# Caddyfile - Generated by Ansible # Domain: {{ domain }} # Global options { email {{ user_email }} } # ===== PUBLIC SERVICES ===== # Nextcloud {{ subdomain_nextcloud }}.{{ domain }} { reverse_proxy next:80 header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Referrer-Policy no-referrer X-XSS-Protection "1; mode=block" -Server } redir /.well-known/carddav /remote.php/dav 301 redir /.well-known/caldav /remote.php/dav 301 redir /.well-known/webfinger /index.php/.well-known/webfinger 301 redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301 request_body { max_size 10GB } } # OnlyOffice Document Server {{ subdomain_office }}.{{ domain }} { reverse_proxy onlyoffice:80 request_body { max_size 100MB } header { Strict-Transport-Security "max-age=31536000" -Server } } # Excalidraw {{ subdomain_draw }}.{{ domain }} { reverse_proxy excalidraw:80 header { Strict-Transport-Security "max-age=31536000" -Server } } # Obsidian {{ subdomain_notes }}.{{ domain }} { reverse_proxy obsidian:3000 header { Strict-Transport-Security "max-age=31536000" -Server } } # ===== TAILSCALE-ONLY SERVICES ===== # Homarr Dashboard {{ subdomain_homarr }}.{{ domain }} { @tailscale { remote_ip 100.64.0.0/10 } handle @tailscale { reverse_proxy homarr:7575 } handle { respond "Access Denied - Tailscale Required" 403 abort } } # Dockhand Container Manager {{ subdomain_dockhand }}.{{ domain }} { @tailscale { remote_ip 100.64.0.0/10 } handle @tailscale { reverse_proxy dockhand:3000 } handle { respond "Access Denied - Tailscale Required" 403 abort } } # Uptime Kuma Monitoring {{ subdomain_uptime }}.{{ domain }} { @tailscale { remote_ip 100.64.0.0/10 } handle @tailscale { reverse_proxy uptime-kuma:3001 } handle { respond "Access Denied - Tailscale Required" 403 abort } } {% if enable_public_status %} # Public Status Page status.{{ domain }} { reverse_proxy uptime-kuma:3001/status header { Strict-Transport-Security "max-age=31536000" -Server } } {% endif %}