# Caddy's configuration file # see: https://caddyserver.com/docs/caddyfile # The Caddyfile is an easy way to configure your Caddy web server. # # Unless the file starts with a global options block, the first # uncommented line is always the address of your site. # # To use your own domain name (with automatic HTTPS), first make # sure your domain's A/AAAA DNS records are properly pointed to # this machine's public IP, then replace ":80" below with your # domain name. #:80 { # # Set this path to your site's directory. # root * /usr/share/caddy # # # Enable the static file server. # file_server # # # Another common task is to set up a reverse proxy: # # reverse_proxy localhost:8080 # # # Or serve a PHP site through php-fpm: # # php_fastcgi localhost:9000 #} # Refer to the Caddy docs for more information: # https://caddyserver.com/docs/caddyfile # ------------------------------ # simpla.dev Services # ------------------------------ # 定义一个名为 (securityHeaders) 的可重用代码片段 (securityHeaders) { header { # Strict-Transport-Security (HSTS) Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # X-Frame-Options X-Frame-Options "SAMEORIGIN" # X-Content-Type-Options X-Content-Type-Options "nosniff" # Referrer-Policy Referrer-Policy "strict-origin-when-cross-origin" # Permissions-Policy Permissions-Policy "camera=(), microphone=(), geolocation=()" # Content-Security-Policy (CSP) - 通用起点 Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" # 移除 Server 标识 -Server } } simpla.dev { # 设置网站根目录 root * /srv/simpla.dev # 开启文件服务 file_server import securityHeaders } frps.simpla.dev { reverse_proxy http://154.204.181.192:7001 import securityHeaders } pve.simpla.dev { handle { reverse_proxy https://192.168.31.2:8006 { transport http { tls_insecure_skip_verify } header_up Host {http.reverse_proxy.host} header_up X-Forwarded-Host {host} } # import securityHeaders } } fndav.simpla.dev { reverse_proxy http://192.168.31.3:5005 # import securityHeaders } fnos.simpla.dev { reverse_proxy http://192.168.31.3:5666 # import securityHeaders } hugo.simpla.dev { reverse_proxy http://192.168.31.100:1313 # import securityHeaders } gitea.simpla.dev { reverse_proxy http://192.168.31.100:3000 import securityHeaders } lobe.simpla.dev { reverse_proxy http://192.168.31.100:3210 # import securityHeaders } openlist.simpla.dev { reverse_proxy http://192.168.31.100:5244 # import securityHeaders } frpc.simpla.dev { reverse_proxy http://192.168.31.100:7400 import securityHeaders } dify.simpla.dev { reverse_proxy http://192.168.31.100:8080 import securityHeaders } kubepi.simpla.dev { reverse_proxy http://192.168.31.100:8090 import securityHeaders } ddns.simpla.dev { reverse_proxy http://192.168.31.100:9876 import securityHeaders } 1panel.simpla.dev { reverse_proxy http://192.168.31.100:21643 import securityHeaders } gotify.simpla.dev { reverse_proxy http://192.168.31.100:40266 import securityHeaders } daed.simpla.dev { reverse_proxy http://192.168.31.200:2023 # import securityHeaders } b.simpla.dev { # 将所有收到的请求转发到目标网站 reverse_proxy https://b.watch { # (可选) 修改发送到目标服务器的 Host 请求头 header_up Host {http.reverse_proxy.upstream.hostport} } } # ------------------------------ # k3s Services # ------------------------------ argocd.simpla.dev { reverse_proxy http://192.168.31.201:80 import securityHeaders } markword.simpla.dev { reverse_proxy http://192.168.31.201:80 import securityHeaders } n8n.simpla.dev { reverse_proxy http://192.168.31.201:80 import securityHeaders }