update config

2025-12-12 13:27:50 +08:00
parent b034d11e46
commit 576de3a7e7
8 changed files with 271 additions and 163 deletions
--- a/files/192.168.31.101/Caddyfile
+++ b/files/192.168.31.101/Caddyfile
@@ -0,0 +1,243 @@
+# Caddy's configuration file
+# see: https://caddyserver.com/docs/caddyfile
+
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+
+#:80 {
+#       # Set this path to your site's directory.
+#       root * /usr/share/caddy
+#
+#       # Enable the static file server.
+#       file_server
+#
+#       # Another common task is to set up a reverse proxy:
+#       # reverse_proxy localhost:8080
+#
+#       # Or serve a PHP site through php-fpm:
+#       # php_fastcgi localhost:9000
+#}
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
+
+# 定义一个名为 (securityHeaders) 的可重用代码片段
+(securityHeaders) {
+	header {
+		# Strict-Transport-Security (HSTS)
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+		# X-Frame-Options
+		X-Frame-Options "SAMEORIGIN"
+
+		# X-Content-Type-Options
+		X-Content-Type-Options "nosniff"
+
+		# Referrer-Policy
+		Referrer-Policy "strict-origin-when-cross-origin"
+
+		# Permissions-Policy
+		Permissions-Policy "camera=(), microphone=(), geolocation=()"
+
+		# Content-Security-Policy (CSP) - 通用起点
+		Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
+
+		# 移除 Server 标识
+		-Server
+	}
+}
+
+# ------------------------------
+# 10000h.de Services
+# ------------------------------
+
+10000h.de {
+	# 设置网站根目录
+	root * /srv/10000h.de
+
+	# 开启文件服务
+	file_server
+	import securityHeaders
+}
+
+frps.10000h.de {
+	reverse_proxy http://192.238.204.39:7001
+	import securityHeaders
+}
+
+docker.10000h.de {
+	reverse_proxy http://192.238.204.39:51000
+	# import securityHeaders
+}
+
+ghcr.10000h.de {
+	reverse_proxy http://192.238.204.39:52000
+	import securityHeaders
+}
+
+pve.10000h.de {
+	handle {
+		reverse_proxy https://192.168.31.2:8006 {
+			transport http {
+				tls_insecure_skip_verify
+			}
+			header_up Host {http.reverse_proxy.host}
+			header_up X-Forwarded-Host {host}
+		}
+		# import securityHeaders
+	}
+}
+
+pvel.10000h.de {
+	handle {
+		reverse_proxy https://192.168.31.2:8006 {
+			transport http {
+				tls_insecure_skip_verify
+			}
+			header_up Host {http.reverse_proxy.host}
+			header_up X-Forwarded-Host {host}
+		}
+		# import securityHeaders
+	}
+}
+
+fndav.10000h.de {
+	reverse_proxy http://192.168.31.3:5005
+	# import securityHeaders
+}
+
+fnos.10000h.de {
+	reverse_proxy http://192.168.31.3:5666
+	# import securityHeaders
+}
+
+fnosl.10000h.de {
+	reverse_proxy http://192.168.31.3:5666
+	# import securityHeaders
+}
+
+openwrt.10000h.de {
+	reverse_proxy http://192.168.31.4:80
+	# import securityHeaders
+}
+
+arch.10000h.de {
+	reverse_proxy http://192.168.31.4:10808
+	# import securityHeaders
+}
+
+duet.10000h.de {
+	reverse_proxy http://NUC:3389
+	# import securityHeaders
+}
+
+nuc.10000h.de {
+	reverse_proxy http://NUC:3389
+	# import securityHeaders
+}
+
+ddns.10000h.de {
+	reverse_proxy http://192.168.31.101:9876
+	import securityHeaders
+}
+
+frpc.10000h.de {
+	reverse_proxy http://192.168.31.101:7400
+	import securityHeaders
+}
+
+gotify.10000h.de {
+	reverse_proxy http://192.168.31.104:80
+	# import securityHeaders
+}
+
+lobe.10000h.de {
+	reverse_proxy http://192.168.31.105:3210
+	# import securityHeaders
+}
+
+dify.10000h.de {
+	reverse_proxy http://192.168.31.106:80
+	import securityHeaders
+}
+
+n8n.10000h.de {
+	reverse_proxy http://192.168.31.107:5678
+	import securityHeaders
+}
+
+affine.10000h.de {
+        reverse_proxy http://192.168.31.108:3010
+        import securityHeaders
+}
+
+valutwarden.10000h.de {
+	reverse_proxy http://192.168.31.109:8000
+	import securityHeaders
+}
+
+kubepi.10000h.de {
+	reverse_proxy http://192.168.31.110:80
+	import securityHeaders
+}
+
+openlist.10000h.de {
+	reverse_proxy http://192.168.31.111:5244
+	# import securityHeaders
+}
+
+sp.10000h.de {
+	reverse_proxy http://192.168.31.112:8080
+	import securityHeaders
+	route /webdav* {
+        reverse_proxy http://192.168.31.112:2345
+    }
+}
+
+mattermost.10000h.de {
+	reverse_proxy http://192.168.31.113:8065
+	# import securityHeaders
+}
+
+rocketchat.10000h.de {
+	reverse_proxy http://192.168.31.114:3000
+	import securityHeaders
+}
+
+tts.10000h.de {
+	reverse_proxy http://192.168.31.115:8000
+	# import securityHeaders
+}
+
+daed.10000h.de {
+	reverse_proxy http://192.168.31.200:2023
+	# import securityHeaders
+}
+
+# ------------------------------
+# k3s Services
+# ------------------------------
+
+argocd.10000h.de {
+	reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
+
+markword.10000h.de {
+	reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
+
+n8nk.10000h.de {
+	reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
+
+
--- a/files/192.168.31.101/frp/frpc.toml
+++ b/files/192.168.31.101/frp/frpc.toml
@@ -0,0 +1,123 @@
+serverAddr = "154.204.181.192"
+serverPort = 15443
+
+auth.method = "token"
+auth.token = "lostecho"
+
+webServer.addr = "0.0.0.0"
+webServer.port = 7400
+webServer.user = "lostecho"
+webServer.password = "Yuanhui1234!"
+webServer.pprofEnable = false
+
+loginFailExit=false
+
+[[proxies]]
+name = "pve"
+type = "tcp"
+localIP = "192.168.31.2"
+localPort = 8006
+remotePort = 8006
+
+[[proxies]]
+name = "fndav"
+type = "tcp"
+localIP = "192.168.31.3"
+localPort = 5005
+remotePort = 5005
+
+[[proxies]]
+name = "fnos"
+type = "tcp"
+localIP = "192.168.31.3"
+localPort = 5666
+remotePort = 5666
+
+[[proxies]]
+name = "ddns"
+type = "tcp"
+localIP = "192.168.31.101"
+localPort = 9876
+remotePort = 9876
+
+[[proxies]]
+name = "frpc"
+type = "tcp"
+localIP = "192.168.31.102"
+localPort = 7400
+remotePort = 7400
+
+[[proxies]]
+name = "lobe"
+type = "tcp"
+localIP = "192.168.31.103"
+localPort = 3210
+remotePort = 3210
+
+[[proxies]]
+name = "openlist"
+type = "tcp"
+localIP = "192.168.31.104"
+localPort = 5244
+remotePort = 5244
+
+[[proxies]]
+name = "gotify"
+type = "tcp"
+localIP = "192.168.31.105"
+localPort = 80
+remotePort = 40266
+
+[[proxies]]
+name = "dify"
+type = "tcp"
+localIP = "192.168.31.106"
+localPort = 80
+remotePort = 10080
+
+[[proxies]]
+name = "dify"
+type = "tcp"
+localIP = "192.168.31.107"
+localPort = 5678
+remotePort = 5678
+
+[[proxies]]
+name = "kubepi"
+type = "tcp"
+localIP = "192.168.31.108"
+localPort = 80
+remotePort = 8090
+
+[[proxies]]
+name = "moontv"
+type = "tcp"
+localIP = "192.168.31.109"
+localPort = 3000
+remotePort = 3000
+
+[[proxies]]
+name = "daed"
+type = "tcp"
+localIP = "192.168.31.200"
+localPort = 2023
+remotePort = 2023
+
+[[proxies]]
+name = "k8s-80"
+type = "tcp"
+localIP = "192.168.31.201"
+localPort = 80
+remotePort = 20180
+
+[[proxies]]
+name = "k8s-443"
+type = "tcp"
+localIP = "192.168.31.201"
+localPort = 443
+remotePort = 20443
+
+# tls
+#transport.tls.certFile = "/etc/frp/ssl/client.crt"
+#transport.tls.keyFile = "/etc/frp/ssl/client.key"
+#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"
--- a/files/192.168.31.101/openlist/docker-compose.yml
+++ b/files/192.168.31.101/openlist/docker-compose.yml
@@ -0,0 +1,14 @@
+version: '3.3'
+services:
+  openlist:
+    image: 'openlistteam/openlist:latest'
+    container_name: openlist
+    volumes:
+      - './data:/opt/openlist/data'
+    ports:
+      - '5244:5244'
+    environment:
+      - PUID=0
+      - PGID=0
+      - UMASK=022
+    restart: unless-stopped