init: Caddyfile + gitignore

2026-03-01 00:56:39 -05:00 · 2026-03-01 00:56:39 -05:00 · ffdf022fa0
commit ffdf022fa0
2 changed files with 133 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+*.bak*
+*.bak
--- a/131
+++ b/131
@ -0,0 +1,131 @@
+{
+    acme_ca https://acme.zerossl.com/v2/DV90
+    email johan@jongsma.me
+    log {
+        output file /var/log/caddy/access.log {
+            roll_size 100mb
+            roll_keep 5
+        }
+        format json
+    }
+}
+
+inou.com {
+    reverse_proxy 192.168.1.253:1080 {
+        @tarpit status 444
+        handle_response @tarpit {
+            abort
+        }
+    }
+    
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "SAMEORIGIN"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        Permissions-Policy "geolocation=(), microphone=(), camera=()"
+        Cross-Origin-Opener-Policy "same-origin-allow-popups"
+        Cross-Origin-Resource-Policy "same-origin"
+        X-Permitted-Cross-Domain-Policies "none"
+        -Server
+    }
+}
+
+dev.inou.com {
+    reverse_proxy 192.168.1.253:1080 {
+        @tarpit status 444
+        handle_response @tarpit {
+            abort
+        }
+    }
+    
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "SAMEORIGIN"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        -Server
+    }
+}
+
+flourishevents.nl, www.flourishevents.nl {
+    root * /var/www/flourishevents
+    file_server
+}
+
+james.jongsma.me {
+    @blocked not remote_ip 192.168.1.0/24 47.197.93.62 100.64.0.0/10
+    respond @blocked 403
+
+    reverse_proxy 192.168.1.16:18789 {
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+    }
+
+    header {
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        -Server
+    }
+}
+
+# Redirect www to non-www (fixes GSC indexing issue)
+www.inou.com {
+    redir https://inou.com{uri} permanent
+}
+
+docsys.jongsma.me {
+    reverse_proxy 192.168.1.16:9201
+
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "SAMEORIGIN"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        -Server
+    }
+}
+
+
+immich.jongsma.me, immich.jongsma.me:2283 {
+    log {
+        output file /var/log/caddy/immich.log {
+            roll_size 50mb
+            roll_keep 5
+        }
+        format json
+    }
+
+    reverse_proxy 192.168.1.253:2283
+
+    header {
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "SAMEORIGIN"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        -Server
+    }
+}
+
+hass.jongsma.me {
+    reverse_proxy 192.168.1.252:8123
+
+    header {
+        X-Content-Type-Options "nosniff"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        -Server
+    }
+}
+
+vault1984.com, www.vault1984.com {
+    reverse_proxy 192.168.1.16:1984
+
+    header {
+        Strict-Transport-Security "max-age=300; includeSubDomains"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "SAMEORIGIN"
+        Referrer-Policy "strict-origin-when-cross-origin "
+        -Server
+    }
+}