: 55000 - host: 53010 container: 53010 - - host: 58112 - container: 58112 - host: 58082 container: 58082 # Caddy admin API