ada/caddy-hl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Добавить конфигурацию для развертывания Caddy и обновить файлы конфигурации для различных сервисов
Some checks failed
Deploy Caddy / deploy (push) Has been cancelled
Details
Deploy Caddy / validate (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Dmitry
2025-12-01 18:44:10 +03:00
commit 3f9326e71f
11 changed files with 332 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
.gitea/workflows/deploy.yml Normal file
View File

@@ -0,0 +1,47 @@
name: Deploy Caddy
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
validate:
runs-on: vps-runner
steps:
- uses: actions/checkout@v3
- name: Install Caddy
run: |
sudo apt update
sudo apt install -y caddy
- name: Validate Caddyfile
run: caddy validate --config Caddyfile
deploy:
needs: validate
if: github.event_name == 'push'
runs-on: self-hosted
steps:
- uses: actions/checkout@v3
- name: Backup current config
run: |
sudo cp /etc/caddy/Caddyfile /etc/caddy/Caddyfile.backup
sudo cp -r /etc/caddy/conf.d /etc/caddy/conf.d.backup
- name: Deploy configs
run: |
sudo cp Caddyfile /etc/caddy/
sudo cp -r conf.d/* /etc/caddy/conf.d/
sudo cp ssl/*.pem /etc/caddy/ssl/ || true
- name: Validate deployed config
run: sudo caddy validate --config /etc/caddy/Caddyfile
- name: Reload Caddy
run: sudo systemctl reload caddy
- name: Check Caddy status
run: sudo systemctl status caddy --no-pager

14
Caddyfile Normal file
View File

@@ -0,0 +1,14 @@
(mtls_protect) {
tls {
client_auth {
mode require_and_verify
trusted_ca_cert_file /etc/caddy/ssl/rootCA.pem
}
}
}
{
email antip.ada@yandex.ru
}
import conf.d/*.caddy

28
conf.d/gate.caddy Normal file
View File

@@ -0,0 +1,28 @@
http://gate.ada-dev.ru {
redir https://gate.ada-dev.ru{uri}
}
gate.ada-dev.ru {
import mtls_protect
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
encode zstd gzip
reverse_proxy http://192.168.1.20:8013 {
transport http {
versions 1.1
read_timeout 3600s
write_timeout 3600s
response_header_timeout 3600s
dial_timeout 3600s
}
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
flush_interval -1
}
}

33
conf.d/git.caddy Normal file
View File

@@ -0,0 +1,33 @@
http://git.ada-dev.ru {
redir https://git.ada-dev.ru{uri}
}
git.ada-dev.ru {
# Сжатие ответа
encode zstd gzip
# Лимит на загрузки (артефакты/репы)
request_body {
max_size 10GB
}
# Основной прокси на git-сервис
reverse_proxy 192.168.1.20:8005 {
# Таймауты ~ как в nginx (60s)
transport http {
dial_timeout 60s
response_header_timeout 60s
read_timeout 60s
write_timeout 60s
versions 1.1
}
# Явные заголовки вверх
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
# Потоковая передача (хорошо для больших ответов)
flush_interval -1
}
}

28
conf.d/notes.caddy Normal file
View File

@@ -0,0 +1,28 @@
http://notes.ada-dev.ru {
redir https://trilium.ada-dev.ru{uri}
}
notes.ada-dev.ru {
encode zstd gzip
request_body {
max_size 1GB
}
reverse_proxy 192.168.1.20:8012 {
transport http {
dial_timeout 60s
response_header_timeout 60s
read_timeout 60s
write_timeout 60s
versions 1.1
}
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
flush_interval -1
}
}

43
conf.d/pass.caddy Normal file
View File

@@ -0,0 +1,43 @@
http://pass.ada-dev.ru {
redir https://pass.ada-dev.ru{uri}
}
pass.ada-dev.ru {
encode zstd gzip
# Увеличенный лимит для загрузки файлов и вложений
request_body {
max_size 525MB
}
# Заголовки безопасности для Vaultwarden
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
}
# WebSocket для уведомлений в реальном времени
@websocket {
header Connection *Upgrade*
header Upgrade websocket
path /notifications/hub
}
reverse_proxy @websocket 192.168.1.20:8001 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
# Основной HTTP трафик
reverse_proxy 192.168.1.20:8000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
flush_interval -1
}
}

28
conf.d/portainer.caddy Normal file
View File

@@ -0,0 +1,28 @@
http://portainer.ada-dev.ru {
redir https://portainer.ada-dev.ru{uri}
}
portainer.ada-dev.ru {
import mtls_protect
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
encode zstd gzip
reverse_proxy http://192.168.1.20:8010 {
transport http {
versions 1.1
read_timeout 3600s
write_timeout 3600s
response_header_timeout 3600s
dial_timeout 3600s
}
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
flush_interval -1
}
}

17
conf.d/print.caddy Normal file
View File

@@ -0,0 +1,17 @@
print.ada-dev.ru {
@lan {
remote_ip 192.168.1.0/24
}
handle @lan {
reverse_proxy 192.168.1.15:631
}
handle {
respond "Access denied" 403
}
}
http://print.ada-dev.ru {
redir https://print.ada-dev.ru{uri}
}

33
conf.d/pve.caddy Normal file
View File

@@ -0,0 +1,33 @@
http://pve.ada-dev.ru {
redir https://pve.ada-dev.ru{uri}
}
pve.ada-dev.ru {
import mtls_protect
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
encode zstd gzip
request_body {
max_size 10GB
}
reverse_proxy https://192.168.1.10:8006 {
transport http {
versions 1.1
tls_insecure_skip_verify
read_timeout 3600s
write_timeout 3600s
response_header_timeout 3600s
dial_timeout 3600s
}
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
flush_interval -1
}
}

33
conf.d/sync.caddy Normal file
View File

@@ -0,0 +1,33 @@
http://sync.ada-dev.ru {
redir https://sync.ada-dev.ru{uri}
}
sync.ada-dev.ru {
import mtls_protect
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
encode zstd gzip
request_body {
max_size 10GB
}
reverse_proxy https://192.168.1.20:8003 {
transport http {
versions 1.1
tls_insecure_skip_verify
read_timeout 3600s
write_timeout 3600s
response_header_timeout 3600s
dial_timeout 3600s
}
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
flush_interval -1
}
}

28
conf.d/uptime.caddy Normal file
View File

@@ -0,0 +1,28 @@
http://uptime.ada-dev.ru {
redir https://uptime.ada-dev.ru{uri}
}
uptime.ada-dev.ru {
import mtls_protect
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
encode zstd gzip
reverse_proxy http://192.168.1.20:8011 {
transport http {
versions 1.1
read_timeout 3600s
write_timeout 3600s
response_header_timeout 3600s
dial_timeout 3600s
}
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
flush_interval -1
}
}