428 lines
12 KiB
Caddyfile
Executable File
428 lines
12 KiB
Caddyfile
Executable File
proxmox11.yiem.cc {
|
|
reverse_proxy 192.168.88.11:8006 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
|
|
proxmox12.yiem.cc {
|
|
reverse_proxy 192.168.88.12:8006 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
|
|
proxmox13.yiem.cc {
|
|
reverse_proxy 192.168.88.13:8006 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
|
|
proxmox14.yiem.cc {
|
|
reverse_proxy 192.168.88.14:8006 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
|
|
proxmox20.yiem.cc {
|
|
reverse_proxy 192.168.88.20:8006 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
|
|
proxmox21.yiem.cc {
|
|
reverse_proxy 192.168.88.21:8006 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
|
|
git.yiem.cc {
|
|
reverse_proxy 192.168.88.110:3000
|
|
}
|
|
|
|
drone.yiem.cc {
|
|
reverse_proxy 192.168.88.110:80
|
|
}
|
|
|
|
registry.yiem.cc {
|
|
route {
|
|
basic_auth {
|
|
cicd $2a$14$JPVuqNDC/Hss3cNMORiN7ubIG19wd2BEQTKuzQKet33uLVSMlsw0q
|
|
}
|
|
reverse_proxy 192.168.88.110:5000
|
|
}
|
|
}
|
|
|
|
argocd.yiem.cc {
|
|
reverse_proxy 192.168.88.200:80
|
|
}
|
|
|
|
|
|
mqtt.yiem.cc:8083/mqtt {
|
|
reverse_proxy localhost:9083
|
|
}
|
|
|
|
mqtt.yiem.cc:8084 {
|
|
reverse_proxy localhost:9084
|
|
}
|
|
|
|
llmembedding.yiem.cc {
|
|
reverse_proxy 192.168.88.50:11434
|
|
}
|
|
|
|
llmvectordb.yiem.cc {
|
|
reverse_proxy 192.168.88.50:6333
|
|
}
|
|
|
|
llmcoder.yiem.cc {
|
|
reverse_proxy 192.168.88.50:8080
|
|
}
|
|
|
|
llmvl.yiem.cc {
|
|
reverse_proxy 192.168.88.51:8080
|
|
}
|
|
|
|
nats.yiem.cc {
|
|
reverse_proxy localhost:9222 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Forwarded-For {http.request.remote}
|
|
header_up X-Forwarded-Proto {http.request.scheme}
|
|
}
|
|
}
|
|
|
|
yiem.cc, www.yiem.cc {
|
|
reverse_proxy 192.168.88.109:10001
|
|
}
|
|
|
|
erp.yiem.cc {
|
|
reverse_proxy 192.168.88.107:8080
|
|
}
|
|
|
|
api.yiem.cc {
|
|
reverse_proxy 192.168.88.102:11434
|
|
}
|
|
|
|
books.yiem.cc {
|
|
reverse_proxy 192.168.88.105:5000
|
|
}
|
|
|
|
media.yiem.cc {
|
|
reverse_proxy 192.168.88.105:8096
|
|
}
|
|
|
|
https://office.yiem.cc:443 {
|
|
reverse_proxy 192.168.88.101:11000
|
|
}
|
|
|
|
https://officeproject.yiem.cc {
|
|
reverse_proxy 192.168.88.101:10003
|
|
}
|
|
|
|
tech.yiem.cc {
|
|
reverse_proxy 192.168.88.109:11001
|
|
}
|
|
|
|
smartfarm.yiem.cc {
|
|
reverse_proxy 192.168.88.109:11050
|
|
}
|
|
|
|
testsite1.yiem.cc {
|
|
reverse_proxy 192.168.88.109:11111
|
|
}
|
|
|
|
wine.yiem.cc {
|
|
reverse_proxy /hq/agent/sommelier/frontend/user* 192.168.88.109:10208
|
|
reverse_proxy /hq/agent/sommelier/frontend/dbadmin* 192.168.88.109:10209
|
|
reverse_proxy /hq/agent/sommelier/frontend/retaileradmin* 192.168.88.109:10207
|
|
reverse_proxy 192.168.88.109:13001
|
|
}
|
|
|
|
blossom.yiem.cc {
|
|
reverse_proxy 192.168.88.109:14001
|
|
}
|
|
|
|
play.yiem.cc {
|
|
reverse_proxy 192.168.88.105:12000
|
|
}
|
|
|
|
app1.yiem.cc {
|
|
# Preserve common upstream headers for all proxied requests
|
|
@all {
|
|
path_regexp all ^/.*$
|
|
}
|
|
|
|
# -------------------------
|
|
# service-a QA: canonicalize and proxy
|
|
# -------------------------
|
|
|
|
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
|
|
@a_qaNoSlash path /service-a-qa
|
|
redir @a_qaNoSlash https://app1.yiem.cc/service-a-qa/ 301
|
|
|
|
# Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
|
|
@a_qa path_regexp qa ^/service-a-qa(/.*|$)
|
|
|
|
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
|
|
reverse_proxy @a_qa 192.168.88.200:80 {
|
|
header_up X-Forwarded-Prefix /service-a-qa
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
# Optional: tune timeouts or health checks here if needed
|
|
}
|
|
|
|
# -----------------------------
|
|
# service-a Production: canonicalize and proxy
|
|
# -----------------------------
|
|
|
|
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
|
|
@a_prodNoSlash path /service-a
|
|
redir @a_prodNoSlash https://app1.yiem.cc/service-a/ 301
|
|
|
|
# Match any production path (covers /service-a, /service-a/, and subpaths)
|
|
@a_prod path_regexp prod ^/service-a(/.*|$)
|
|
|
|
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
|
|
reverse_proxy @a_prod 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
|
|
# -------------------------
|
|
# service-b QA: canonicalize and proxy
|
|
# -------------------------
|
|
|
|
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
|
|
@b_qaNoSlash path /service-b-qa
|
|
redir @b_qaNoSlash https://app1.yiem.cc/service-b-qa/ 301
|
|
|
|
# Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
|
|
@b_qa path_regexp qa ^/service-b-qa(/.*|$)
|
|
|
|
# Proxy QA traffic to ingress LB
|
|
reverse_proxy @b_qa 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
# Optional: tune timeouts or health checks here if needed
|
|
}
|
|
|
|
# -----------------------------
|
|
# service-b Production: canonicalize and proxy
|
|
# -----------------------------
|
|
|
|
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
|
|
@b_prodNoSlash path /service-b
|
|
redir @b_prodNoSlash https://app1.yiem.cc/service-b/ 301
|
|
|
|
# Match any production path (covers /service-b, /service-b/, and subpaths)
|
|
@b_prod path_regexp prod ^/service-b(/.*|$)
|
|
|
|
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
|
|
reverse_proxy @b_prod 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
|
|
# -------------------------
|
|
# Fallback: forward other requests to the ingress
|
|
# -------------------------
|
|
reverse_proxy 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
}
|
|
|
|
# =============================
|
|
# app2.yiem.cc: Reverse Proxy Configuration
|
|
# =============================
|
|
app2.yiem.cc {
|
|
# Preserve common upstream headers for all proxied requests
|
|
@all {
|
|
path_regexp all ^/.*$
|
|
}
|
|
|
|
# -------------------------
|
|
# service-a QA: canonicalize and proxy
|
|
# -------------------------
|
|
|
|
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
|
|
@a_qaNoSlash path /service-a-qa
|
|
redir @a_qaNoSlash https://app2.yiem.cc/service-a-qa/ 301
|
|
|
|
# Match any QA path (covers /service-a-qa, /service-a-qa/, and subpaths)
|
|
@a_qa path_regexp qa ^/service-a-qa(/.*|$)
|
|
|
|
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
|
|
reverse_proxy @a_qa 192.168.88.200:80 {
|
|
header_up X-Forwarded-Prefix /service-a-qa
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
# Optional: tune timeouts or health checks here if needed
|
|
}
|
|
|
|
# -----------------------------
|
|
# service-a Production: canonicalize and proxy
|
|
# -----------------------------
|
|
|
|
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
|
|
@a_prodNoSlash path /service-a
|
|
redir @a_prodNoSlash https://app2.yiem.cc/service-a/ 301
|
|
|
|
# Match any production path (covers /service-a, /service-a/, and subpaths)
|
|
@a_prod path_regexp prod ^/service-a(/.*|$)
|
|
|
|
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
|
|
reverse_proxy @a_prod 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
|
|
# -------------------------
|
|
# service-b QA: canonicalize and proxy
|
|
# -------------------------
|
|
|
|
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
|
|
@b_qaNoSlash path /service-b-qa
|
|
redir @b_qaNoSlash https://app2.yiem.cc/service-b-qa/ 301
|
|
|
|
# Match any QA path (covers /service-b-qa, /service-b-qa/, and subpaths)
|
|
@b_qa path_regexp qa ^/service-b-qa(/.*|$)
|
|
|
|
# Proxy QA traffic to ingress LB
|
|
reverse_proxy @b_qa 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
# Optional: tune timeouts or health checks here if needed
|
|
}
|
|
|
|
# -----------------------------
|
|
# service-b Production: canonicalize and proxy
|
|
# -----------------------------
|
|
|
|
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
|
|
@b_prodNoSlash path /service-b
|
|
redir @b_prodNoSlash https://app2.yiem.cc/service-b/ 301
|
|
|
|
# Match any production path (covers /service-b, /service-b/, and subpaths)
|
|
@b_prod path_regexp prod ^/service-b(/.*|$)
|
|
|
|
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
|
|
reverse_proxy @b_prod 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
|
|
# -------------------------
|
|
# Fallback: forward other requests to the ingress
|
|
# -------------------------
|
|
reverse_proxy 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
}
|
|
|
|
sommpanion.yiem.cc {
|
|
# Preserve common upstream headers for all proxied requests
|
|
@all {
|
|
path_regexp all ^/.*$
|
|
}
|
|
|
|
# -------------------------
|
|
# wine-db-admin QA: canonicalize and proxy
|
|
# -------------------------
|
|
|
|
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
|
|
@wine_db_admin_qaNoSlash path /wine-db-admin-qa
|
|
redir @wine_db_admin_qaNoSlash https://sommpanion.yiem.cc/wine-db-admin-qa/ 301
|
|
|
|
# Match any QA path (covers /wine-db-admin-qa, /wine-db-admin-qa/, and subpaths)
|
|
@wine_db_admin_qa path_regexp qa ^/wine-db-admin-qa(/.*|$)
|
|
|
|
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
|
|
reverse_proxy @wine_db_admin_qa 192.168.88.200:80 {
|
|
header_up X-Forwarded-Prefix /wine-db-admin-qa
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
# Optional: tune timeouts or health checks here if needed
|
|
}
|
|
|
|
# -----------------------------
|
|
# wine-db-admin Production: canonicalize and proxy
|
|
# -----------------------------
|
|
|
|
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
|
|
@wine_db_admin_prodNoSlash path /wine-db-admin
|
|
redir @wine_db_admin_prodNoSlash https://sommpanion.yiem.cc/wine-db-admin/ 301
|
|
|
|
# Match any production path (covers /wine-db-admin, /wine-db-admin/, and subpaths)
|
|
@wine_db_admin_prod path_regexp prod ^/wine-db-admin(/.*|$)
|
|
|
|
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
|
|
reverse_proxy @wine_db_admin_prod 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
|
|
# -------------------------
|
|
# wine-retailer-admin QA: canonicalize and proxy
|
|
# -------------------------
|
|
|
|
# Redirect exact no-trailing-slash QA path to canonical trailing-slash
|
|
@wine_retailer_admin_qaNoSlash path /wine-retailer-admin-qa
|
|
redir @wine_retailer_admin_qaNoSlash https://sommpanion.yiem.cc/wine-retailer-admin-qa/ 301
|
|
|
|
# Match any QA path (covers /wine-retailer-admin-qa, /wine-retailer-admin-qa/, and subpaths)
|
|
@wine_retailer_admin_qa path_regexp qa ^/wine-retailer-admin-qa(/.*|$)
|
|
|
|
# Proxy QA traffic to ingress LB and inject X-Forwarded-Prefix
|
|
reverse_proxy @wine_retailer_admin_qa 192.168.88.200:80 {
|
|
header_up X-Forwarded-Prefix /wine-retailer-admin-qa
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
# Optional: tune timeouts or health checks here if needed
|
|
}
|
|
|
|
# -----------------------------
|
|
# wine-retailer-admin Production: canonicalize and proxy
|
|
# -----------------------------
|
|
|
|
# Redirect exact no-trailing-slash prod path to canonical trailing-slash
|
|
@wine_retailer_admin_prodNoSlash path /wine-retailer-admin
|
|
redir @wine_retailer_admin_prodNoSlash https://sommpanion.yiem.cc/wine-retailer-admin/ 301
|
|
|
|
# Match any production path (covers /wine-retailer-admin, /wine-retailer-admin/, and subpaths)
|
|
@wine_retailer_admin_prod path_regexp prod ^/wine-retailer-admin(/.*|$)
|
|
|
|
# Proxy production traffic to ingress LB; X-Forwarded-Prefix not required if ingress rewrites
|
|
reverse_proxy @wine_retailer_admin_prod 192.168.88.200:80 {
|
|
header_up Host {http.request.host}
|
|
header_up X-Real-IP {http.request.remote}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|