57 lines
1.7 KiB
Django/Jinja
57 lines
1.7 KiB
Django/Jinja
# =============================================================================
|
|
# Shared Caddy - NetBird GitOps PoC
|
|
# =============================================================================
|
|
|
|
{
|
|
servers :80,:443 {
|
|
protocols h1 h2c h2 h3
|
|
}
|
|
email {{ letsencrypt_email }}
|
|
}
|
|
|
|
(security_headers) {
|
|
header * {
|
|
Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
X-XSS-Protection "1; mode=block"
|
|
-Server
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
}
|
|
}
|
|
|
|
# =============================================================================
|
|
# Gitea
|
|
# =============================================================================
|
|
{{ gitea_domain }} {
|
|
import security_headers
|
|
reverse_proxy gitea:{{ gitea_http_port }}
|
|
}
|
|
|
|
# =============================================================================
|
|
# NetBird
|
|
# =============================================================================
|
|
{{ netbird_domain }} {
|
|
import security_headers
|
|
|
|
# Embedded IdP OAuth2 endpoints
|
|
reverse_proxy /oauth2/* management:80
|
|
reverse_proxy /.well-known/openid-configuration management:80
|
|
reverse_proxy /.well-known/jwks.json management:80
|
|
|
|
# NetBird Relay
|
|
reverse_proxy /relay* relay:80
|
|
|
|
# NetBird Signal (gRPC)
|
|
reverse_proxy /signalexchange.SignalExchange/* h2c://signal:10000
|
|
|
|
# NetBird Management API (gRPC)
|
|
reverse_proxy /management.ManagementService/* h2c://management:80
|
|
|
|
# NetBird Management REST API
|
|
reverse_proxy /api/* management:80
|
|
|
|
# NetBird Dashboard (catch-all)
|
|
reverse_proxy /* dashboard:80
|
|
}
|