Switch to terraform
This commit is contained in:
Prox
56
ansible/caddy/templates/Caddyfile.j2
Normal file
56
ansible/caddy/templates/Caddyfile.j2
Normal file
@@ -0,0 +1,56 @@
|
||||
# =============================================================================
|
||||
# Shared Caddy - NetBird GitOps PoC
|
||||
# =============================================================================
|
||||
{
|
||||
servers :80,:443 {
|
||||
protocols h1 h2c h2 h3
|
||||
}
|
||||
email {{ letsencrypt_email }}
|
||||
}
|
||||
|
||||
(security_headers) {
|
||||
header * {
|
||||
Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
-Server
|
||||
Referrer-Policy strict-origin-when-cross-origin
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# Gitea
|
||||
# =============================================================================
|
||||
{{ gitea_domain }} {
|
||||
import security_headers
|
||||
reverse_proxy gitea:{{ gitea_http_port }}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# NetBird
|
||||
# =============================================================================
|
||||
{{ netbird_domain }} {
|
||||
import security_headers
|
||||
|
||||
# Embedded IdP OAuth2 endpoints
|
||||
reverse_proxy /oauth2/* management:80
|
||||
reverse_proxy /.well-known/openid-configuration management:80
|
||||
reverse_proxy /.well-known/jwks.json management:80
|
||||
|
||||
# NetBird Relay
|
||||
reverse_proxy /relay* relay:80
|
||||
|
||||
# NetBird Signal (gRPC)
|
||||
reverse_proxy /signalexchange.SignalExchange/* h2c://signal:10000
|
||||
|
||||
# NetBird Management API (gRPC)
|
||||
reverse_proxy /management.ManagementService/* h2c://management:80
|
||||
|
||||
# NetBird Management REST API
|
||||
reverse_proxy /api/* management:80
|
||||
|
||||
# NetBird Dashboard (catch-all)
|
||||
reverse_proxy /* dashboard:80
|
||||
}
|
||||
}
|
||||
35
ansible/caddy/templates/docker-compose.yml.j2
Normal file
35
ansible/caddy/templates/docker-compose.yml.j2
Normal file
@@ -0,0 +1,35 @@
|
||||
networks:
|
||||
# Connect to Gitea network
|
||||
gitea:
|
||||
name: {{ gitea_network }}
|
||||
external: true
|
||||
# Connect to NetBird network
|
||||
netbird:
|
||||
name: {{ netbird_network }}
|
||||
external: true
|
||||
|
||||
services:
|
||||
caddy:
|
||||
image: caddy:alpine
|
||||
container_name: caddy
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- gitea
|
||||
- netbird
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "443:443/udp"
|
||||
volumes:
|
||||
- {{ caddy_base_dir }}/Caddyfile:/etc/caddy/Caddyfile
|
||||
- caddy_data:/data
|
||||
- caddy_config:/config
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "100m"
|
||||
max-file: "2"
|
||||
|
||||
volumes:
|
||||
caddy_data:
|
||||
caddy_config:
|
||||
Reference in New Issue
Block a user