homelab/services/caddy/Caddyfile

{
  email pavel123357@gmail.com

  log {
    output file /var/log/caddy/access.log
    format json
  }
}

:80 {
  respond "Yarik, zdarova"

}

photos.sesur.dev {
  reverse_proxy 127.0.0.1:2283

  # Optional: allow large uploads (adjust as you like)
  request_body {
    max_size 20GB
  }
}

vault.sesur.dev {
  # Admin: allow LAN only
  @admin path /admin*
  handle @admin {
    @notlan not remote_ip 192.168.1.0/24
    respond @notlan 403
    reverse_proxy 127.0.0.1:8222
  }
  
  @negotiate path /notifications/hub/negotiate
  reverse_proxy @negotiate 127.0.0.1:8222

  # WebSocket notifications (Bitwarden clients). Must be routed to 3012.
  @hub path /notifications/hub*
  reverse_proxy @hub 127.0.0.1:3012

  # Everything else (UI + API) goes to main port.
  reverse_proxy 127.0.0.1:8222
  header {
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options "nosniff"
    Referrer-Policy "strict-origin-when-cross-origin"
  }
  log {
    output file /var/log/caddy/access.log
    format json
  }
}

http://adguard.lan {
  reverse_proxy 127.0.0.1:3000
}

http://192.168.1.47 {
  respond "i am working, master"
}

http://dozzle.lan {
  reverse_proxy 127.0.0.1:9999
}
https://remnawave.lan {
  tls internal
  reverse_proxy 127.0.0.1:4000
}
http://cyberchef.lan {
  reverse_proxy 127.0.0.1:8085
}
truenews.sesur.dev {
    root * /srv/vk-podcast-bot/data
    file_server
}