home-portal/Caddyfile at main · HugoKlepsch/home-portal · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
{
	email hugo.klepsch@gmail.com
	log {
		format json
	}
}

(dns_tls) {
	tls {
		ca https://acme-v02.api.letsencrypt.org/directory
		# Or, staging, when testing
		# ca https://acme-staging-v02.api.letsencrypt.org/directory

		dns linode {
			api_token {$LINODE_DNS_PAT}
			api_url {$LINODE_API_URL}
			api_version {$LINODE_API_VERSION}
			debug_logs_enabled true
		}
		# Delay to ensure that the record is propagated, but disable
		# checks because the local check always fails for me. Could be related
		# to fail-loop described below?
		# propagation_delay 2m
		# propagation_timeout -1 # no checks
		propagation_delay 2m
		propagation_timeout 3m
		# When creating a TXT record with "0" TTL, Linode considers this a
		# request for a record with the "Default" TTL, which results in a zone
		# file with no TTL value.
		# Common resolvers like 1.1.1.1 and 8.8.8.8 seem to cache this for a
		# very long time. (24h?)
		# Set dns_ttl to the lowest value allowed by Linode to avoid fail-loops
		# where the CA sees the old TXT record despite the new one being present.
		dns_ttl 30s
		resolvers 1.1.1.1
	}
}

*.hugo-klepsch.tech {
	import dns_tls

	@portal host portal.hugo-klepsch.tech
	handle @portal {
		handle / {
			root * /srv/portal.hugo-klepsch.tech
			templates {
				extensions {
					hitCounter {
						style bright_green
						pad_digits 7
					}
				}
			}
			file_server {
				index index.html
			}
		}
		handle {
			redir * /
		}
	}

	@bazarr host bazarr.hugo-klepsch.tech
	handle @bazarr {
		reverse_proxy 10.8.0.27:6767
	}

	@grafana host grafana.hugo-klepsch.tech
	handle @grafana {
		reverse_proxy 10.8.0.27:3000
	}

	@octoprint host octoprint.hugo-klepsch.tech
	handle @octoprint {
	    reverse_proxy 10.8.0.27:8081
    }

	@pihole host pihole.hugo-klepsch.tech
	handle @pihole {
		reverse_proxy 10.8.0.27:5380
	}

	@prometheus host prometheus.hugo-klepsch.tech
	handle @prometheus {
		reverse_proxy 10.8.0.27:9090
	}

	@prowlarr host prowlarr.hugo-klepsch.tech
	handle @prowlarr {
		reverse_proxy 10.8.0.27:9696
	}

	@qbt-public host qbt-public.hugo-klepsch.tech
	handle @qbt-public {
		reverse_proxy 10.8.0.27:3489
	}

	@qbt-tl host qbt-tl.hugo-klepsch.tech
	handle @qbt-tl {
		reverse_proxy 10.8.0.27:3490
	}

	@radarr host radarr.hugo-klepsch.tech
	handle @radarr {
		reverse_proxy 10.8.0.27:7878
	}

	@sonarr host sonarr.hugo-klepsch.tech
	handle @sonarr {
		reverse_proxy 10.8.0.27:8989
	}

	@tautulli host tautulli.hugo-klepsch.tech
	handle @tautulli {
		reverse_proxy 10.8.0.27:8181
	}

	handle {
		redir https://portal.hugo-klepsch.tech
	}
}