ton/caddy-reverse-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1st commit

Browse Source
This commit is contained in:
narawat lamaiin
2026-03-21 20:34:59 +07:00
commit bfe55a6b49
2 changed files with 443 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

427
Caddyfile Executable file
View File

@@ -0,0 +1,427 @@
proxmox11.yiem.cc {
reverse_proxy 192.168.88.11:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
proxmox12.yiem.cc {
reverse_proxy 192.168.88.12:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
proxmox13.yiem.cc {
reverse_proxy 192.168.88.13:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
proxmox14.yiem.cc {
reverse_proxy 192.168.88.14:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
proxmox20.yiem.cc {
reverse_proxy 192.168.88.20:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
proxmox21.yiem.cc {
reverse_proxy 192.168.88.21:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
git.yiem.cc {
reverse_proxy 192.168.88.110:3000
}
drone.yiem.cc {
reverse_proxy 192.168.88.110:80
}
registry.yiem.cc {
route {
basic_auth {
cicd $2a$14$JPVuqNDC/Hss3cNMORiN7ubIG19wd2BEQTKuzQKet33uLVSMlsw0q
}
reverse_proxy 192.168.88.110:5000
}
}
argocd.yiem.cc {
reverse_proxy 192.168.88.200:80
}
mqtt.yiem.cc:8083/mqtt {
reverse_proxy localhost:9083
}
mqtt.yiem.cc:8084 {
reverse_proxy localhost:9084
}
llmembedding.yiem.cc {
reverse_proxy 192.168.88.50:11434
}
llmvectordb.yiem.cc {
reverse_proxy 192.168.88.50:6333
}
llmcoder.yiem.cc {
reverse_proxy 192.168.88.50:8080
}
llmvl.yiem.cc {
reverse_proxy 192.168.88.51:8080
}
nats.yiem.cc {
reverse_proxy localhost:9222 {
header_up Host {http.request.host}
header_up X-Forwarded-For {http.request.remote}
header_up X-Forwarded-Proto {http.request.scheme}
}
}
yiem.cc, www.yiem.cc {
reverse_proxy 192.168.88.109:10001
}
erp.yiem.cc {
reverse_proxy 192.168.88.107:8080
}
api.yiem.cc {
reverse_proxy 192.168.88.102:11434
}
books.yiem.cc {
reverse_proxy 192.168.88.105:5000
}
media.yiem.cc {
reverse_proxy 192.168.88.105:8096
}
https://office.yiem.cc:443 {
reverse_proxy 192.168.88.101:11000
}
https://officeproject.yiem.cc {
reverse_proxy 192.168.88.101:10003
}
tech.yiem.cc {
reverse_proxy 192.168.88.109:11001
}
smartfarm.yiem.cc {
reverse_proxy 192.168.88.109:11050
}
testsite1.yiem.cc {
reverse_proxy 192.168.88.109:11111
}
wine.yiem.cc {
reverse_proxy /hq/agent/sommelier/frontend/user* 192.168.88.109:10208
reverse_proxy /hq/agent/sommelier/frontend/dbadmin* 192.168.88.109:10209
reverse_proxy /hq/agent/sommelier/frontend/retaileradmin* 192.168.88.109:10207
reverse_proxy 192.168.88.109:13001
}
blossom.yiem.cc {
reverse_proxy 192.168.88.109:14001
}
play.yiem.cc {
reverse_proxy 192.168.88.105:12000
}
app1.yiem.cc {
# Preserve common upstream headers for all proxied requests
@all {
path_regexp all ^/.*$
}
# -------------------------
# service-a QA: canonicalize and proxy
# -------------------------
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
@a_qaNoSlash path /service-a-qa
redir @a_qaNoSlash https://app1.yiem.cc/service-a-qa/ 301
# Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
@a_qa path_regexp qa ^/service-a-qa(/.*|$)
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
reverse_proxy @a_qa 192.168.88.200:80 {
header_up X-Forwarded-Prefix /service-a-qa
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
# Optional: tune timeouts or health checks here if needed
}
# -----------------------------
# service-a Production: canonicalize and proxy
# -----------------------------
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
@a_prodNoSlash path /service-a
redir @a_prodNoSlash https://app1.yiem.cc/service-a/ 301
# Match any production path (covers /service-a, /service-a/, and subpaths)
@a_prod path_regexp prod ^/service-a(/.*|$)
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
reverse_proxy @a_prod 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
# -------------------------
# service-b QA: canonicalize and proxy
# -------------------------
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
@b_qaNoSlash path /service-b-qa
redir @b_qaNoSlash https://app1.yiem.cc/service-b-qa/ 301
# Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
@b_qa path_regexp qa ^/service-b-qa(/.*|$)
# Proxy QA traffic to ingress LB
reverse_proxy @b_qa 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
# Optional: tune timeouts or health checks here if needed
}
# -----------------------------
# service-b Production: canonicalize and proxy
# -----------------------------
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
@b_prodNoSlash path /service-b
redir @b_prodNoSlash https://app1.yiem.cc/service-b/ 301
# Match any production path (covers /service-b, /service-b/, and subpaths)
@b_prod path_regexp prod ^/service-b(/.*|$)
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
reverse_proxy @b_prod 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
# -------------------------
# Fallback: forward other requests to the ingress
# -------------------------
reverse_proxy 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
}
# =============================
# app2.yiem.cc: Reverse Proxy Configuration
# =============================
app2.yiem.cc {
# Preserve common upstream headers for all proxied requests
@all {
path_regexp all ^/.*$
}
# -------------------------
# service-a QA: canonicalize and proxy
# -------------------------
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
@a_qaNoSlash path /service-a-qa
redir @a_qaNoSlash https://app2.yiem.cc/service-a-qa/ 301
# Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
@a_qa path_regexp qa ^/service-a-qa(/.*|$)
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
reverse_proxy @a_qa 192.168.88.200:80 {
header_up X-Forwarded-Prefix /service-a-qa
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
# Optional: tune timeouts or health checks here if needed
}
# -----------------------------
# service-a Production: canonicalize and proxy
# -----------------------------
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
@a_prodNoSlash path /service-a
redir @a_prodNoSlash https://app2.yiem.cc/service-a/ 301
# Match any production path (covers /service-a, /service-a/, and subpaths)
@a_prod path_regexp prod ^/service-a(/.*|$)
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
reverse_proxy @a_prod 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
# -------------------------
# service-b QA: canonicalize and proxy
# -------------------------
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
@b_qaNoSlash path /service-b-qa
redir @b_qaNoSlash https://app2.yiem.cc/service-b-qa/ 301
# Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
@b_qa path_regexp qa ^/service-b-qa(/.*|$)
# Proxy QA traffic to ingress LB
reverse_proxy @b_qa 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
# Optional: tune timeouts or health checks here if needed
}
# -----------------------------
# service-b Production: canonicalize and proxy
# -----------------------------
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
@b_prodNoSlash path /service-b
redir @b_prodNoSlash https://app2.yiem.cc/service-b/ 301
# Match any production path (covers /service-b, /service-b/, and subpaths)
@b_prod path_regexp prod ^/service-b(/.*|$)
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
reverse_proxy @b_prod 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
# -------------------------
# Fallback: forward other requests to the ingress
# -------------------------
reverse_proxy 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
}
sommpanion.yiem.cc {
# Preserve common upstream headers for all proxied requests
@all {
path_regexp all ^/.*$
}
# -------------------------
# wine-db-admin QA: canonicalize and proxy
# -------------------------
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
@wine_db_admin_qaNoSlash path /wine-db-admin-qa
redir @wine_db_admin_qaNoSlash https://sommpanion.yiem.cc/wine-db-admin-qa/ 301
# Match any QA path (covers /wine-db-admin-qa, /wine-db-admin-qa/, and subpaths)
@wine_db_admin_qa path_regexp qa ^/wine-db-admin-qa(/.*|$)
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
reverse_proxy @wine_db_admin_qa 192.168.88.200:80 {
header_up X-Forwarded-Prefix /wine-db-admin-qa
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
# Optional: tune timeouts or health checks here if needed
}
# -----------------------------
# wine-db-admin Production: canonicalize and proxy
# -----------------------------
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
@wine_db_admin_prodNoSlash path /wine-db-admin
redir @wine_db_admin_prodNoSlash https://sommpanion.yiem.cc/wine-db-admin/ 301
# Match any production path (covers /wine-db-admin, /wine-db-admin/, and subpaths)
@wine_db_admin_prod path_regexp prod ^/wine-db-admin(/.*|$)
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
reverse_proxy @wine_db_admin_prod 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
# -------------------------
# wine-retailer-admin QA: canonicalize and proxy
# -------------------------
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
@wine_retailer_admin_qaNoSlash path /wine-retailer-admin-qa
redir @wine_retailer_admin_qaNoSlash https://sommpanion.yiem.cc/wine-retailer-admin-qa/ 301
# Match any QA path (covers /wine-retailer-admin-qa, /wine-retailer-admin-qa/, and subpaths)
@wine_retailer_admin_qa path_regexp qa ^/wine-retailer-admin-qa(/.*|$)
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
reverse_proxy @wine_retailer_admin_qa 192.168.88.200:80 {
header_up X-Forwarded-Prefix /wine-retailer-admin-qa
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
# Optional: tune timeouts or health checks here if needed
}
# -----------------------------
# wine-retailer-admin Production: canonicalize and proxy
# -----------------------------
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
@wine_retailer_admin_prodNoSlash path /wine-retailer-admin
redir @wine_retailer_admin_prodNoSlash https://sommpanion.yiem.cc/wine-retailer-admin/ 301
# Match any production path (covers /wine-retailer-admin, /wine-retailer-admin/, and subpaths)
@wine_retailer_admin_prod path_regexp prod ^/wine-retailer-admin(/.*|$)
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
reverse_proxy @wine_retailer_admin_prod 192.168.88.200:80 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
}