commit bfe55a6b49a959f7eb96c1a77f012b67558c42ae
Author: narawat lamaiin <narawat@gmail.com>
Date:   Sat Mar 21 20:34:59 2026 +0700

    1st commit

diff --git a/Caddyfile b/Caddyfile
new file mode 100755
index 0000000..f3328b9
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1,427 @@
+proxmox11.yiem.cc {
+  reverse_proxy 192.168.88.11:8006 {
+    transport http {
+      tls_insecure_skip_verify
+    }
+  }
+}
+
+proxmox12.yiem.cc {
+  reverse_proxy 192.168.88.12:8006 {
+    transport http {
+      tls_insecure_skip_verify
+    }
+  }
+}
+
+proxmox13.yiem.cc {
+  reverse_proxy 192.168.88.13:8006 {
+    transport http {
+      tls_insecure_skip_verify
+    }
+  }
+}
+
+proxmox14.yiem.cc {
+  reverse_proxy 192.168.88.14:8006 {
+    transport http {
+      tls_insecure_skip_verify
+    }
+  }
+}
+
+proxmox20.yiem.cc {
+  reverse_proxy 192.168.88.20:8006 {
+    transport http {
+      tls_insecure_skip_verify
+    }
+  }
+}
+
+proxmox21.yiem.cc {
+  reverse_proxy 192.168.88.21:8006 {
+    transport http {
+      tls_insecure_skip_verify
+    }
+  }
+}
+
+git.yiem.cc {
+  reverse_proxy 192.168.88.110:3000
+}
+
+drone.yiem.cc {
+  reverse_proxy 192.168.88.110:80
+}
+
+registry.yiem.cc {
+  route {
+    basic_auth {
+      cicd $2a$14$JPVuqNDC/Hss3cNMORiN7ubIG19wd2BEQTKuzQKet33uLVSMlsw0q
+    }
+    reverse_proxy 192.168.88.110:5000
+  }
+}
+
+argocd.yiem.cc {
+  reverse_proxy 192.168.88.200:80
+}
+
+
+mqtt.yiem.cc:8083/mqtt { 
+  reverse_proxy localhost:9083
+}
+
+mqtt.yiem.cc:8084 {
+  reverse_proxy localhost:9084
+}
+
+llmembedding.yiem.cc {
+  reverse_proxy 192.168.88.50:11434
+}
+
+llmvectordb.yiem.cc {
+  reverse_proxy 192.168.88.50:6333
+}
+
+llmcoder.yiem.cc {
+  reverse_proxy 192.168.88.50:8080
+}
+
+llmvl.yiem.cc {
+  reverse_proxy 192.168.88.51:8080
+}
+
+nats.yiem.cc {
+  reverse_proxy localhost:9222 {
+  header_up Host {http.request.host}
+  header_up X-Forwarded-For {http.request.remote}
+  header_up X-Forwarded-Proto {http.request.scheme}
+  }
+}
+
+yiem.cc, www.yiem.cc {
+  reverse_proxy 192.168.88.109:10001
+}
+
+erp.yiem.cc {
+  reverse_proxy 192.168.88.107:8080
+}
+
+api.yiem.cc {
+  reverse_proxy 192.168.88.102:11434
+}
+
+books.yiem.cc {
+  reverse_proxy 192.168.88.105:5000
+}
+
+media.yiem.cc {
+  reverse_proxy 192.168.88.105:8096
+}
+
+https://office.yiem.cc:443 {
+  reverse_proxy 192.168.88.101:11000
+}
+
+https://officeproject.yiem.cc {
+  reverse_proxy 192.168.88.101:10003
+}
+
+tech.yiem.cc {
+  reverse_proxy 192.168.88.109:11001
+}
+
+smartfarm.yiem.cc {
+  reverse_proxy 192.168.88.109:11050
+}
+
+testsite1.yiem.cc {
+  reverse_proxy 192.168.88.109:11111
+}
+
+wine.yiem.cc {
+  reverse_proxy /hq/agent/sommelier/frontend/user* 192.168.88.109:10208
+  reverse_proxy /hq/agent/sommelier/frontend/dbadmin* 192.168.88.109:10209
+  reverse_proxy /hq/agent/sommelier/frontend/retaileradmin* 192.168.88.109:10207
+  reverse_proxy 192.168.88.109:13001
+}
+
+blossom.yiem.cc {
+  reverse_proxy 192.168.88.109:14001
+}
+
+play.yiem.cc {
+  reverse_proxy 192.168.88.105:12000
+}  
+
+app1.yiem.cc {
+  # Preserve common upstream headers for all proxied requests
+  @all {
+    path_regexp all ^/.*$
+  }
+
+  # -------------------------
+  # service-a QA: canonicalize and proxy
+  # -------------------------
+
+  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
+  @a_qaNoSlash path /service-a-qa
+  redir @a_qaNoSlash https://app1.yiem.cc/service-a-qa/ 301
+
+  # Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
+  @a_qa path_regexp qa ^/service-a-qa(/.*|$)
+
+  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
+  reverse_proxy @a_qa 192.168.88.200:80 {
+    header_up X-Forwarded-Prefix /service-a-qa
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+    # Optional: tune timeouts or health checks here if needed
+  }
+
+  # -----------------------------
+  # service-a Production: canonicalize and proxy
+  # -----------------------------
+
+  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
+  @a_prodNoSlash path /service-a
+  redir @a_prodNoSlash https://app1.yiem.cc/service-a/ 301
+
+  # Match any production path (covers /service-a, /service-a/, and subpaths)
+  @a_prod path_regexp prod ^/service-a(/.*|$)
+
+  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
+  reverse_proxy @a_prod 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+
+  # -------------------------
+  # service-b QA: canonicalize and proxy
+  # -------------------------
+
+  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
+  @b_qaNoSlash path /service-b-qa
+  redir @b_qaNoSlash https://app1.yiem.cc/service-b-qa/ 301
+
+  # Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
+  @b_qa path_regexp qa ^/service-b-qa(/.*|$)
+
+  # Proxy QA traffic to ingress LB
+  reverse_proxy @b_qa 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+    # Optional: tune timeouts or health checks here if needed
+  }
+
+  # -----------------------------
+  # service-b Production: canonicalize and proxy
+  # -----------------------------
+
+  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
+  @b_prodNoSlash path /service-b
+  redir @b_prodNoSlash https://app1.yiem.cc/service-b/ 301
+
+  # Match any production path (covers /service-b, /service-b/, and subpaths)
+  @b_prod path_regexp prod ^/service-b(/.*|$)
+
+  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
+  reverse_proxy @b_prod 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+
+  # -------------------------
+  # Fallback: forward other requests to the ingress
+  # -------------------------
+  reverse_proxy 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+}
+
+# =============================
+# app2.yiem.cc: Reverse Proxy Configuration
+# =============================
+app2.yiem.cc {
+  # Preserve common upstream headers for all proxied requests
+  @all {
+    path_regexp all ^/.*$
+  }
+
+  # -------------------------
+  # service-a QA: canonicalize and proxy
+  # -------------------------
+
+  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
+  @a_qaNoSlash path /service-a-qa
+  redir @a_qaNoSlash https://app2.yiem.cc/service-a-qa/ 301
+
+  # Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
+  @a_qa path_regexp qa ^/service-a-qa(/.*|$)
+
+  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
+  reverse_proxy @a_qa 192.168.88.200:80 {
+    header_up X-Forwarded-Prefix /service-a-qa
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+    # Optional: tune timeouts or health checks here if needed
+  }
+
+  # -----------------------------
+  # service-a Production: canonicalize and proxy
+  # -----------------------------
+
+  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
+  @a_prodNoSlash path /service-a
+  redir @a_prodNoSlash https://app2.yiem.cc/service-a/ 301
+
+  # Match any production path (covers /service-a, /service-a/, and subpaths)
+  @a_prod path_regexp prod ^/service-a(/.*|$)
+
+  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
+  reverse_proxy @a_prod 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+
+  # -------------------------
+  # service-b QA: canonicalize and proxy
+  # -------------------------
+
+  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
+  @b_qaNoSlash path /service-b-qa
+  redir @b_qaNoSlash https://app2.yiem.cc/service-b-qa/ 301
+
+  # Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
+  @b_qa path_regexp qa ^/service-b-qa(/.*|$)
+
+  # Proxy QA traffic to ingress LB
+  reverse_proxy @b_qa 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+    # Optional: tune timeouts or health checks here if needed
+  }
+
+  # -----------------------------
+  # service-b Production: canonicalize and proxy
+  # -----------------------------
+
+  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
+  @b_prodNoSlash path /service-b
+  redir @b_prodNoSlash https://app2.yiem.cc/service-b/ 301
+
+  # Match any production path (covers /service-b, /service-b/, and subpaths)
+  @b_prod path_regexp prod ^/service-b(/.*|$)
+
+  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
+  reverse_proxy @b_prod 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+
+  # -------------------------
+  # Fallback: forward other requests to the ingress
+  # -------------------------
+  reverse_proxy 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+}
+
+sommpanion.yiem.cc {
+  # Preserve common upstream headers for all proxied requests
+  @all {
+    path_regexp all ^/.*$
+  }
+
+  # -------------------------
+  # wine-db-admin QA: canonicalize and proxy
+  # -------------------------
+
+  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
+  @wine_db_admin_qaNoSlash path /wine-db-admin-qa
+  redir @wine_db_admin_qaNoSlash https://sommpanion.yiem.cc/wine-db-admin-qa/ 301
+
+  # Match any QA path (covers /wine-db-admin-qa, /wine-db-admin-qa/, and subpaths)
+  @wine_db_admin_qa path_regexp qa ^/wine-db-admin-qa(/.*|$)
+
+  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
+  reverse_proxy @wine_db_admin_qa 192.168.88.200:80 {
+    header_up X-Forwarded-Prefix /wine-db-admin-qa
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+    # Optional: tune timeouts or health checks here if needed
+  }
+
+  # -----------------------------
+  # wine-db-admin Production: canonicalize and proxy
+  # -----------------------------
+
+  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
+  @wine_db_admin_prodNoSlash path /wine-db-admin
+  redir @wine_db_admin_prodNoSlash https://sommpanion.yiem.cc/wine-db-admin/ 301
+
+  # Match any production path (covers /wine-db-admin, /wine-db-admin/, and subpaths)
+  @wine_db_admin_prod path_regexp prod ^/wine-db-admin(/.*|$)
+
+  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
+  reverse_proxy @wine_db_admin_prod 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+
+  # -------------------------
+  # wine-retailer-admin QA: canonicalize and proxy
+  # -------------------------
+
+  # Redirect exact no-trailing-slash QA path to canonical trailing-slash
+  @wine_retailer_admin_qaNoSlash path /wine-retailer-admin-qa
+  redir @wine_retailer_admin_qaNoSlash https://sommpanion.yiem.cc/wine-retailer-admin-qa/ 301
+
+  # Match any QA path (covers /wine-retailer-admin-qa, /wine-retailer-admin-qa/, and subpaths)
+  @wine_retailer_admin_qa path_regexp qa ^/wine-retailer-admin-qa(/.*|$)
+
+  # Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
+  reverse_proxy @wine_retailer_admin_qa 192.168.88.200:80 {
+    header_up X-Forwarded-Prefix /wine-retailer-admin-qa
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+    # Optional: tune timeouts or health checks here if needed
+  }
+
+  # -----------------------------
+  # wine-retailer-admin Production: canonicalize and proxy
+  # -----------------------------
+
+  # Redirect exact no-trailing-slash prod path to canonical trailing-slash
+  @wine_retailer_admin_prodNoSlash path /wine-retailer-admin
+  redir @wine_retailer_admin_prodNoSlash https://sommpanion.yiem.cc/wine-retailer-admin/ 301
+
+  # Match any production path (covers /wine-retailer-admin, /wine-retailer-admin/, and subpaths)
+  @wine_retailer_admin_prod path_regexp prod ^/wine-retailer-admin(/.*|$)
+
+  # Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
+  reverse_proxy @wine_retailer_admin_prod 192.168.88.200:80 {
+    header_up Host {http.request.host}
+    header_up X-Real-IP {http.request.remote}
+  }
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100755
index 0000000..3f1cca8
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,16 @@
+services:
+  caddy:
+    image: caddy:2.10
+    container_name: caddy
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./caddy_data:/data
+      - ./caddy_config:/config
+    # network_mode: bridge
+    network_mode: host
+    restart: unless-stopped
+
+