unoffical wafrn mirror
wafrn.net
atproto
social-network
activitypub
jbc.lol
impl canBite base, redirect @user to /fediverse/blog/user on caddy, hopefully fix enable bsky problem
1{
2 email ${{ACME_EMAIL}}
3
4 log {
5
6 }
7
8 metrics {
9 per_host
10 }
11
12 admin 0.0.0.0:2019
13
14 on_demand_tls {
15 ask http://${{PDS_HOST:-pds:3000}}/tls-check
16 }
17
18 import /etc/caddy/config/global/* ${{DOMAIN_NAME}}
19}
20
21${{MEDIA_DOMAIN}} {
22 import /etc/caddy/config/media_domain_pre/* ${{DOMAIN_NAME}} ${{MEDIA_DOMAIN}}
23
24 handle {
25 root * /var/www/html/uploads/
26 try_files {path} /index.html
27 file_server
28 }
29
30 import /etc/caddy/config/media_domain_post/* ${{DOMAIN_NAME}} ${{MEDIA_DOMAIN}}
31}
32
33${{CACHE_DOMAIN}} {
34 import /etc/caddy/config/cache_domain_pre/* ${{DOMAIN_NAME}} ${{CACHE_DOMAIN}}
35
36 handle /api/cache* {
37 reverse_proxy ${{CACHE_HOST:-backend:9000}}
38 }
39
40 handle /api/v2/cache/* {
41 reverse_proxy ${{CACHE_HOST:-backend:9000}}
42 }
43
44 import /etc/caddy/config/cache_domain_post/* ${{DOMAIN_NAME}} ${{CACHE_DOMAIN}}
45}
46
47${{DOMAIN_NAME}} {
48 encode zstd gzip
49
50 import /etc/caddy/config/main_domain_pre/* ${{DOMAIN_NAME}}
51
52 header * {
53 X-Clacks-Overhead "GNU Terry Pratchett"
54 Service-Worker-Allowed: "/",
55 # Cache-Control: no-cache, no-store, must-revalidate
56 Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}} ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline'; style-src-elem 'self' data: 'unsafe-inline'; style-src-attr 'self' data: 'unsafe-inline'; object-src 'self' https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}} ; frame-src 'self' https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}}; worker-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'"
57 }
58
59 @atPaths path_regexp at ^/@(.*)$
60 redir @atPaths /fediverse/blog/{re.at.1} 301
61
62 handle_path /api/websocket* {
63 reverse_proxy ${{WEBSOCKET_HOST:-backend:9000}}
64 }
65
66 @api path /api* /fediverse* /contexts* /post* /blog* /.well-known*
67
68 handle @api {
69 reverse_proxy ${{BACKEND_HOST:-backend:9000}}
70 }
71
72
73 handle_path /adminer* {
74 reverse_proxy ${{ADMINER_HOST:-adminer:8080}}
75 }
76
77 import /etc/caddy/config/main_domain_mid/* ${{DOMAIN_NAME}}
78
79 handle {
80 root * /var/www/html/frontend/
81 try_files {path} /index.html
82 file_server
83 }
84
85 import /etc/caddy/config/main_domain_post/* ${{DOMAIN_NAME}}
86}
87
88monitoring.${{DOMAIN_NAME}} {
89 import /etc/caddy/config/monitoring_domain_pre/* ${{DOMAIN_NAME}}
90
91 reverse_proxy ${{GRAFANA_HOST:-grafana:2345}}
92
93 import /etc/caddy/config/monitoring_domain_post/* ${{DOMAIN_NAME}}
94}
95
96${{PDS_DOMAIN_NAME}} *.${{PDS_DOMAIN_NAME}} {
97 import /etc/caddy/config/pds_domain_pre/* ${{DOMAIN_NAME}} ${{PDS_DOMAIN_NAME}}
98
99 tls {
100 on_demand
101 }
102
103 handle /favicon.ico {
104 root * /var/www/html/frontend/
105 try_files {path} /favicon.ico
106 file_server
107 }
108
109 handle / {
110 root * /pds-homepage
111 try_files {path} /pds.txt
112 file_server
113 }
114
115 reverse_proxy ${{PDS_HOST:-pds:3000}}
116
117 import /etc/caddy/config/pds_domain_post/* ${{DOMAIN_NAME}} ${{PDS_DOMAIN_NAME}}
118}
119
120import /etc/caddy/config/vhosts/* ${{DOMAIN_NAME}}