root
/
homeinfra_infra
mirror of https://github.com/homeinfra-org/infra
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

migrate to caddy (#1) 

* migrate to caddy

* format

---------

Co-authored-by: Anonymous <>
This commit is contained in:
Junlin Liu 2024-02-23 23:14:45 +08:00 committed by GitHub
parent b98bd2f7c1
commit ad0e33416d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
21 changed files with 100 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/caddy/.env.example Normal file
View File

@ -0,0 +1,2 @@
CLOUDFLARE_DNS_API_TOKEN=xxxx
BASE_DOMAIN=example.com

53
docker/caddy/Caddyfile Normal file
View File

@ -0,0 +1,53 @@
*.{$BASE_DOMAIN} {$BASE_DOMAIN} {
log
tls {
dns cloudflare {env.CLOUDFLARE_DNS_API_TOKEN}
}
@gitea host git.{$BASE_DOMAIN}
handle @gitea {
reverse_proxy http://gitea:3000
handle /api/actions/runner.v1.RunnerService/FetchTask {
skip_log
}
}
@homepagewww host www.{$BASE_DOMAIN} {$BASE_DOMAIN}
handle @homepagewww {
reverse_proxy http://homepage:80
}
@openvscode host code.{$BASE_DOMAIN}
handle @openvscode {
# http://openvscode-server:3000
reverse_proxy http://openvscode-oauth
}
@uptimekuma host uptime.{$BASE_DOMAIN}
handle @uptimekuma {
reverse_proxy http://uptime-kuma:3001
}
@dockge host dockge.{$BASE_DOMAIN}
handle @dockge {
# http://dockge:5001
reverse_proxy http://dockge-oauth
}
@filebrowser host file.{$BASE_DOMAIN}
handle @filebrowser {
reverse_proxy http://filebrowser
}
@grafana host grafana.{$BASE_DOMAIN}
handle @grafana {
reverse_proxy http://grafana:3000
}
@homeassistant host assistant.{$BASE_DOMAIN}
handle @homeassistant {
reverse_proxy http://home-assistant:8123
}
}

14
docker/caddy/Dockerfile Normal file
View File

@ -0,0 +1,14 @@
FROM caddy:2.7.6-builder-alpine AS builder
RUN go env -w GOPROXY=https://goproxy.cn,direct
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:2.7.6-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
ENTRYPOINT ["caddy"]
CMD ["run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]

25
docker/caddy/docker-compose.yml Normal file
View File

@ -0,0 +1,25 @@
version: "3.7"
services:
caddy:
image: homeinfra/caddy
build: .
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./data:/data/caddy
env_file:
- .env
networks:
- traefik_default
- internet
networks:
traefik_default:
external: true
internet:

1
docker/traefik/make_network.sh → docker/caddy/make_network.sh
View File

@ -1 +1,2 @@
# TODO: rename all traefik_default network references
docker network create -d bridge --internal traefik_default

2
docker/dockge/docker-compose.yml
View File

@ -33,7 +33,7 @@ services:
restart: unless-stopped
external_links:
- "traefik:git.homeinfra.org"
- "caddy:git.homeinfra.org"
env_file:
- .env
networks:

2
docker/dockge/oauth2-proxy.cfg
View File

@ -12,7 +12,7 @@ provider="github"
provider_display_name="Gitea"
# client_id=""
# client_secret=""
redirect_url="https://code.homeinfra.org/oauth2/callback"
redirect_url="https://dockge.homeinfra.org/oauth2/callback"
login_url="https://git.homeinfra.org/login/oauth/authorize"
redeem_url="https://git.homeinfra.org/login/oauth/access_token"
validate_url="https://git.homeinfra.org/api/v1/user/emails"

4
docker/gitea/docker-compose.yml
View File

@ -19,9 +19,9 @@ services:
- ./data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# ports:
ports:
# - "3000:3000"
# - "2222:22"
- "22:22"
depends_on:
- db
env_file:

2
docker/openvscode/docker-compose.yml
View File

@ -32,7 +32,7 @@ services:
restart: unless-stopped
external_links:
- "traefik:git.homeinfra.org"
- "caddy:git.homeinfra.org"
networks:
- traefik_default
env_file:

1
docker/traefik/.env.example
View File

@ -1 +0,0 @@
CLOUDFLARE_DNS_API_TOKEN=

20
docker/traefik/conf/apps/base.yml
View File

@ -1,20 +0,0 @@
http:
middlewares:
redirect-to-https:
redirectscheme:
scheme: https
routers:
# traefik-api:
# middlewares: traefik-basic-auth
# rule: Host(`traefik-dashboard.homeinfra.org`)
# service: api@internal
# entrypoints: web
http_to_https:
entrypoints: web
middlewares: redirect-to-https
priority: 1
rule: HostRegexp(`{catchall:.*}`)
service: noop@internal

14
docker/traefik/conf/apps/dockge.yaml
View File

@ -1,14 +0,0 @@
http:
routers:
dockge:
entrypoints: websecure
rule: Host(`dockge.homeinfra.org`)
service: dockge
tls:
certresolver: cloudflare
services:
dockge:
loadbalancer:
servers:
# - url: http://dockge:5001
- url: http://dockge-oauth

13
docker/traefik/conf/apps/filebrowser.yaml
View File

@ -1,13 +0,0 @@
http:
routers:
file:
entrypoints: websecure
rule: Host(`file.homeinfra.org`)
service: file
tls:
certresolver: cloudflare
services:
file:
loadbalancer:
servers:
- url: http://filebrowser

27
docker/traefik/conf/apps/gitea.yaml
View File

@ -1,27 +0,0 @@
http:
routers:
docker_gitea:
entrypoints: websecure
rule: Host(`git.homeinfra.org`)
service: docker_gitea
tls:
certresolver: cloudflare
services:
docker_gitea:
loadbalancer:
servers:
- url: http://gitea:3000
tcp:
routers:
gitea-ssh:
rule: HostSNI(`*`)
entrypoints: gitssh
service: gitea-ssh
services:
gitea-ssh:
loadbalancer:
servers:
- address: gitea:22

13
docker/traefik/conf/apps/grafana.yaml
View File

@ -1,13 +0,0 @@
http:
routers:
grafana:
entrypoints: websecure
rule: Host(`grafana.homeinfra.org`)
service: grafana
tls:
certresolver: cloudflare
services:
grafana:
loadbalancer:
servers:
- url: http://grafana:3000

13
docker/traefik/conf/apps/homepage.yaml
View File

@ -1,13 +0,0 @@
http:
routers:
homepage:
entrypoints: websecure
rule: Host(`www.homeinfra.org`) || Host(`homeinfra.org`)
service: homepage
tls:
certresolver: cloudflare
services:
homepage:
loadbalancer:
servers:
- url: http://homepage:80

15
docker/traefik/conf/apps/openvscode.yaml
View File

@ -1,15 +0,0 @@
http:
routers:
openvscode:
entrypoints: websecure
rule: Host(`code.homeinfra.org`)
service: openvscode
tls:
certresolver: cloudflare
services:
openvscode:
loadbalancer:
servers:
- url: http://openvscode-oauth
# - url: http://openvscode-server:3000

13
docker/traefik/conf/apps/portainer.yaml
View File

@ -1,13 +0,0 @@
http:
routers:
docker_portainer:
entrypoints: websecure
rule: Host(`portainer.homeinfra.org`)
service: docker_portainer
tls:
certresolver: cloudflare
services:
docker_portainer:
loadbalancer:
servers:
- url: http://portainer:9000

13
docker/traefik/conf/apps/uptime.yaml
View File

@ -1,13 +0,0 @@
http:
routers:
uptime-kuma:
entrypoints: websecure
rule: Host(`uptime.homeinfra.org`)
service: uptime-kuma
tls:
certresolver: cloudflare
services:
uptime-kuma:
loadbalancer:
servers:
- url: http://uptime-kuma:3001

50
docker/traefik/conf/traefik.yml
View File

@ -1,50 +0,0 @@
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
filepath: /logs/log.json
format: json
level: DEBUG
accesslog:
filepath: /logs/access.json
api:
dashboard: true
insecure: true
providers:
file:
directory: /conf/apps/
watch: true
entrypoints:
gitssh:
address: :22
web:
address: :80
websecure:
address: :443
http:
tls:
domains:
- main: homeinfra.org
sans: "*.homeinfra.org"
tls:
stores:
default:
defaultCertResolver: cloudflare
defaultCertDomain:
main: homeinfra.org
sans:
- "*.homeinfra.org"
certificatesResolvers:
cloudflare:
acme:
dnsChallenge:
provider: cloudflare
email: admin@homeinfra.org
storage: /letsencrypt/acme.json

31
docker/traefik/docker-compose.yml
View File

@ -1,31 +0,0 @@
version: "2"
services:
web:
restart: unless-stopped
image: traefik:v2.9.7
container_name: traefik
networks:
- traefik_default
- net
ports:
- 80:80
- 443:443
- 22:22
# - "8080:8080"
command:
- --configFile=/conf/traefik.yml
environment:
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
- TZ=Asia/Shanghai
volumes:
- ./conf:/conf:ro
- ./data/letsencrypt:/letsencrypt
- /var/log/traefik_logs:/logs
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- .env
networks:
net:
driver: bridge
traefik_default:
external: true