From 4242e037b0174546e6789bf1019e327dfad75b0f Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Tue, 22 Jul 2025 21:53:22 +0200 Subject: [PATCH] Remove redundant X-Forwarded headers and redirect domains --- .../tasks/servers/services/caddy/Caddyfile.j2 | 30 +++++-------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index eca880a..4f42aea 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -95,9 +95,6 @@ home.vleeuwen.me { reverse_proxy host.docker.internal:8123 { header_up Host {upstream_hostport} header_up X-Real-IP {http.request.remote.host} - header_up X-Forwarded-For {http.request.remote.host} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} } tls {{ caddy_email }} } @@ -108,7 +105,6 @@ unifi.mvl.sh { tls_insecure_skip_verify } header_up Host {host} - header_up X-Forwarded-Proto https } tls {{ caddy_email }} } @@ -119,7 +115,6 @@ hotspot.mvl.sh { tls_insecure_skip_verify } header_up Host {host} - header_up X-Forwarded-Proto https } tls {{ caddy_email }} } @@ -138,9 +133,6 @@ ip.mvl.sh ip.vleeuwen.me { import country_block reverse_proxy echoip:8080 { header_up X-Real-IP {http.request.remote.host} - header_up X-Forwarded-For {http.request.remote.host} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} } tls {{ caddy_email }} } @@ -149,9 +141,6 @@ http://ip.mvl.sh http://ip.vleeuwen.me { import country_block reverse_proxy echoip:8080 { header_up X-Real-IP {http.request.remote.host} - header_up X-Forwarded-For {http.request.remote.host} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} } } @@ -163,22 +152,25 @@ overseerr.mvl.sh { overseerr.vleeuwen.me { import country_block - redir https://overseerr.mvl.sh + redir https://overseerr.mvl.sh{uri} tls {{ caddy_email }} } -plex.mvl.sh plex.vleeuwen.me { +plex.mvl.sh { import country_block reverse_proxy host.docker.internal:32400 { header_up Host {upstream_hostport} header_up X-Real-IP {http.request.remote.host} - header_up X-Forwarded-For {http.request.remote.host} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} } tls {{ caddy_email }} } +plex.vleeuwen.me { + import country_block + redir https://plex.mvl.sh{uri} + tls {{ caddy_email }} +} + drive.mvl.sh drive.vleeuwen.me { import country_block @@ -191,9 +183,6 @@ drive.mvl.sh drive.vleeuwen.me { reverse_proxy nextcloud:80 { header_up Host {host} header_up X-Real-IP {http.request.remote.host} - header_up X-Forwarded-For {http.request.remote.host} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} } } @@ -201,9 +190,6 @@ drive.mvl.sh drive.vleeuwen.me { reverse_proxy nextcloud:80 { header_up Host {host} header_up X-Real-IP {http.request.remote.host} - header_up X-Forwarded-For {http.request.remote.host} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} } # Security headers