# Caddy's configuration file # see: https://caddyserver.com/docs/caddyfile # The Caddyfile is an easy way to configure your Caddy web server. # # Unless the file starts with a global options block, the first # uncommented line is always the address of your site. # # To use your own domain name (with automatic HTTPS), first make # sure your domain's A/AAAA DNS records are properly pointed to # this machine's public IP, then replace ":80" below with your # domain name. #:80 { # # Set this path to your site's directory. # root * /usr/share/caddy # # # Enable the static file server. # file_server # # # Another common task is to set up a reverse proxy: # # reverse_proxy localhost:8080 # # # Or serve a PHP site through php-fpm: # # php_fastcgi localhost:9000 #} # Refer to the Caddy docs for more information: # https://caddyserver.com/docs/caddyfile # 定义一个名为 (securityHeaders) 的可重用代码片段 (securityHeaders) { header { # Strict-Transport-Security (HSTS) Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # X-Frame-Options X-Frame-Options "SAMEORIGIN" # X-Content-Type-Options X-Content-Type-Options "nosniff" # Referrer-Policy Referrer-Policy "strict-origin-when-cross-origin" # Permissions-Policy Permissions-Policy "camera=(), microphone=(), geolocation=()" # Content-Security-Policy (CSP) - 通用起点 Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" # 移除 Server 标识 -Server } } # ------------------------------ # 10000h.de Services # ------------------------------ 10000h.de { # 设置网站根目录 root * /srv/10000h.de # 开启文件服务 file_server import securityHeaders } frps.10000h.de { reverse_proxy http://192.238.204.39:7001 import securityHeaders } docker.10000h.de { reverse_proxy http://192.238.204.39:51000 # import securityHeaders } ghcr.10000h.de { reverse_proxy http://192.238.204.39:52000 import securityHeaders } pve.10000h.de { handle { reverse_proxy https://192.168.31.2:8006 { transport http { tls_insecure_skip_verify } header_up Host {http.reverse_proxy.host} header_up X-Forwarded-Host {host} } # import securityHeaders } } pvel.10000h.de { handle { reverse_proxy https://192.168.31.2:8006 { transport http { tls_insecure_skip_verify } header_up Host {http.reverse_proxy.host} header_up X-Forwarded-Host {host} } # import securityHeaders } } fndav.10000h.de { reverse_proxy http://192.168.31.3:5005 # import securityHeaders } fnos.10000h.de { reverse_proxy http://192.168.31.3:5666 # import securityHeaders } fnosl.10000h.de { reverse_proxy http://192.168.31.3:5666 # import securityHeaders } openwrt.10000h.de { reverse_proxy http://192.168.31.4:80 # import securityHeaders } arch.10000h.de { reverse_proxy http://192.168.31.4:10808 # import securityHeaders } duet.10000h.de { reverse_proxy http://NUC:3389 # import securityHeaders } nuc.10000h.de { reverse_proxy http://NUC:3389 # import securityHeaders } ddns.10000h.de { reverse_proxy http://192.168.31.101:9876 import securityHeaders } frpc.10000h.de { reverse_proxy http://192.168.31.101:7400 import securityHeaders } gotify.10000h.de { reverse_proxy http://192.168.31.104:80 # import securityHeaders } lobe.10000h.de { reverse_proxy http://192.168.31.105:3210 # import securityHeaders } dify.10000h.de { reverse_proxy http://192.168.31.106:80 import securityHeaders } n8n.10000h.de { reverse_proxy http://192.168.31.107:5678 import securityHeaders } affine.10000h.de { reverse_proxy http://192.168.31.108:3010 import securityHeaders } valutwarden.10000h.de { reverse_proxy http://192.168.31.109:8000 import securityHeaders } kubepi.10000h.de { reverse_proxy http://192.168.31.110:80 import securityHeaders } openlist.10000h.de { reverse_proxy http://192.168.31.111:5244 # import securityHeaders } sp.10000h.de { reverse_proxy http://192.168.31.112:8080 import securityHeaders route /webdav* { reverse_proxy http://192.168.31.112:2345 } } mattermost.10000h.de { reverse_proxy http://192.168.31.113:8065 # import securityHeaders } rocketchat.10000h.de { reverse_proxy http://192.168.31.114:3000 import securityHeaders } tts.10000h.de { reverse_proxy http://192.168.31.115:8000 # import securityHeaders } daed.10000h.de { reverse_proxy http://192.168.31.200:2023 # import securityHeaders } # ------------------------------ # k3s Services # ------------------------------ argocd.10000h.de { reverse_proxy http://192.168.31.201:80 import securityHeaders } markword.10000h.de { reverse_proxy http://192.168.31.201:80 import securityHeaders } n8nk.10000h.de { reverse_proxy http://192.168.31.201:80 import securityHeaders }