import /opt/homelab/services/caddy/snippets/*.caddy { email pavel123357@gmail.com log { output file /var/log/caddy/access.log format json } } pass.sesur.dev { reverse_proxy 127.0.0.1:9000 } home.sesur.dev { route { import authentik_forward_auth reverse_proxy 127.0.0.1:3050 } } dozzle.sesur.dev { route { import authentik_forward_auth reverse_proxy 127.0.0.1:9999 } } photos.sesur.dev { log { output file /var/log/caddy/access.log format json } reverse_proxy 127.0.0.1:2283 # Optional: allow large uploads (adjust as you like) request_body { max_size 20GB } } vault.sesur.dev { # Admin: allow LAN only @admin path /admin* handle @admin { @notlan not remote_ip 192.168.1.0/24 respond @notlan 403 reverse_proxy 127.0.0.1:8222 } @negotiate path /notifications/hub/negotiate reverse_proxy @negotiate 127.0.0.1:8222 # WebSocket notifications (Bitwarden clients). Must be routed to 3012. @hub path /notifications/hub* reverse_proxy @hub 127.0.0.1:3012 # Everything else (UI + API) goes to main port. reverse_proxy 127.0.0.1:8222 header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" X-Content-Type-Options "nosniff" Referrer-Policy "strict-origin-when-cross-origin" } log { output file /var/log/caddy/access.log format json } } http://adguard.lan { reverse_proxy 127.0.0.1:3000 } http://192.168.1.47 { respond "i am working, master" } http://dozzle.lan { reverse_proxy 127.0.0.1:9999 } rat.sesur.dev { handle /api/sub/* { reverse_proxy 127.0.0.1:4000 } route { import authentik_forward_auth reverse_proxy 127.0.0.1:4000 } } rat-api.sesur.dev { @notAllowed { not remote_ip 31.57.61.253 } respond @notAllowed "Forbidden" 403 reverse_proxy 127.0.0.1:4000 } http://cyberchef.lan { reverse_proxy 127.0.0.1:8095 } truenews.sesur.dev { root * /srv/vk-podcast-bot/data file_server } arhip.sesur.dev { header Content-Type text/html respond <

Arhip pidoras i shavka

EOF }