# The Caddyfile is an easy way to configure your Caddy web server. # # Unless the file starts with a global options block, the first # uncommented line is always the address of your site. # # To use your own domain name (with automatic HTTPS), first make # sure your domain's A/AAAA DNS records are properly pointed to # this machine's public IP, then replace ":80" below with your # domain name. # Refer to the Caddy docs for more information: # https://caddyserver.com/docs/caddyfile # 定义一个名为 (securityHeaders) 的可重用代码片段 (securityHeaders) { header { # Strict-Transport-Security (HSTS) Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # X-Frame-Options X-Frame-Options "SAMEORIGIN" # X-Content-Type-Options X-Content-Type-Options "nosniff" # Referrer-Policy Referrer-Policy "strict-origin-when-cross-origin" # Permissions-Policy Permissions-Policy "camera=(), microphone=(), geolocation=()" # Content-Security-Policy (CSP) - 通用起点 Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" # 移除 Server 标识 -Server } } # ------------------------------ # 10000h.de Services # ------------------------------ 10000h.de { # 设置网站根目录 root * /srv/10000h.de # 开启文件服务 file_server import securityHeaders } daed.10000h.de { reverse_proxy http://127.0.0.1:2023 import securityHeaders } rocketchat.10000h.de { reverse_proxy http://127.0.0.1:3000 import securityHeaders } affine.10000h.de { reverse_proxy http://127.0.0.1:3010 import securityHeaders } lobe.10000h.de { reverse_proxy http://127.0.0.1:3210 { transport http { versions 1.1 # 👈 强制使用 HTTP/1.1 与后端通信 } } } rdp.10000h.de { reverse_proxy http://127.0.0.1:3389 } fndav.10000h.de { reverse_proxy http://127.0.0.1:5005 # import securityHeaders } openlist.10000h.de { reverse_proxy http://127.0.0.1:5244 # import securityHeaders } fnos.10000h.de { reverse_proxy http://127.0.0.1:5666 # import securityHeaders } n8n.10000h.de { reverse_proxy http://127.0.0.1:5678 # import securityHeaders } vnc.10000h.de { reverse_proxy http://127.0.0.1:5900 } couchdb.10000h.de { reverse_proxy http://127.0.0.1:5984 } frps.10000h.de { reverse_proxy http://127.0.0.1:7001 import securityHeaders } frpc.10000h.de { reverse_proxy http://127.0.0.1:7400 import securityHeaders } vaulewarden.10000h.de { reverse_proxy http://127.0.0.1:8000 import securityHeaders } tts.10000h.de { reverse_proxy http://127.0.0.1:8001 import securityHeaders } openwrt.10000h.de { reverse_proxy http://127.0.0.1:8002 import securityHeaders } pve.10000h.de { handle { reverse_proxy https://127.0.0.1:8006 { transport http { tls_insecure_skip_verify } header_up Host {http.reverse_proxy.host} header_up X-Forwarded-Host {host} } # import securityHeaders } } gotify.10000h.de { reverse_proxy http://127.0.0.1:8080 import securityHeaders } dify.10000h.de { reverse_proxy http://127.0.0.1:8081 import securityHeaders } mattermost.10000h.de { reverse_proxy http://127.0.0.1:8065 import securityHeaders } sp.10000h.de { reverse_proxy http://127.0.0.1:8082 import securityHeaders route /webdav* { reverse_proxy http://127.0.0.1:2345 } } kubepi.10000h.de { reverse_proxy http://127.0.0.1:8084 import securityHeaders } ddns.10000h.de { reverse_proxy http://127.0.0.1:9876 import securityHeaders } arch.10000h.de { reverse_proxy http://127.0.0.1:10808 import securityHeaders } # ------------------------------ # k3s Services # ------------------------------ argocd.10000h.de { reverse_proxy http://127.0.0.1:20080 import securityHeaders } markword.10000h.de { reverse_proxy http://127.0.0.1:20080 import securityHeaders } n8nk.10000h.de { reverse_proxy http://127.0.0.1:20080 import securityHeaders } docker.10000h.de { reverse_proxy http://127.0.0.1:51000 # import securityHeaders } ghcr.10000h.de { reverse_proxy http://127.0.0.1:52000 import securityHeaders }