# Global configuration for country blocking { servers { protocols h1 h2 h3 } } # Country blocking snippet using MaxMind GeoLocation - reusable across all sites {% if enable_country_blocking | default(false) and allowed_countries_codes | default([]) | length > 0 %} (country_block) { @allowed_local { remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1 } @not_allowed_countries { not remote_ip 127.0.0.1 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 157.180.41.167 2a01:4f9:c013:1a13::1 not { maxmind_geolocation { db_path "/etc/caddy/geoip/GeoLite2-Country.mmdb" allow_countries {{ allowed_countries_codes | join(' ') }} } } } respond @not_allowed_countries "Access denied" 403 } {% else %} (country_block) { # Country blocking disabled } {% endif %} {% if inventory_hostname == 'mennos-cloud-server' %} photos.mvl.sh { import country_block reverse_proxy immich:2283 tls {{ caddy_email }} } photos.vleeuwen.me { import country_block redir https://photos.mvl.sh{uri} tls {{ caddy_email }} } karakeep.mvl.sh { import country_block reverse_proxy karakeep:3000 tls {{ caddy_email }} } hoarder.mvl.sh { import country_block redir https://karakeep.mvl.sh{uri} } git.vleeuwen.me git.mvl.sh { import country_block reverse_proxy gitea:3000 tls {{ caddy_email }} } status.vleeuwen.me status.mvl.sh { import country_block reverse_proxy uptime-kuma:3001 tls {{ caddy_email }} } sf.mvl.sh { import country_block reverse_proxy seafile:80 handle /seafdav* { reverse_proxy seafile:8080 } tls {{ caddy_email }} } of.mvl.sh { import country_block reverse_proxy onlyoffice:80 { header_up Host {host} header_up X-Real-IP {remote} header_up X-Forwarded-For {remote} header_up X-Forwarded-Proto {scheme} } tls {{ caddy_email }} } fsm.mvl.sh { import country_block reverse_proxy factorio-server-manager:80 tls {{ caddy_email }} } df.mvl.sh { import country_block redir / https://git.mvl.sh/vleeuwenmenno/dotfiles/raw/branch/master/setup.sh tls {{ caddy_email }} } overseerr.mvl.sh jellyseerr.mvl.sh overseerr.vleeuwen.me jellyseerr.vleeuwen.me { import country_block reverse_proxy mennos-cachyos-desktop:5555 tls {{ caddy_email }} } anime.mvl.sh anime.vleeuwen.me { import country_block reverse_proxy jellyfin:8096 tls {{ caddy_email }} } fladder.mvl.sh { import country_block reverse_proxy fladder:80 tls {{ caddy_email }} } {% elif inventory_hostname == 'mennos-cachyos-desktop' %} home.vleeuwen.me { import country_block reverse_proxy host.docker.internal:8123 { header_up Host {upstream_hostport} header_up X-Real-IP {http.request.remote.host} header_up X-Forwarded-For {http.request.remote.host} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} } tls {{ caddy_email }} } bin.mvl.sh { import country_block reverse_proxy privatebin:8080 tls {{ caddy_email }} } jellyfin.mvl.sh jellyfin.vleeuwen.me { import country_block reverse_proxy jellyfin:8096 tls {{ caddy_email }} } ip.mvl.sh ip.vleeuwen.me { import country_block reverse_proxy echoip:8080 { header_up X-Real-IP {http.request.remote.host} header_up X-Forwarded-For {http.request.remote.host} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} } tls {{ caddy_email }} } http://ip.mvl.sh http://ip.vleeuwen.me { import country_block reverse_proxy echoip:8080 { header_up X-Real-IP {http.request.remote.host} header_up X-Forwarded-For {http.request.remote.host} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} } } {% endif %}