finn/site
2
1
Fork 1
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Switch to Caddy

Browse Source
This commit is contained in:
finn
2026-04-12 18:09:30 -07:00
parent 345d66b5c9
commit fa73ccbc90
6 changed files with 62 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
proxy/Caddyfile Normal file
View File

@@ -0,0 +1,52 @@
# Global options
{
# Disable auto HTTPS since we're using existing certificates
auto_https off
}
# HTTP to HTTPS redirect
:80 {
redir https://{host}{uri} permanent
}
# Main domain - oily.dad and www.oily.dad
oily.dad, www.oily.dad {
# Root directory (not strictly needed for reverse proxy)
root * /var/www/html
# Use existing SSL certificates
tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
# Onion-Location header
header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion{path}
# Reverse proxy to backend
reverse_proxy http://backend:8000 {
# Preserve original host header
header_up Host {host}
header_up X-Real-IP {remote}
# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
}
}
# Subdomain for Gitea - gut.oily.dad
gut.oily.dad {
# Root directory (not strictly needed for reverse proxy)
root * /var/www/html
# Use existing SSL certificates
tls /etc/letsencrypt/live/oily.dad/fullchain.pem /etc/letsencrypt/live/oily.dad/privkey.pem
# Reverse proxy to Gitea
reverse_proxy http://gitea:3000 {
# WebSocket support for Gitea
header_up Connection {>Connection}
header_up Upgrade {>Upgrade}
# Preserve original headers
header_up Host {host}
header_up X-Real-IP {remote}
# X-Forwarded-For and X-Forwarded-Proto are set automatically by Caddy
}
}

12
proxy/Dockerfile
View File

@@ -1,2 +1,10 @@
FROM nginx:alpine
COPY conf /etc/nginx/conf.d/default.conf
FROM caddy:alpine
# Copy Caddyfile configuration
COPY Caddyfile /etc/caddy/Caddyfile
# Create directory for www root
RUN mkdir -p /var/www/html
# Caddy runs as non-root user by default
# Ports 80 and 443 are exposed by the base image

12
proxy/baseconf
View File

@@ -1,12 +0,0 @@
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend:8000;
}
location /gutty{
proxy_pass http://gitea:3000;
}
}

53
proxy/conf
View File

@@ -1,53 +0,0 @@
#server {
# listen 80;
# server_name localhost;
# location / {
# proxy_pass http://backend:8000;
# }
# always redirect to https
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name oily.dad www.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;
location / {
proxy_pass http://backend:8000/;
}
}
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name gut.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
location / {
client_max_body_size 512M;
#proxy_pass http://localhost:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitea:3000/;
}
}

17
proxy/giteaconf
View File

@@ -1,17 +0,0 @@
server {
listen 80;
server_name localhost;
location / {
client_max_body_size 512M;
#proxy_pass http://localhost:3000;
proxy_pass http://gitea:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

53
proxy/sslconf
View File

@@ -1,53 +0,0 @@
#server {
# listen 80;
# server_name localhost;
# location / {
# proxy_pass http://backend:8000;
# }
# always redirect to https
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name oily.dad www.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;
location / {
proxy_pass http://backend:8000/;
}
}
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name gut.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
location / {
client_max_body_size 512M;
#proxy_pass http://localhost:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitea:3000/;
}
}