update config

2025-12-12 13:27:50 +08:00
parent b034d11e46
commit 576de3a7e7
8 changed files with 271 additions and 163 deletions
--- a/files/192.238.204.39/Caddyfile
+++ b/files/192.238.204.39/Caddyfile
@@ -0,0 +1,215 @@
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
+
+# 定义一个名为 (securityHeaders) 的可重用代码片段
+(securityHeaders) {
+	header {
+		# Strict-Transport-Security (HSTS)
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+		# X-Frame-Options
+		X-Frame-Options "SAMEORIGIN"
+
+		# X-Content-Type-Options
+		X-Content-Type-Options "nosniff"
+
+		# Referrer-Policy
+		Referrer-Policy "strict-origin-when-cross-origin"
+
+		# Permissions-Policy
+		Permissions-Policy "camera=(), microphone=(), geolocation=()"
+
+		# Content-Security-Policy (CSP) - 通用起点
+		Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
+
+		# 移除 Server 标识
+		-Server
+	}
+}
+
+# ------------------------------
+# 10000h.de Services
+# ------------------------------
+
+10000h.de {
+	# 设置网站根目录
+	root * /srv/10000h.de
+
+	# 开启文件服务
+	file_server
+	import securityHeaders
+}
+
+daed.10000h.de {
+	reverse_proxy http://127.0.0.1:2023
+	import securityHeaders
+}
+
+rocketchat.10000h.de {
+	reverse_proxy http://127.0.0.1:3000
+	import securityHeaders
+}
+
+affine.10000h.de {
+	reverse_proxy http://127.0.0.1:3010
+	import securityHeaders
+}
+
+lobe.10000h.de {
+	reverse_proxy http://127.0.0.1:3210 {
+    	transport http {
+        	versions 1.1  # 👈 强制使用 HTTP/1.1 与后端通信
+    	}
+	}
+}
+
+rdp.10000h.de {
+	reverse_proxy http://127.0.0.1:3389
+}
+
+fndav.10000h.de {
+	reverse_proxy http://127.0.0.1:5005
+	# import securityHeaders
+}
+
+openlist.10000h.de {
+	reverse_proxy http://127.0.0.1:5244
+	# import securityHeaders
+}
+
+fnos.10000h.de {
+	reverse_proxy http://127.0.0.1:5666
+	# import securityHeaders
+}
+
+n8n.10000h.de {
+	reverse_proxy http://127.0.0.1:5678
+	# import securityHeaders
+}
+
+vnc.10000h.de {
+	reverse_proxy http://127.0.0.1:5900
+}
+
+couchdb.10000h.de {
+	reverse_proxy http://127.0.0.1:5984
+}
+
+frps.10000h.de {
+	reverse_proxy http://127.0.0.1:7001
+	import securityHeaders
+}
+
+frpc.10000h.de {
+	reverse_proxy http://127.0.0.1:7400
+	import securityHeaders
+}
+
+vaulewarden.10000h.de {
+	reverse_proxy http://127.0.0.1:8000
+	import securityHeaders
+}
+
+tts.10000h.de {
+	reverse_proxy http://127.0.0.1:8001
+	import securityHeaders
+}
+
+openwrt.10000h.de {
+	reverse_proxy http://127.0.0.1:8002
+	import securityHeaders
+}
+
+pve.10000h.de {
+	handle {
+		reverse_proxy https://127.0.0.1:8006 {
+			transport http {
+				tls_insecure_skip_verify
+			}
+			header_up Host {http.reverse_proxy.host}
+			header_up X-Forwarded-Host {host}
+		}
+		# import securityHeaders
+	}
+}
+
+gotify.10000h.de {
+	reverse_proxy http://127.0.0.1:8080
+	import securityHeaders
+}
+
+dify.10000h.de {
+	reverse_proxy http://127.0.0.1:8081
+	import securityHeaders
+}
+
+mattermost.10000h.de {
+	reverse_proxy http://127.0.0.1:8065
+	import securityHeaders
+}
+
+sp.10000h.de {
+	reverse_proxy http://127.0.0.1:8082
+	import securityHeaders
+	route /webdav* {
+        reverse_proxy http://127.0.0.1:2345
+    }
+}
+
+kubepi.10000h.de {
+	reverse_proxy http://127.0.0.1:8084
+	import securityHeaders
+}
+
+ddns.10000h.de {
+	reverse_proxy http://127.0.0.1:9876
+	import securityHeaders
+}
+
+arch.10000h.de {
+	reverse_proxy http://127.0.0.1:10808
+	import securityHeaders
+}
+
+# ------------------------------
+# k3s Services
+# ------------------------------
+
+argocd.10000h.de {
+	reverse_proxy http://127.0.0.1:20080
+	import securityHeaders
+}
+
+markword.10000h.de {
+	reverse_proxy http://127.0.0.1:20080
+	import securityHeaders
+}
+
+n8nk.10000h.de {
+	reverse_proxy http://127.0.0.1:20080
+	import securityHeaders
+}
+
+docker.10000h.de {
+	reverse_proxy http://127.0.0.1:51000
+	# import securityHeaders
+}
+
+ghcr.10000h.de {
+	reverse_proxy http://127.0.0.1:52000
+	import securityHeaders
+}
+
+
+
+