2026-01-25 09:35:06 -08:00
|
|
|
# Caddy reverse proxy for blumeops services
|
|
|
|
|
# Managed by ansible - do not edit manually
|
|
|
|
|
#
|
|
|
|
|
# All *.{{ caddy_domain }} requests are proxied to backend services.
|
|
|
|
|
# TLS certificates are obtained via ACME DNS-01 challenge using Gandi.
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
# Global options
|
|
|
|
|
admin off
|
2026-01-25 11:37:23 -08:00
|
|
|
|
|
|
|
|
{% if caddy_ssh_services %}
|
|
|
|
|
# Layer 4 (TCP) routing for SSH services
|
|
|
|
|
layer4 {
|
|
|
|
|
{% for ssh_svc in caddy_ssh_services %}
|
|
|
|
|
:{{ ssh_svc.port }} {
|
|
|
|
|
route {
|
|
|
|
|
proxy {{ ssh_svc.backend }}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
2026-01-25 09:35:06 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Wildcard certificate for all services
|
|
|
|
|
*.{{ caddy_domain }}:{{ caddy_https_port }} {
|
|
|
|
|
tls {
|
|
|
|
|
dns gandi {env.GANDI_BEARER_TOKEN}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{% for service in caddy_services %}
|
|
|
|
|
@{{ service.name }} host {{ service.host }}
|
|
|
|
|
handle @{{ service.name }} {
|
|
|
|
|
reverse_proxy {{ service.backend }}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{% endfor %}
|
|
|
|
|
# Fallback for unknown hosts
|
|
|
|
|
handle {
|
|
|
|
|
respond "Unknown service" 404
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Base domain (ops.eblu.me)
|
|
|
|
|
{{ caddy_domain }}:{{ caddy_https_port }} {
|
|
|
|
|
tls {
|
|
|
|
|
dns gandi {env.GANDI_BEARER_TOKEN}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
respond "blumeops services - use a subdomain (e.g., forge.{{ caddy_domain }})"
|
|
|
|
|
}
|
