caddy: finish migrating to caddy-docker-proxy

2025-02-19 21:42:57 +01:00 · 2025-02-19 21:42:57 +01:00 · e4830550c2
commit e4830550c2
parent 1b311df046
16 changed files with 96 additions and 225 deletions
--- a/.env
+++ b/.env
@ -1,5 +1,7 @@
 REGISTRY_URL=registry.kucharczyk.xyz
 DOMAIN=kucharczyk.xyz
 TS_DOMAIN=jacob-shark.ts.net
 TS_DOMAIN_NAS=nas.${TS_DOMAIN}
 TZ=Europe/Prague
 STORAGE_PATH=/srv/mergerfs/storage
 MEDIA_PATH=${STORAGE_PATH}/media
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,13 @@
 ---
 configs:
  caddyfile:
    content: |
      notes-old.kucharczyk.xyz {
        handle {
          root * /srv/notes
          file_server
        }
      }
 include:
  - services/bazarr.yml
@ -33,9 +42,12 @@ services:
      - "${DENDRON_NOTES_EXTERNAL_PORT}:${DENDRON_NOTES_INTERNAL_PORT}"
      - 80:80
      - 443:443
    user: ${PUID}
    environment:
-      - CADDY_INGRESS_NETWORKS=public
+      - CADDY_INGRESS_NETWORKS=docker-compose-templates_public
      - CADDY_DOCKER_CADDYFILE_PATH=/Caddyfile
    configs:
      - source: caddyfile
        target: /Caddyfile
    volumes:
      - "${DOCKER_STORAGE_PATH}/caddy/etc:/etc/caddy"
      - "${DOCKER_STORAGE_PATH}/caddy/data:/data"
@ -69,6 +81,15 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.3
    labels:
      caddy: tracker.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8001 }}"
      caddy.handle_path: "/static/*"
      caddy.handle_path.root: "* /srv/timetracker"
      caddy.handle_path.file_server:
      caddy.handle: /robots.txt
      caddy.handle.root: "* /srv/timetracker"
      caddy.handle.file_server:
    restart: unless-stopped
  trilium:
@ -101,6 +122,16 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.5
    labels:
      caddy: "notify.${DOMAIN} http://notify.${DOMAIN}"
      caddy.reverse_proxy: "{{ upstreams $NTFY_INTERNAL_PORT }}"
      caddy.reverse_proxy.header_up_0: "{http.request.header.Upgrade}"
      caddy.reverse_proxy.header_up_1: "Connection \"upgrade\""
      caddy.redir: "https://{host}{uri}"
      caddy.redir.protocol: http
      caddy.redir.method: get
      caddy.redir.path_regexp: "^/([-_a-z0-9]{0,64}$|docs/|static/)"
    restart: unless-stopped
  audiobookshelf:
@ -154,6 +185,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.8
    labels:
      caddy: recipes.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 9000 }}"
    restart: unless-stopped
  rtorrent:
@ -177,6 +211,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.9
    labels:
      caddy: torrent.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 9080 }}"
    restart: unless-stopped
  webhook:
@ -267,6 +304,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.14
    labels:
      caddy: music.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $NAVIDROME_INTERNAL_PORT }}"
    restart: unless-stopped
  maloja:
@ -296,7 +336,7 @@ services:
  paperless-ngx:
    container_name: paperless-ngx
-    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.0.1
    restart: unless-stopped
    depends_on:
      - redis
@ -395,6 +435,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.21
    labels:
      caddy: wiki.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $MEDIAWIKI_INTERNAL_PORT }}"
    depends_on:
      - mariadb
    ports:
@ -413,6 +456,9 @@ services:
        ipv4_address: 192.168.240.22
    ports:
      - "${PHOTOPRISM_EXTERNAL_PORT}:${PHOTOPRISM_INTERNAL_PORT}"
    labels:
      caddy: photos.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 2342 }}"
    depends_on:
      - mariadb
    env_file:
@ -442,6 +488,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.24
    labels:
      caddy: baserow.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    depends_on:
      - postgres
    env_file:
@ -452,7 +501,7 @@ services:
  gitea:
    container_name: gitea
-    image: gitea/gitea:1.21.11
+    image: gitea/gitea:1.23.4
    networks:
      public:
        ipv4_address: 192.168.240.26
@ -461,6 +510,9 @@ services:
    ports:
      - "${GITEA_WEBUI_EXTERNAL_PORT}:${GITEA_WEBUI_INTERNAL_PORT}"
      - "${GITEA_SSH_EXTERNAL_PORT}:${GITEA_SSH_INTERNAL_PORT}"
    labels:
      caddy: git.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams $GITEA_WEBUI_INTERNAL_PORT }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/gitea:/data"
    restart: unless-stopped
@ -494,6 +546,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.28
    labels:
      caddy: bookmarks.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    depends_on:
      - mariadb
      - redis
@ -536,6 +591,9 @@ services:
        ipv4_address: 192.168.240.29
    ports:
      - "${VAULTWARDEN_EXTERNAL_PORT}:${VAULTWARDEN_INTERNAL_PORT}"
    labels:
      caddy: bw.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    env_file:
      - ./secrets/vaultwarden.env
    environment:
--- a/scripts/README.md
+++ b/scripts/README.md
@ -1,9 +0,0 @@
 This folder contains the configuration file, template, and script to generate a Caddyfile for all the services in main repository.
 # Usage
 1. Run the script:
 ```bash
 ./add --config sites-config.yaml --template template.j2 > sites-enabled/generated.caddy
 ```
 2. Reload Caddy with `caddy reload -c /etc/caddy/Caddyfile`
--- a/scripts/add
+++ b/scripts/add
@ -1,76 +0,0 @@
 #!/usr/bin/python3
 import argparse
 import yaml
 from jinja2 import Template
 def render_template(template_path, **kwargs):
    with open(template_path, "r") as file:
        template = Template(file.read())
        output = template.render(**kwargs)
    return output
 def format_subdomain(subdomains, domain):
    if isinstance(subdomains, list):
        return ", ".join([f"{sub}.{domain}" for sub in subdomains])
    else:
        return f"{subdomains}.{domain}"
 def process_sites_config(config_path, template_path, check_mode):
    with open(config_path, "r") as file:
        sites_config = yaml.safe_load(file)
    default_domain = sites_config.get("default_domain", None)
    if default_domain is None:
        raise ValueError("YAML configuration is missing default_domain key")
    total_sites = len(sites_config["sites"])
    enabled_sites = 0
    disabled_sites = 0
    for site in sites_config["sites"]:
        domain = site.get("domain", default_domain)
        # Check if site is enabled
        if site.get("enabled", True):  # Default to True if 'enabled' key is not present
            enabled_sites += 1
            if "subdomain" in site:
                site["subdomain"] = format_subdomain(site["subdomain"], domain)
            if not check_mode:
                rendered_content = render_template(template_path, **site)
                print(f"{rendered_content}\n")
        else:
            disabled_sites += 1
    if check_mode:
        print(f"Total sites: {total_sites}")
        print(f"Enabled sites: {enabled_sites}")
        print(f"Disabled sites: {disabled_sites}")
 def main():
    parser = argparse.ArgumentParser(
        description="Process a sites configuration file for Caddyfiles"
    )
    parser.add_argument(
        "--config", required=True, help="Path to the YAML configuration file"
    )
    parser.add_argument(
        "--check",
        action="store_true",
        help="Only check statistics, do not output templates",
    )
    parser.add_argument("--template", help="Path to the Jinja2 template file")
    args = parser.parse_args()
    if args.template is None and args.check is False:
        parser.error("--template argument is required if not using --check")
    template_path = args.template  # Replace with the actual path to your template file
    process_sites_config(args.config, template_path, args.check)
 if __name__ == "__main__":
    main()
--- a/scripts/sites-config.yaml
+++ b/scripts/sites-config.yaml
@ -1,114 +0,0 @@
 sites:
  - hostname: gitea
    subdomain: git
    port: 3000
  - hostname: rtorrent
    subdomain: torrent
    port: 9080
  - subdomain: portainer
    # fixme: move portainer to docker-compose.yml
    # hostname: portainer
    hostname: 192.168.0.106
    port: 9000
  - subdomain: radarr
    hostname: radarr
    port: 7878
  - subdomain: sonarr-tv
    hostname: sonarr_tv
    port: 8989
  - subdomain: sonarr-anime
    hostname: sonarr_anime
    port: 8989
  - subdomain: notify
    hostname: ntfy
    port: 80
    additional_config: |
      @httpget {
            protocol http
            method GET
            path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
            }
       redir @httpget https://{host}{uri}
  - subdomain: recipes
    hostname: mealie
    port: 80
  - subdomain: music
    hostname: navidrome
    port: 4533
  - subdomain: paperless
    hostname: paperless-ngx
    port: 8000
  - subdomain: photos
    hostname: photoprism
    port: 2342
  - subdomain: bookmarks
    hostname: linkace
    port: 80
  - subdomain: bw
    hostname: vaultwarden
    port: 80
  - subdomain: drone
    # fixme: move to docker compose & change hostname AND PORT!! (80)
    # hostname: drone
    hostname: 192.168.0.106
    port: 580
  - subdomain: jellyfin
    hostname: jellyfin
    port: 8096
  - subdomain: comic
    hostname: komga
    port: 25600
  - subdomain: miniflux
    hostname: miniflux
    port: 8080
  - subdomain: netboot
    # fixme: move to compose
    # hostname: netbootxyz
    hostname: 192.168.0.106
    port: 3001
  - subdomain: cloud
    # fixme: move to compose
    # hostname: nextcloud
    hostname: 192.168.0.106
    port: 8484
    additional_config: |
      redir /.well-known/carddav /remote.php/dav 301
      redir /.well-known/caldav /remote.php/dav 301
      header Strict-Transport-Security "max-age=15552000; includeSubDomains"
  - subdomain: registry
    # fixme: move to compose
    # hostname: registry
    hostname: 192.168.0.106
    port: 5000
  - subdomain: tracker
    hostname: timetracker
    port: 8001
    additional_config: |
      handle_path /static/* {
        root * /srv/timetracker
        file_server
      }
      handle /robots.txt {
        root * /srv/timetracker
        file_server
      }
  - subdomain: notes-old
    additional_config: |
      root * /srv/notes
      file_server
  - subdomain: notes
    additional_config: |
      reverse_proxy https://publish.obsidian.md {
        header_up Host {upstream_hostport}
      }
      rewrite * /serve?url=notes.kucharczyk.xyz{path}
    server_config: |
      encode zstd gzip
  - subdomain: wiki
    hostname: mediawiki
    port: 80
  - subdomain: baserow
    hostname: baserow
    port: 80
--- a/scripts/template.j2
+++ b/scripts/template.j2
@ -1,17 +0,0 @@
 {{ subdomain }} {
 	handle {
 		{% if reverse_proxy_config %}
 			reverse_proxy {{ hostname }}:{{ port }} {
 			{{ reverse_proxy_config }}
 			}
 		{% else %}
 			{% if hostname and port %}
 				reverse_proxy {{ hostname }}:{{ port }}
 			{% endif %}
 		{% endif %}
 		{% if additional_config %}
 			{{ additional_config }}
 		{% endif %}
 	}
 	{{ server_config }}
 }
--- a/services/drone/drone.yml
+++ b/services/drone/drone.yml
@ -6,6 +6,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.47
    labels:
      caddy: drone.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
    volumes:
      - ${DOCKER_STORAGE_PATH}/drone:/data
    env_file:
--- a/services/jellyfin.yml
+++ b/services/jellyfin.yml
@ -10,6 +10,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.32
    labels:
      caddy: jellyfin.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8096 }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/jellyfin:/config"
      - "${MEDIA_PATH}:/data/media"
--- a/services/komga.yml
+++ b/services/komga.yml
@ -3,11 +3,12 @@ services:
  komga:
    image: gotson/komga:latest
    container_name: komga
    ports:
      - "6080:25600"
    networks:
      public:
        ipv4_address: 192.168.240.34
    labels:
      caddy: comic.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 25600 }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/komga:/config"
      - "${COMIC_PATH}:/data"
--- a/services/miniflux.yml
+++ b/services/miniflux.yml
@ -3,11 +3,12 @@ services:
  miniflux:
    image: miniflux/miniflux:latest
    container_name: miniflux
    ports:
      - "8282:8080"
    networks:
      public:
        ipv4_address: 192.168.240.35
    labels:
      caddy: miniflux.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8080 }}"
    environment:
      - BASE_URL=https://miniflux.${DOMAIN}
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/miniflux?sslmode=disable
--- a/services/netbootxyz.yml
+++ b/services/netbootxyz.yml
@ -6,6 +6,8 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.44
    ports:
      - 3000:3000
    volumes:
      - "${DOCKER_STORAGE_PATH}/netbootxyz:/config"
      - "${DOCKER_STORAGE_PATH_SLOW}/netbootxyz:/assets"
--- a/services/nextcloud.yml
+++ b/services/nextcloud.yml
@ -15,4 +15,10 @@ services:
    environment:
      # caddy
      - TRUSTED_PROXIES=192.168.240.2
    labels:
      caddy: cloud.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 80 }}"
      caddy.handle.redir_0: "/.well-known/carddav /remote.php/dav 301"
      caddy.handle.redir_1: "/.well-known/caldav /remote.php/dav 301"
      caddy.header.Strict-Transport-Security: "max-age=15552000; includeSubDomains"
    restart: unless-stopped
--- a/services/redlib.yml
+++ b/services/redlib.yml
@ -21,6 +21,9 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.51
    labels:
      caddy: redlib.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 8080 }}"
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
      interval: 5m
--- a/services/registry.yml
+++ b/services/registry.yml
@ -6,6 +6,11 @@ services:
    networks:
      public:
        ipv4_address: 192.168.240.45
    ports:
      - 5000:5000
    labels:
      caddy: registry.${DOMAIN}
      caddy.reverse_proxy: "{{ upstreams 5000 }}"
    volumes:
      - "${DOCKER_STORAGE_PATH}/registry/data:/var/lib/registry"
      - "${DOCKER_STORAGE_PATH}/registry/config.yml:/etc/docker/registry/config.yml"
--- a/services/sabnzbd.yml
+++ b/services/sabnzbd.yml
@ -18,4 +18,7 @@ services:
      - "${DOWNLOADS_PATH}/sabnzbd:/downloads"
      - "${DOWNLOADS_PATH}/sabnzbd-incomplete:/incomplete-downloads"
      - "${MEDIA_PATH}:/media"
    labels:
      caddy: sabnzbd.kucharczyk.xyz
      caddy.reverse_proxy: "{{ upstreams 8080 }}"
    restart: unless-stopped
--- a/services/sonarr.yml
+++ b/services/sonarr.yml
@ -37,4 +37,4 @@ services:
      - "${NZB_DOWNLOADS_PATH}:/downloads"
      - "${TORRENTS_SEED_PATH}:/seed"
      - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete"
-    restart: unless-stopped
+    restart: unless-stopped