feat: adds nextcloud and plex

fix: caddy stuff
2025-07-19 03:08:16 +02:00
parent 085d037f77
commit 10374bc2e6
19 changed files with 733 additions and 227 deletions
--- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
+++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
@@ -98,23 +98,6 @@ df.mvl.sh {
   tls {{ caddy_email }}
 }

-overseerr.mvl.sh jellyseerr.mvl.sh overseerr.vleeuwen.me jellyseerr.vleeuwen.me {
-   import country_block
-   reverse_proxy mennos-cachyos-desktop:5555
-   tls {{ caddy_email }}
-}
-
-anime.mvl.sh anime.vleeuwen.me {
-   import country_block
-   reverse_proxy jellyfin:8096
-   tls {{ caddy_email }}
-}
-
-fladder.mvl.sh {
-   import country_block
-   reverse_proxy fladder:80
-   tls {{ caddy_email }}
-}
 {% elif inventory_hostname == 'mennos-cachyos-desktop' %}
 home.vleeuwen.me {
   import country_block
@@ -127,16 +110,12 @@ home.vleeuwen.me {
   }
   tls {{ caddy_email }}
 }
+
 bin.mvl.sh {
   import country_block
   reverse_proxy privatebin:8080
   tls {{ caddy_email }}
 }
-jellyfin.mvl.sh jellyfin.vleeuwen.me {
-   import country_block
-   reverse_proxy jellyfin:8096
-   tls {{ caddy_email }}
-}

 ip.mvl.sh ip.vleeuwen.me {
   import country_block
@@ -158,4 +137,66 @@ http://ip.mvl.sh http://ip.vleeuwen.me {
       header_up X-Forwarded-Host {host}
   }
 }
+
+overseerr.mvl.sh overseerr.vleeuwen.me {
+   import country_block
+   reverse_proxy host.docker.internal:5555
+   tls {{ caddy_email }}
+}
+
+plex.mvl.sh plex.vleeuwen.me {
+   import country_block
+   reverse_proxy host.docker.internal:32400 {
+       header_up Host {upstream_hostport}
+       header_up X-Real-IP {http.request.remote.host}
+       header_up X-Forwarded-For {http.request.remote.host}
+       header_up X-Forwarded-Proto {scheme}
+       header_up X-Forwarded-Host {host}
+   }
+   tls {{ caddy_email }}
+}
+
+drive.mvl.sh drive.vleeuwen.me {
+   import country_block
+   
+   # CalDAV and CardDAV redirects
+   redir /.well-known/carddav /remote.php/dav/ 301
+   redir /.well-known/caldav /remote.php/dav/ 301
+   
+   # Handle other .well-known requests
+   handle /.well-known/* {
+       reverse_proxy nextcloud:80 {
+           header_up Host {host}
+           header_up X-Real-IP {http.request.remote.host}
+           header_up X-Forwarded-For {http.request.remote.host}
+           header_up X-Forwarded-Proto {scheme}
+           header_up X-Forwarded-Host {host}
+       }
+   }
+
+   # Main reverse proxy configuration with proper headers
+   reverse_proxy nextcloud:80 {
+       header_up Host {host}
+       header_up X-Real-IP {http.request.remote.host}
+       header_up X-Forwarded-For {http.request.remote.host}
+       header_up X-Forwarded-Proto {scheme}
+       header_up X-Forwarded-Host {host}
+   }
+   
+   # Security headers
+   header {
+       # HSTS header for enhanced security (required by Nextcloud)
+       Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+       # Additional security headers recommended for Nextcloud
+       X-Content-Type-Options "nosniff"
+       X-Frame-Options "SAMEORIGIN"
+       Referrer-Policy "no-referrer"
+       X-XSS-Protection "1; mode=block"
+       X-Permitted-Cross-Domain-Policies "none"
+       X-Robots-Tag "noindex, nofollow"
+   }
+   
+   tls {{ caddy_email }}
+}
+
 {% endif %}