Convert server to LAN only mode

2025-04-07 15:28:38 -05:00 · 2025-04-07 15:28:38 -05:00 · 9e251961c9
commit 9e251961c9
parent d95766012d
5 changed files with 257 additions and 204 deletions
--- a/docker/authentik/docker-compose.yaml
+++ b/docker/authentik/docker-compose.yaml
@ -66,16 +66,6 @@ services:
    environment:
      GEOIPUPDATE_EDITION_IDS: GeoLite2-City
      GEOIPUPDATE_FREQUENCY: '8'
-  whoami-test:
-    image: traefik/whoami
-    container_name: whoami-test
-    restart: unless-stopped
-    security_opt:
-      - no-new-privileges:true
-    networks:
-      - proxy
-    environment:
-      - TZ
 networks:
  authentik:
    external: true
--- a/docker/caddy/Caddyfile
+++ b/docker/caddy/Caddyfile
@ -1,196 +1,67 @@
 {
-	order umami first
+	auto_https off
 }

-(common_site_settings) {
-	encode zstd gzip
-
-	tls {
-		dns cloudflare {$CLOUDFLARE_API_TOKEN}
-		resolvers 1.1.1.1
-	}
-
-	header {
-		Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-	}
+http://index.korhonen.lan {
+	root * /var/www/index.korhonen.cc
+	file_server browse
 }

-korhonen.cc, *.korhonen.cc {
-	import common_site_settings
-
-	@static {
-		file
-		path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest
-	}
-
-	@homepage-www-redir host www.korhonen.cc
-	handle @homepage-www-redir {
-		redir https://korhonen.cc
-	}
-
-	@homepage host korhonen.cc
-	handle @homepage {
-		# Redirect finnish WIP
-		# @redirFinnish {
-		#     header Accept-Language *fi-FI*
-		#     not path *.js *.css *.png *.jpg *.jpeg *.svg
-		#     not path /en* /fi*
-		#   }
-		#   redir @redirFinnish /fi{uri}
-		#
-		#   uri strip_prefix /en
-
-		header @static Cache-Control max-age=5184000
-		root * /var/www/korhonen.cc
-		file_server
-	}
-
-	@wkd host openpgpkey.korhonen.cc
-	handle @wkd {
-		root * /var/www/wkd
-		file_server browse
-		header Access-Control-Allow-Origin "*"
-	}
-
-	@index host index.korhonen.cc
-	handle @index {
-		umami {
-			event_endpoint "https://umami.korhonen.cc/api/send"
-			website_uuid "9fe4f5c0-8e63-4479-a58d-d399cdbc0a3a"
-			client_ip_header X-Real-IP
-			device_detection
-			allowed_extensions "" .tar.zst .json .html
-		}
-		root * /var/www/index.korhonen.cc
-		file_server browse
-	}
-
-	@home-assistant host home.korhonen.cc
-	handle @home-assistant {
-		reverse_proxy home-assistant:8123
-	}
-
-	@authentik host sso.korhonen.cc
-	handle @authentik {
-		reverse_proxy authentik:9000
-	}
-
-	@forgejo host git.korhonen.cc
-	handle @forgejo {
-		rewrite /user/login /user/oauth2/authentik
-		reverse_proxy forgejo:3000
-	}
-
-	@woodpecker host ci.korhonen.cc
-	handle @woodpecker {
-		reverse_proxy woodpecker:8000
-	}
-
-	@searx host search.korhonen.cc
-	handle @searx {
-		reverse_proxy searx:8080
-	}
-
-	@freshrss host rss.korhonen.cc
-	handle @freshrss {
-		reverse_proxy freshrss
-	}
-
-	@jellyfin host jellyfin.korhonen.cc
-	handle @jellyfin {
-		reverse_proxy jellyfin:8096
-	}
-
-	@pihole host pihole.korhonen.cc
-	handle @pihole {
-		reverse_proxy pihole
-	}
-
-	@umami host umami.korhonen.cc
-	handle @umami {
-		reverse_proxy umami:3000
-	}
-
-	@nextcloud host cloud.korhonen.cc
-	handle @nextcloud {
-		# Redirect login page to Authentik
-		redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
-
-		# .htaccess / data / config / ... shouldn't be accessible from outside
-		@forbidden {
-			path /.htaccess
-			path /data/*
-			path /config/*
-			path /db_structure
-			path /.xml
-			path /README
-			path /3rdparty/*
-			path /lib/*
-			path /templates/*
-			path /occ
-			path /console.php
-		}
-		handle @forbidden {
-			respond 404
-		}
-
-		redir /.well-known/carddav /remote.php/dav 301
-		redir /.well-known/caldav /remote.php/dav 301
-
-		root * /var/www/nextcloud
-		php_fastcgi nextcloud:9000 {
-			root /var/www/html
-			# Tells nextcloud to remove /index.php from URLs in links
-			env front_controller_active true
-		}
-		file_server
-	}
-
-	@tvheadend host tvheadend.korhonen.cc
-	handle @tvheadend {
-		reverse_proxy tvheadend:9981
-	}
-
-	@collabora host collabora.korhonen.cc
-	handle @collabora {
-		reverse_proxy collabora:9980
-	}
-
-	@grafana host grafana.korhonen.cc
-	handle @grafana {
-		reverse_proxy grafana:3000
-	}
-
-	@drop host drop.korhonen.cc
-	handle @drop {
-		reverse_proxy drop:3000
-	}
-
-	@ipvX host ipv6.korhonen.cc ipv4.korhonen.cc
-	handle @ipvX {
-		respond {remote_host}
-	}
-
-	@ott host ott.korhonen.cc
-	handle @ott {
-		reverse_proxy opentogethertube:8080
-	}
-
-	handle {
-		respond "404 Not Found" 404
-	}
-
-	handle_errors {
-		@homepage_404 {
-			expression {http.error.status_code} == 404
-			host korhonen.cc
-		}
-		handle @homepage_404 {
-			root * /var/www/korhonen.cc
-			rewrite * /404.html
-			file_server
-		}
-
-		respond "{err.status_code} {err.status_text}"
-	}
+http://home.korhonen.lan {
+	reverse_proxy home-assistant:8123
+}
+
+http://sso.korhonen.lan, http://sso.korhonen.cc {
+	reverse_proxy authentik:9000
+}
+
+http://git.korhonen.lan {
+	rewrite /user/login /user/oauth2/authentik
+	reverse_proxy forgejo:3000
+}
+
+http://search.korhonen.lan {
+	reverse_proxy searx:8080
+}
+
+http://jellyfin.korhonen.lan {
+	reverse_proxy jellyfin:8096
+}
+
+http://cloud.korhonen.lan {
+	# Redirect login page to Authentik
+	redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
+
+	# .htaccess / data / config / ... shouldn't be accessible from outside
+	@forbidden {
+		path /.htaccess
+		path /data/*
+		path /config/*
+		path /db_structure
+		path /.xml
+		path /README
+		path /3rdparty/*
+		path /lib/*
+		path /templates/*
+		path /occ
+		path /console.php
+	}
+	handle @forbidden {
+		respond 404
+	}
+
+	redir /.well-known/carddav /remote.php/dav 301
+	redir /.well-known/caldav /remote.php/dav 301
+
+	root * /var/www/nextcloud
+	php_fastcgi nextcloud:9000 {
+		root /var/www/html
+		# Tells nextcloud to remove /index.php from URLs in links
+		env front_controller_active true
+	}
+	file_server
+}
+
+http://collabora.korhonen.lan {
+	reverse_proxy collabora:9980
 }
--- a/docker/caddy/Caddyfile.old
+++ b/docker/caddy/Caddyfile.old
@ -0,0 +1,195 @@
+# My old public configuration.
+# Currently don't have a public IP so running everything in LAN
+# in the current configuration
+
+{
+	order umami first
+}
+
+(common_site_settings) {
+	encode zstd gzip
+
+	tls {
+		dns cloudflare {$CLOUDFLARE_API_TOKEN}
+		resolvers 1.1.1.1
+	}
+
+	header {
+		Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+	}
+}
+
+korhonen.cc, *.korhonen.cc {
+	import common_site_settings
+
+	@static {
+		file
+		path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest
+	}
+
+	@homepage-www-redir host www.korhonen.cc
+	handle @homepage-www-redir {
+		redir https://korhonen.cc
+	}
+
+	@homepage host korhonen.cc
+	handle @homepage {
+		# Redirect finnish WIP
+		# @redirFinnish {
+		#     header Accept-Language *fi-FI*
+		#     not path *.js *.css *.png *.jpg *.jpeg *.svg
+		#     not path /en* /fi*
+		#   }
+		#   redir @redirFinnish /fi{uri}
+		#
+		#   uri strip_prefix /en
+
+		header @static Cache-Control max-age=5184000
+		root * /var/www/korhonen.cc
+		file_server
+	}
+
+	@wkd host openpgpkey.korhonen.cc
+	handle @wkd {
+		root * /var/www/wkd
+		file_server browse
+		header Access-Control-Allow-Origin "*"
+	}
+
+	@index host index.korhonen.cc
+	handle @index {
+		umami {
+			event_endpoint "https://umami.korhonen.cc/api/send"
+			website_uuid "9fe4f5c0-8e63-4479-a58d-d399cdbc0a3a"
+			client_ip_header X-Real-IP
+			device_detection
+			allowed_extensions "" .tar.zst .json .html
+		}
+		root * /var/www/index.korhonen.cc
+		file_server browse
+	}
+
+	@home-assistant host home.korhonen.cc
+	handle @home-assistant {
+		reverse_proxy home-assistant:8123
+	}
+
+	@authentik host sso.korhonen.cc
+	handle @authentik {
+		reverse_proxy authentik:9000
+	}
+
+	@forgejo host git.korhonen.cc
+	handle @forgejo {
+		rewrite /user/login /user/oauth2/authentik
+		reverse_proxy forgejo:3000
+	}
+
+	@woodpecker host ci.korhonen.cc
+	handle @woodpecker {
+		reverse_proxy woodpecker:8000
+	}
+
+	@searx host search.korhonen.cc
+	handle @searx {
+		reverse_proxy searx:8080
+	}
+
+	@freshrss host rss.korhonen.cc
+	handle @freshrss {
+		reverse_proxy freshrss
+	}
+
+	@jellyfin host jellyfin.korhonen.cc
+	handle @jellyfin {
+		reverse_proxy jellyfin:8096
+	}
+
+	@pihole host pihole.korhonen.cc
+	handle @pihole {
+		reverse_proxy pihole
+	}
+
+	@umami host umami.korhonen.cc
+	handle @umami {
+		reverse_proxy umami:3000
+	}
+
+	@nextcloud host cloud.korhonen.cc
+	handle @nextcloud {
+		# Redirect login page to Authentik
+		redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
+
+		# .htaccess / data / config / ... shouldn't be accessible from outside
+		@forbidden {
+			path /.htaccess
+			path /data/*
+			path /config/*
+			path /db_structure
+			path /.xml
+			path /README
+			path /3rdparty/*
+			path /lib/*
+			path /templates/*
+			path /occ
+			path /console.php
+		}
+		handle @forbidden {
+			respond 404
+		}
+
+		redir /.well-known/carddav /remote.php/dav 301
+		redir /.well-known/caldav /remote.php/dav 301
+
+		root * /var/www/nextcloud
+		php_fastcgi nextcloud:9000 {
+			root /var/www/html
+			# Tells nextcloud to remove /index.php from URLs in links
+			env front_controller_active true
+		}
+		file_server
+	}
+
+	@tvheadend host tvheadend.korhonen.cc
+	handle @tvheadend {
+		reverse_proxy tvheadend:9981
+	}
+
+	@collabora host collabora.korhonen.cc
+	handle @collabora {
+		reverse_proxy collabora:9980
+	}
+
+	@drop host drop.korhonen.cc
+	handle @drop {
+		reverse_proxy drop:3000
+	}
+
+	@ipvX host ipv6.korhonen.cc ipv4.korhonen.cc
+	handle @ipvX {
+		respond {remote_host}
+	}
+
+	@ott host ott.korhonen.cc
+	handle @ott {
+		reverse_proxy opentogethertube:8080
+	}
+
+	handle {
+		respond "404 Not Found" 404
+	}
+
+	handle_errors {
+		@homepage_404 {
+			expression {http.error.status_code} == 404
+			host korhonen.cc
+		}
+		handle @homepage_404 {
+			root * /var/www/korhonen.cc
+			rewrite * /404.html
+			file_server
+		}
+
+		respond "{err.status_code} {err.status_text}"
+	}
+}
--- a/docker/homeautomation/docker-compose.yaml
+++ b/docker/homeautomation/docker-compose.yaml
@ -11,8 +11,6 @@ services:
    restart: unless-stopped
    environment:
      - TZ=Europe/Helsinki
-    devices:
-      - /dev/ttyACM0
    volumes:
      - hass:/config
      - /etc/localtime:/etc/localtime:ro