Implement cloudflare tunnel
This commit is contained in:
parent
11b5a0347b
commit
dac15275f4
6 changed files with 191 additions and 68 deletions
|
@ -1,67 +1,177 @@
|
|||
{
|
||||
auto_https off
|
||||
order umami first
|
||||
}
|
||||
|
||||
http://index.korhonen.lan {
|
||||
root * /var/www/index.korhonen.cc
|
||||
file_server browse
|
||||
}
|
||||
korhonen.cc, *.korhonen.cc {
|
||||
encode zstd gzip
|
||||
|
||||
http://home.korhonen.lan {
|
||||
reverse_proxy home-assistant:8123
|
||||
}
|
||||
|
||||
http://sso.korhonen.lan, http://sso.korhonen.cc {
|
||||
reverse_proxy authentik:9000
|
||||
}
|
||||
|
||||
http://git.korhonen.lan {
|
||||
rewrite /user/login /user/oauth2/authentik
|
||||
reverse_proxy forgejo:3000
|
||||
}
|
||||
|
||||
http://search.korhonen.lan {
|
||||
reverse_proxy searx:8080
|
||||
}
|
||||
|
||||
http://jellyfin.korhonen.lan {
|
||||
reverse_proxy jellyfin:8096
|
||||
}
|
||||
|
||||
http://cloud.korhonen.lan {
|
||||
# Redirect login page to Authentik
|
||||
redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
|
||||
|
||||
# .htaccess / data / config / ... shouldn't be accessible from outside
|
||||
@forbidden {
|
||||
path /.htaccess
|
||||
path /data/*
|
||||
path /config/*
|
||||
path /db_structure
|
||||
path /.xml
|
||||
path /README
|
||||
path /3rdparty/*
|
||||
path /lib/*
|
||||
path /templates/*
|
||||
path /occ
|
||||
path /console.php
|
||||
}
|
||||
handle @forbidden {
|
||||
respond 404
|
||||
tls {
|
||||
dns cloudflare {$CF_API_TOKEN}
|
||||
resolvers 1.1.1.1
|
||||
}
|
||||
|
||||
redir /.well-known/carddav /remote.php/dav 301
|
||||
redir /.well-known/caldav /remote.php/dav 301
|
||||
|
||||
root * /var/www/nextcloud
|
||||
php_fastcgi nextcloud:9000 {
|
||||
root /var/www/html
|
||||
# Tells nextcloud to remove /index.php from URLs in links
|
||||
env front_controller_active true
|
||||
header {
|
||||
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
||||
}
|
||||
file_server
|
||||
}
|
||||
|
||||
http://collabora.korhonen.lan {
|
||||
reverse_proxy collabora:9980
|
||||
@static {
|
||||
file
|
||||
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest
|
||||
}
|
||||
|
||||
@homepage-www-redir host www.korhonen.cc
|
||||
handle @homepage-www-redir {
|
||||
redir https://korhonen.cc
|
||||
}
|
||||
|
||||
@homepage host korhonen.cc
|
||||
handle @homepage {
|
||||
# Redirect finnish WIP
|
||||
# @redirFinnish {
|
||||
# header Accept-Language *fi-FI*
|
||||
# not path *.js *.css *.png *.jpg *.jpeg *.svg
|
||||
# not path /en* /fi*
|
||||
# }
|
||||
# redir @redirFinnish /fi{uri}
|
||||
#
|
||||
# uri strip_prefix /en
|
||||
|
||||
header @static Cache-Control max-age=5184000
|
||||
root * /var/www/korhonen.cc
|
||||
file_server
|
||||
}
|
||||
|
||||
@wkd host openpgpkey.korhonen.cc
|
||||
handle @wkd {
|
||||
root * /var/www/wkd
|
||||
file_server browse
|
||||
header Access-Control-Allow-Origin "*"
|
||||
}
|
||||
|
||||
@index host index.korhonen.cc
|
||||
handle @index {
|
||||
umami {
|
||||
event_endpoint "https://umami.korhonen.cc/api/send"
|
||||
website_uuid "9fe4f5c0-8e63-4479-a58d-d399cdbc0a3a"
|
||||
client_ip_header X-Real-IP
|
||||
device_detection
|
||||
allowed_extensions "" .tar.zst .json .html
|
||||
}
|
||||
root * /var/www/index.korhonen.cc
|
||||
file_server browse
|
||||
}
|
||||
|
||||
@home-assistant host home.korhonen.cc
|
||||
handle @home-assistant {
|
||||
reverse_proxy home-assistant:8123
|
||||
}
|
||||
|
||||
@authentik host sso.korhonen.cc
|
||||
handle @authentik {
|
||||
reverse_proxy authentik:9000
|
||||
}
|
||||
|
||||
@forgejo host git.korhonen.cc
|
||||
handle @forgejo {
|
||||
rewrite /user/login /user/oauth2/authentik
|
||||
reverse_proxy forgejo:3000
|
||||
}
|
||||
|
||||
@woodpecker host ci.korhonen.cc
|
||||
handle @woodpecker {
|
||||
reverse_proxy woodpecker:8000
|
||||
}
|
||||
|
||||
@searx host search.korhonen.cc
|
||||
handle @searx {
|
||||
reverse_proxy searx:8080
|
||||
}
|
||||
|
||||
@freshrss host rss.korhonen.cc
|
||||
handle @freshrss {
|
||||
reverse_proxy freshrss
|
||||
}
|
||||
|
||||
@jellyfin host jellyfin.korhonen.cc
|
||||
handle @jellyfin {
|
||||
reverse_proxy jellyfin:8096
|
||||
}
|
||||
|
||||
@pihole host pihole.korhonen.cc
|
||||
handle @pihole {
|
||||
reverse_proxy pihole
|
||||
}
|
||||
|
||||
@umami host umami.korhonen.cc
|
||||
handle @umami {
|
||||
reverse_proxy umami:3000
|
||||
}
|
||||
|
||||
@nextcloud host cloud.korhonen.cc
|
||||
handle @nextcloud {
|
||||
# Redirect login page to Authentik
|
||||
redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
|
||||
|
||||
# .htaccess / data / config / ... shouldn't be accessible from outside
|
||||
@forbidden {
|
||||
path /.htaccess
|
||||
path /data/*
|
||||
path /config/*
|
||||
path /db_structure
|
||||
path /.xml
|
||||
path /README
|
||||
path /3rdparty/*
|
||||
path /lib/*
|
||||
path /templates/*
|
||||
path /occ
|
||||
path /console.php
|
||||
}
|
||||
handle @forbidden {
|
||||
respond 404
|
||||
}
|
||||
|
||||
redir /.well-known/carddav /remote.php/dav 301
|
||||
redir /.well-known/caldav /remote.php/dav 301
|
||||
|
||||
root * /var/www/nextcloud
|
||||
php_fastcgi nextcloud:9000 {
|
||||
root /var/www/html
|
||||
# Tells nextcloud to remove /index.php from URLs in links
|
||||
env front_controller_active true
|
||||
}
|
||||
file_server
|
||||
}
|
||||
|
||||
@collabora host collabora.korhonen.cc
|
||||
handle @collabora {
|
||||
reverse_proxy collabora:9980
|
||||
}
|
||||
|
||||
@drop host drop.korhonen.cc
|
||||
handle @drop {
|
||||
reverse_proxy drop:3000
|
||||
}
|
||||
|
||||
@ipvX host ipv6.korhonen.cc ipv4.korhonen.cc
|
||||
handle @ipvX {
|
||||
respond {remote_host}
|
||||
}
|
||||
|
||||
handle {
|
||||
respond "404 Not Found" 404
|
||||
}
|
||||
|
||||
handle_errors {
|
||||
@homepage_404 {
|
||||
expression {http.error.status_code} == 404
|
||||
host korhonen.cc
|
||||
}
|
||||
handle @homepage_404 {
|
||||
root * /var/www/korhonen.cc
|
||||
rewrite * /404.html
|
||||
file_server
|
||||
}
|
||||
|
||||
respond "{err.status_code} {err.status_text}"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
# My old public configuration.
|
||||
# Currently don't have a public IP so running everything in LAN
|
||||
# in the current configuration
|
||||
|
||||
{
|
||||
order umami first
|
||||
}
|
||||
|
|
|
@ -14,6 +14,7 @@ services:
|
|||
- 80:80
|
||||
- 443:443/tcp
|
||||
- 443:443/udp
|
||||
- 127.0.0.1:2019:2019
|
||||
networks:
|
||||
- proxy
|
||||
volumes:
|
||||
|
@ -24,10 +25,8 @@ services:
|
|||
- korhonen_cc:/var/www/korhonen.cc
|
||||
- nextcloud_config:/var/www/nextcloud
|
||||
- /var/www/index.korhonen.cc:/var/www/index.korhonen.cc
|
||||
environment:
|
||||
- CLOUDFLARE_EMAIL
|
||||
- CLOUDFLARE_API_TOKEN
|
||||
- ACME_AGREE=true
|
||||
env_file:
|
||||
- .env
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
networks:
|
||||
|
|
19
docker/cloudflared/docker-compose.yaml
Normal file
19
docker/cloudflared/docker-compose.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
services:
|
||||
cloudflared:
|
||||
image: cloudflare/cloudflared
|
||||
container_name: cloudflared
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- proxy
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
entrypoint:
|
||||
command: tunnel --no-autoupdate run
|
||||
env_file:
|
||||
- .env
|
||||
extra_hosts:
|
||||
- 'host.docker.internal:host-gateway'
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
|
@ -6,7 +6,6 @@ services:
|
|||
image: git.korhonen.cc/functionalhacker/forgejo-asciidoc
|
||||
container_name: forgejo
|
||||
environment:
|
||||
- TZ=Europe/Helsinki
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
restart: unless-stopped
|
||||
|
|
|
@ -30,5 +30,5 @@ Include = /etc/pacman.d/mirrorlist
|
|||
Server = file:///var/www/index.korhonen.cc/repo/arch_linux/$repo/$arch
|
||||
{%@@ else @@%}
|
||||
Include = /etc/pacman.d/pacserve
|
||||
Server = http://index.korhonen.lan/repo/arch_linux/$repo/$arch
|
||||
Server = http://index.korhonen.cc/repo/arch_linux/$repo/$arch
|
||||
{%@@ endif @@%}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue