Implement cloudflare tunnel

docker/caddy/Caddyfile

@@ -1,34 +1,114 @@
 {
-	auto_https off
+	order umami first
 }
 
-http://index.korhonen.lan {
+korhonen.cc, *.korhonen.cc {
+	encode zstd gzip
+
+	tls {
+		dns cloudflare {$CF_API_TOKEN}
+		resolvers 1.1.1.1
+	}
+
+	header {
+		Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+	}
+
+	@static {
+		file
+		path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest
+	}
+
+	@homepage-www-redir host www.korhonen.cc
+	handle @homepage-www-redir {
+		redir https://korhonen.cc
+	}
+
+	@homepage host korhonen.cc
+	handle @homepage {
+		# Redirect finnish WIP
+		# @redirFinnish {
+		#     header Accept-Language *fi-FI*
+		#     not path *.js *.css *.png *.jpg *.jpeg *.svg
+		#     not path /en* /fi*
+		#   }
+		#   redir @redirFinnish /fi{uri}
+		#
+		#   uri strip_prefix /en
+
+		header @static Cache-Control max-age=5184000
+		root * /var/www/korhonen.cc
+		file_server
+	}
+
+	@wkd host openpgpkey.korhonen.cc
+	handle @wkd {
+		root * /var/www/wkd
+		file_server browse
+		header Access-Control-Allow-Origin "*"
+	}
+
+	@index host index.korhonen.cc
+	handle @index {
+		umami {
+			event_endpoint "https://umami.korhonen.cc/api/send"
+			website_uuid "9fe4f5c0-8e63-4479-a58d-d399cdbc0a3a"
+			client_ip_header X-Real-IP
+			device_detection
+			allowed_extensions "" .tar.zst .json .html
+		}
 		root * /var/www/index.korhonen.cc
 		file_server browse
-}
+	}
 
-http://home.korhonen.lan {
+	@home-assistant host home.korhonen.cc
+	handle @home-assistant {
 		reverse_proxy home-assistant:8123
-}
+	}
 
-http://sso.korhonen.lan, http://sso.korhonen.cc {
+	@authentik host sso.korhonen.cc
+	handle @authentik {
 		reverse_proxy authentik:9000
-}
+	}
 
-http://git.korhonen.lan {
+	@forgejo host git.korhonen.cc
+	handle @forgejo {
 		rewrite /user/login /user/oauth2/authentik
 		reverse_proxy forgejo:3000
-}
+	}
 
-http://search.korhonen.lan {
+	@woodpecker host ci.korhonen.cc
+	handle @woodpecker {
+		reverse_proxy woodpecker:8000
+	}
+
+	@searx host search.korhonen.cc
+	handle @searx {
 		reverse_proxy searx:8080
-}
+	}
 
-http://jellyfin.korhonen.lan {
+	@freshrss host rss.korhonen.cc
+	handle @freshrss {
+		reverse_proxy freshrss
+	}
+
+	@jellyfin host jellyfin.korhonen.cc
+	handle @jellyfin {
 		reverse_proxy jellyfin:8096
-}
+	}
 
-http://cloud.korhonen.lan {
+	@pihole host pihole.korhonen.cc
+	handle @pihole {
+		reverse_proxy pihole
+	}
+
+	@umami host umami.korhonen.cc
+	handle @umami {
+		reverse_proxy umami:3000
+	}
+
+	@nextcloud host cloud.korhonen.cc
+	handle @nextcloud {
 		# Redirect login page to Authentik
 		redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301
 
@@ -60,8 +140,38 @@ http://cloud.korhonen.lan {
 			env front_controller_active true
 		}
 		file_server
-}
+	}
 
-http://collabora.korhonen.lan {
+	@collabora host collabora.korhonen.cc
+	handle @collabora {
 		reverse_proxy collabora:9980
+	}
+
+	@drop host drop.korhonen.cc
+	handle @drop {
+		reverse_proxy drop:3000
+	}
+
+	@ipvX host ipv6.korhonen.cc ipv4.korhonen.cc
+	handle @ipvX {
+		respond {remote_host}
+	}
+
+	handle {
+		respond "404 Not Found" 404
+	}
+
+	handle_errors {
+		@homepage_404 {
+			expression {http.error.status_code} == 404
+			host korhonen.cc
+		}
+		handle @homepage_404 {
+			root * /var/www/korhonen.cc
+			rewrite * /404.html
+			file_server
+		}
+
+		respond "{err.status_code} {err.status_text}"
+	}
 }

docker/caddy/Caddyfile.old

@@ -1,7 +1,3 @@
-# My old public configuration.
-# Currently don't have a public IP so running everything in LAN
-# in the current configuration
-
 {
 	order umami first
 }

docker/caddy/docker-compose.yaml

@@ -14,6 +14,7 @@ services:
       - 80:80
       - 443:443/tcp
       - 443:443/udp
+      - 127.0.0.1:2019:2019
     networks:
       - proxy
     volumes:
@@ -24,10 +25,8 @@ services:
       - korhonen_cc:/var/www/korhonen.cc
       - nextcloud_config:/var/www/nextcloud
       - /var/www/index.korhonen.cc:/var/www/index.korhonen.cc
-    environment:
+    env_file:
-      - CLOUDFLARE_EMAIL
+      - .env
-      - CLOUDFLARE_API_TOKEN
-      - ACME_AGREE=true
     cap_add:
       - NET_ADMIN
 networks:

docker/cloudflared/docker-compose.yaml

@@ -0,0 +1,19 @@
+services:
+  cloudflared:
+    image: cloudflare/cloudflared
+    container_name: cloudflared
+    restart: unless-stopped
+    networks:
+      - proxy
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+    entrypoint:
+    command: tunnel --no-autoupdate run
+    env_file:
+      - .env
+    extra_hosts:
+      - 'host.docker.internal:host-gateway'
+
+networks:
+  proxy:
+    external: true

docker/forgejo/docker-compose.yaml

@@ -6,7 +6,6 @@ services:
     image: git.korhonen.cc/functionalhacker/forgejo-asciidoc
     container_name: forgejo
     environment:
-      - TZ=Europe/Helsinki
       - USER_UID=1000
       - USER_GID=1000
     restart: unless-stopped

root/etc/pacman.conf

@@ -30,5 +30,5 @@ Include = /etc/pacman.d/mirrorlist
 Server = file:///var/www/index.korhonen.cc/repo/arch_linux/$repo/$arch
 {%@@ else @@%}
 Include = /etc/pacman.d/pacserve
-Server = http://index.korhonen.lan/repo/arch_linux/$repo/$arch
+Server = http://index.korhonen.cc/repo/arch_linux/$repo/$arch
 {%@@ endif @@%}