Initial commit

files/192.168.31.100/Caddyfile

@@ -0,0 +1,178 @@
+# Caddy's configuration file
+# see: https://caddyserver.com/docs/caddyfile
+
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+
+#:80 {
+#	# Set this path to your site's directory.
+#	root * /usr/share/caddy
+#
+#	# Enable the static file server.
+#	file_server
+#
+#	# Another common task is to set up a reverse proxy:
+#	# reverse_proxy localhost:8080
+#
+#	# Or serve a PHP site through php-fpm:
+#	# php_fastcgi localhost:9000
+#}
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
+
+# ------------------------------
+# simpla.dev Services
+# ------------------------------
+
+# 定义一个名为 (securityHeaders) 的可重用代码片段
+(securityHeaders) {
+	header {
+		# Strict-Transport-Security (HSTS)
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+		# X-Frame-Options
+		X-Frame-Options "SAMEORIGIN"
+
+		# X-Content-Type-Options
+		X-Content-Type-Options "nosniff"
+
+		# Referrer-Policy
+		Referrer-Policy "strict-origin-when-cross-origin"
+
+		# Permissions-Policy
+		Permissions-Policy "camera=(), microphone=(), geolocation=()"
+
+		# Content-Security-Policy (CSP) - 通用起点
+		Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
+
+		# 移除 Server 标识
+		-Server
+	}
+}
+
+simpla.dev {
+	# 设置网站根目录
+	root * /srv/simpla.dev
+
+	# 开启文件服务
+	file_server
+	import securityHeaders
+}
+
+frps.simpla.dev {
+	reverse_proxy http://154.204.181.192:7001
+	import securityHeaders
+}
+
+pve.simpla.dev {
+	handle {
+		reverse_proxy https://192.168.31.2:8006 {
+			transport http {
+				tls_insecure_skip_verify
+			}
+			header_up Host {http.reverse_proxy.host}
+			header_up X-Forwarded-Host {host}
+		}
+		# import securityHeaders
+	}
+}
+
+fndav.simpla.dev {
+	reverse_proxy http://192.168.31.3:5005
+	# import securityHeaders
+}
+
+fnos.simpla.dev {
+	reverse_proxy http://192.168.31.3:5666
+	# import securityHeaders
+}
+
+hugo.simpla.dev {
+	reverse_proxy http://192.168.31.100:1313
+	# import securityHeaders
+}
+
+gitea.simpla.dev {
+	reverse_proxy http://192.168.31.100:3000
+	import securityHeaders
+}
+
+lobe.simpla.dev {
+	reverse_proxy http://192.168.31.100:3210
+	# import securityHeaders
+}
+
+openlist.simpla.dev {
+	reverse_proxy http://192.168.31.100:5244
+	# import securityHeaders
+}
+
+frpc.simpla.dev {
+	reverse_proxy http://192.168.31.100:7400
+	import securityHeaders
+}
+
+dify.simpla.dev {
+	reverse_proxy http://192.168.31.100:8080
+	import securityHeaders
+}
+
+kubepi.simpla.dev {
+	reverse_proxy http://192.168.31.100:8090
+	import securityHeaders
+}
+
+ddns.simpla.dev {
+	reverse_proxy http://192.168.31.100:9876
+	import securityHeaders
+}
+
+1panel.simpla.dev {
+	reverse_proxy http://192.168.31.100:21643
+	import securityHeaders
+}
+
+gotify.simpla.dev {
+	reverse_proxy http://192.168.31.100:40266
+	import securityHeaders
+}
+
+daed.simpla.dev {
+	reverse_proxy http://192.168.31.200:2023
+	# import securityHeaders
+}
+
+b.simpla.dev {
+	# 将所有收到的请求转发到目标网站
+    reverse_proxy https://b.watch {
+        # (可选) 修改发送到目标服务器的 Host 请求头
+        header_up Host {http.reverse_proxy.upstream.hostport}
+    }
+}
+
+# ------------------------------
+# k3s Services
+# ------------------------------
+
+argocd.simpla.dev {
+	reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
+
+markword.simpla.dev {
+    reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
+
+n8n.simpla.dev {
+	reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}