migrate to caddy (#1)

* migrate to caddy * format --------- Co-authored-by: Anonymous <>
2024-02-23 23:14:45 +08:00 · 2024-02-23 23:14:45 +08:00 · ad0e33416d
parent b98bd2f7c1
commit ad0e33416d
21 changed files with 100 additions and 228 deletions
--- a/docker/caddy/.env.example
+++ b/docker/caddy/.env.example
@ -0,0 +1,2 @@
 CLOUDFLARE_DNS_API_TOKEN=xxxx
 BASE_DOMAIN=example.com
--- a/docker/caddy/Caddyfile
+++ b/docker/caddy/Caddyfile
@ -0,0 +1,53 @@
 *.{$BASE_DOMAIN} {$BASE_DOMAIN} {
  log
  tls {
     dns cloudflare {env.CLOUDFLARE_DNS_API_TOKEN}
  }
  @gitea host git.{$BASE_DOMAIN}
  handle @gitea {
    reverse_proxy http://gitea:3000
    handle /api/actions/runner.v1.RunnerService/FetchTask {
      skip_log
    }
  }
  @homepagewww host www.{$BASE_DOMAIN} {$BASE_DOMAIN}
  handle @homepagewww {
    reverse_proxy http://homepage:80
  }
  @openvscode host code.{$BASE_DOMAIN}
  handle @openvscode {
    # http://openvscode-server:3000
    reverse_proxy http://openvscode-oauth
  }
  @uptimekuma host uptime.{$BASE_DOMAIN}
  handle @uptimekuma {
    reverse_proxy http://uptime-kuma:3001
  }
  @dockge host dockge.{$BASE_DOMAIN}
  handle @dockge {
    # http://dockge:5001
    reverse_proxy http://dockge-oauth
  }
  @filebrowser host file.{$BASE_DOMAIN}
  handle @filebrowser {
    reverse_proxy http://filebrowser
  }
  @grafana host grafana.{$BASE_DOMAIN}
  handle @grafana {
    reverse_proxy http://grafana:3000
  }
  @homeassistant host assistant.{$BASE_DOMAIN}
  handle @homeassistant {
    reverse_proxy http://home-assistant:8123
  }
 }
--- a/docker/caddy/Dockerfile
+++ b/docker/caddy/Dockerfile
@ -0,0 +1,14 @@
 FROM caddy:2.7.6-builder-alpine AS builder
 RUN go env -w GOPROXY=https://goproxy.cn,direct
 RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare
 FROM caddy:2.7.6-alpine
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 ENTRYPOINT ["caddy"]
 CMD ["run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
--- a/docker/caddy/docker-compose.yml
+++ b/docker/caddy/docker-compose.yml
@ -0,0 +1,25 @@
 version: "3.7"
 services:
  caddy:
    image: homeinfra/caddy
    build: .
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./data:/data/caddy
    env_file:
      - .env
    networks:
      - traefik_default
      - internet
 networks:
  traefik_default:
    external: true
  internet:
--- a/docker/traefik/make_network.sh
+++ b/docker/traefik/make_network.sh
@ -1 +1,2 @@
 # TODO: rename all traefik_default network references
 docker network create  -d bridge --internal traefik_default
--- a/docker/dockge/docker-compose.yml
+++ b/docker/dockge/docker-compose.yml
@ -33,7 +33,7 @@ services:
    restart: unless-stopped
    external_links:
-      - "traefik:git.homeinfra.org"
+      - "caddy:git.homeinfra.org"
    env_file:
      - .env
    networks:
--- a/docker/dockge/oauth2-proxy.cfg
+++ b/docker/dockge/oauth2-proxy.cfg
@ -12,7 +12,7 @@ provider="github"
 provider_display_name="Gitea"
 # client_id=""
 # client_secret=""
-redirect_url="https://code.homeinfra.org/oauth2/callback"
+redirect_url="https://dockge.homeinfra.org/oauth2/callback"
 login_url="https://git.homeinfra.org/login/oauth/authorize"
 redeem_url="https://git.homeinfra.org/login/oauth/access_token"
 validate_url="https://git.homeinfra.org/api/v1/user/emails"
--- a/docker/gitea/docker-compose.yml
+++ b/docker/gitea/docker-compose.yml
@ -19,9 +19,9 @@ services:
      - ./data/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
-    # ports:
+    ports:
    #   - "3000:3000"
-    #   - "2222:22"
+      - "22:22"
    depends_on:
      - db
    env_file:
--- a/docker/openvscode/docker-compose.yml
+++ b/docker/openvscode/docker-compose.yml
@ -32,7 +32,7 @@ services:
    restart: unless-stopped
    external_links:
-      - "traefik:git.homeinfra.org"
+      - "caddy:git.homeinfra.org"
    networks:
      - traefik_default
    env_file:
--- a/docker/traefik/.env.example
+++ b/docker/traefik/.env.example
@ -1 +0,0 @@
 CLOUDFLARE_DNS_API_TOKEN=
--- a/docker/traefik/conf/apps/base.yml
+++ b/docker/traefik/conf/apps/base.yml
@ -1,20 +0,0 @@
 http:
  middlewares:
    redirect-to-https:
      redirectscheme:
        scheme: https
  routers:
 #    traefik-api:
 #      middlewares: traefik-basic-auth
 #      rule: Host(`traefik-dashboard.homeinfra.org`)
 #      service: api@internal
 #      entrypoints: web
    http_to_https:
      entrypoints: web
      middlewares: redirect-to-https
      priority: 1
      rule: HostRegexp(`{catchall:.*}`)
      service: noop@internal
--- a/docker/traefik/conf/apps/dockge.yaml
+++ b/docker/traefik/conf/apps/dockge.yaml
@ -1,14 +0,0 @@
 http:
  routers:
    dockge:
      entrypoints: websecure
      rule: Host(`dockge.homeinfra.org`)
      service: dockge
      tls:
        certresolver: cloudflare
  services:
    dockge:
      loadbalancer:
        servers:
          # - url: http://dockge:5001
          - url: http://dockge-oauth
--- a/docker/traefik/conf/apps/filebrowser.yaml
+++ b/docker/traefik/conf/apps/filebrowser.yaml
@ -1,13 +0,0 @@
 http:
  routers:
    file:
      entrypoints: websecure
      rule: Host(`file.homeinfra.org`)
      service: file
      tls:
        certresolver: cloudflare
  services:
    file:
      loadbalancer:
        servers:
          - url: http://filebrowser
--- a/docker/traefik/conf/apps/gitea.yaml
+++ b/docker/traefik/conf/apps/gitea.yaml
@ -1,27 +0,0 @@
 http:
  routers:
    docker_gitea:
      entrypoints: websecure
      rule: Host(`git.homeinfra.org`)
      service: docker_gitea
      tls:
        certresolver: cloudflare
  services:
    docker_gitea:
      loadbalancer:
        servers:
          - url: http://gitea:3000
 tcp:
  routers:
    gitea-ssh:
      rule: HostSNI(`*`)
      entrypoints: gitssh
      service: gitea-ssh
  services:
    gitea-ssh:
      loadbalancer:
        servers:
          - address: gitea:22
--- a/docker/traefik/conf/apps/grafana.yaml
+++ b/docker/traefik/conf/apps/grafana.yaml
@ -1,13 +0,0 @@
 http:
  routers:
    grafana:
      entrypoints: websecure
      rule: Host(`grafana.homeinfra.org`)
      service: grafana
      tls:
        certresolver: cloudflare
  services:
    grafana:
      loadbalancer:
        servers:
          - url: http://grafana:3000
--- a/docker/traefik/conf/apps/homepage.yaml
+++ b/docker/traefik/conf/apps/homepage.yaml
@ -1,13 +0,0 @@
 http:
  routers:
    homepage:
      entrypoints: websecure
      rule: Host(`www.homeinfra.org`) || Host(`homeinfra.org`)
      service: homepage
      tls:
        certresolver: cloudflare
  services:
    homepage:
      loadbalancer:
        servers:
          - url: http://homepage:80
--- a/docker/traefik/conf/apps/openvscode.yaml
+++ b/docker/traefik/conf/apps/openvscode.yaml
@ -1,15 +0,0 @@
 http:
  routers:
    openvscode:
      entrypoints: websecure
      rule: Host(`code.homeinfra.org`)
      service: openvscode
      tls:
        certresolver: cloudflare
  services:
    openvscode:
      loadbalancer:
        servers:
          - url: http://openvscode-oauth
 #          - url: http://openvscode-server:3000
--- a/docker/traefik/conf/apps/portainer.yaml
+++ b/docker/traefik/conf/apps/portainer.yaml
@ -1,13 +0,0 @@
 http:
  routers:
    docker_portainer:
      entrypoints: websecure
      rule: Host(`portainer.homeinfra.org`)
      service: docker_portainer
      tls:
        certresolver: cloudflare
  services:
    docker_portainer:
      loadbalancer:
        servers:
          - url: http://portainer:9000
--- a/docker/traefik/conf/apps/uptime.yaml
+++ b/docker/traefik/conf/apps/uptime.yaml
@ -1,13 +0,0 @@
 http:
  routers:
    uptime-kuma:
      entrypoints: websecure
      rule: Host(`uptime.homeinfra.org`)
      service: uptime-kuma
      tls:
        certresolver: cloudflare
  services:
    uptime-kuma:
      loadbalancer:
        servers:
          - url: http://uptime-kuma:3001
--- a/docker/traefik/conf/traefik.yml
+++ b/docker/traefik/conf/traefik.yml
@ -1,50 +0,0 @@
 global:
  checkNewVersion: false
  sendAnonymousUsage: false
 log:
  filepath: /logs/log.json
  format: json
  level: DEBUG
 accesslog:
  filepath: /logs/access.json
 api:
  dashboard: true
  insecure: true
 providers:
  file:
    directory: /conf/apps/
    watch: true
 entrypoints:
  gitssh:
    address: :22
  web:
    address: :80
  websecure:
    address: :443
    http:
      tls:
        domains:
          - main: homeinfra.org
            sans: "*.homeinfra.org"
 tls:
  stores:
    default:
      defaultCertResolver: cloudflare
      defaultCertDomain:
        main: homeinfra.org
        sans: 
          - "*.homeinfra.org"
 certificatesResolvers:
  cloudflare:
    acme:
      dnsChallenge:
        provider: cloudflare
      email: admin@homeinfra.org
      storage: /letsencrypt/acme.json
--- a/docker/traefik/docker-compose.yml
+++ b/docker/traefik/docker-compose.yml
@ -1,31 +0,0 @@
 version: "2"
 services:
  web:
    restart: unless-stopped
    image: traefik:v2.9.7
    container_name: traefik
    networks:
      - traefik_default
      - net
    ports:
      - 80:80
      - 443:443
      - 22:22
      # - "8080:8080"
    command:
      - --configFile=/conf/traefik.yml
    environment:
      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
      - TZ=Asia/Shanghai
    volumes:
      - ./conf:/conf:ro
      - ./data/letsencrypt:/letsencrypt
      - /var/log/traefik_logs:/logs
      - /var/run/docker.sock:/var/run/docker.sock
    env_file:
      - .env
 networks:
  net:
    driver: bridge
  traefik_default:
    external: true
		`@ -0,0 +1,2 @@`
							`CLOUDFLARE_DNS_API_TOKEN=xxxx`
							`BASE_DOMAIN=example.com`
`@ -1 +1,2 @@`
		`# TODO: rename all traefik_default network references`
	`docker network create -d bridge --internal traefik_default`	`docker network create -d bridge --internal traefik_default`