From f2dbcb25fed8c4403e2462e3b08e138237bd089f Mon Sep 17 00:00:00 2001
From: Menno van Leeuwen <menno@vleeuwen.me>
Date: Mon, 16 Jun 2025 00:18:49 +0000
Subject: [PATCH] added bypass for local and server access to caddy proxy
 services

---
 config/ansible/tasks/servers/services/caddy/Caddyfile.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
index 83a62af..12703d1 100644
--- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
+++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
@@ -8,7 +8,11 @@
 # Country blocking snippet using MaxMind GeoLocation - reusable across all sites
 {% if enable_country_blocking | default(false) and allowed_countries_codes | default([]) | length > 0 %}
 (country_block) {
+    @allowed_local {
+        remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
+    }
     @not_allowed_countries {
+        not remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1
         not {
             maxmind_geolocation {
                 db_path "/etc/caddy/geoip/GeoLite2-Country.mmdb"