{ acme_ca https://acme.zerossl.com/v2/DV90 email johan@jongsma.me log { output file /var/log/caddy/access.log { roll_size 5mb roll_keep 2 } format json } } inou.com { reverse_proxy 192.168.100.2:1080 { @tarpit status 444 handle_response @tarpit { abort } } header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" Referrer-Policy "strict-origin-when-cross-origin" Permissions-Policy "geolocation=(), microphone=(), camera=()" Cross-Origin-Opener-Policy "same-origin-allow-popups" Cross-Origin-Resource-Policy "same-origin" X-Permitted-Cross-Domain-Policies "none" -Server } } dev.inou.com { reverse_proxy 192.168.1.253:1080 { @tarpit status 444 handle_response @tarpit { abort } } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" Referrer-Policy "strict-origin-when-cross-origin" -Server } } flourishevents.nl, www.flourishevents.nl, flourish.jongsma.me { root * /var/www/flourishevents file_server } james.jongsma.me { @blocked not remote_ip 192.168.1.0/24 47.197.93.62 100.64.0.0/10 respond @blocked 403 reverse_proxy 192.168.1.16:18789 { header_up X-Forwarded-For {remote_host} header_up X-Real-IP {remote_host} header_up X-Forwarded-Proto {scheme} } header { X-Content-Type-Options "nosniff" X-Frame-Options "DENY" Referrer-Policy "strict-origin-when-cross-origin" -Server } } # Redirect www to non-www (fixes GSC indexing issue) www.inou.com { redir https://inou.com{uri} permanent } docsys.jongsma.me { reverse_proxy 192.168.1.16:9201 header { Strict-Transport-Security "max-age=31536000; includeSubDomains" X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" Referrer-Policy "strict-origin-when-cross-origin" -Server } } immich.jongsma.me, immich.jongsma.me:2283 { log { output file /var/log/caddy/immich.log { roll_size 5mb roll_keep 2 } format json } reverse_proxy 192.168.1.253:2283 header { X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" Referrer-Policy "strict-origin-when-cross-origin" -Server } } hass.jongsma.me { reverse_proxy 192.168.1.252:8123 header { X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" -Server } } clavitor.jongsma.me { handle_path /account/* { reverse_proxy 192.168.1.16:8098 } @account path /account handle @account { redir /account/ 301 } reverse_proxy https://192.168.1.16:1984 { header_up Host {http.request.host} transport http { tls_insecure_skip_verify } } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" X-Content-Type-Options "nosniff" X-Frame-Options "DENY" Referrer-Policy "strict-origin-when-cross-origin" -Server } } dev.clavitor.ai { reverse_proxy 192.168.1.16:1984 { } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" X-Content-Type-Options "nosniff" X-Frame-Options "DENY" Referrer-Policy "strict-origin-when-cross-origin" -Server } } app.clavitor.ai { tls { ca https://acme-v02.api.letsencrypt.org/directory } reverse_proxy https://192.168.1.16:1984 { header_up Host {http.request.host} transport http { tls_insecure_skip_verify } } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" X-Content-Type-Options "nosniff" X-Frame-Options "DENY" Referrer-Policy "strict-origin-when-cross-origin" -Server } } } admin.dev.clavitor.ai { reverse_proxy 192.168.1.16:1985 }