diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7df2c28 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +email diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..1688079 --- /dev/null +++ b/Caddyfile @@ -0,0 +1,43 @@ +# vim: ft=caddyfile + +{ + import email +} + +#{ +# servers :443 { +# protocol { +# experimental_http3 +# } +# } +#} + +(basicerrors) { + handle_errors { + #respond "{http.error.status_code} {http.error.status_text}" + + rewrite * /{http.error.status_code}.jpg + root * /var/www/errors + file_server + } +} + +(matrix-well-known) { + handle /.well-known/matrix/* { + header Access-Control-Allow-Origin "*" + header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" + header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" + header Content-Type "application/json" + + respond /.well-known/matrix/client 200 { + body `{"m.homeserver": {"base_url": "https://matrix.boba.best"}}` + close + } + respond /.well-known/matrix/server 200 { + body `{"m.server": "matrix.boba.best:443"}` + close + } + } +} + +import conf.d/* diff --git a/conf.d/boba.best b/conf.d/boba.best new file mode 100644 index 0000000..e77cb39 --- /dev/null +++ b/conf.d/boba.best @@ -0,0 +1,16 @@ +# vim: ft=caddyfile + +www.boba.best { + redir https://boba.best{uri} +} +boba.best { + import matrix-well-known + + header Access-Control-Allow-Origin * + root * /var/www/boba.best/public + file_server { + precompressed br gzip + } + + import basicerrors +} diff --git a/conf.d/drone.boba.best b/conf.d/drone.boba.best new file mode 100644 index 0000000..41ed228 --- /dev/null +++ b/conf.d/drone.boba.best @@ -0,0 +1,11 @@ +# vim: ft=caddyfile + +drone.boba.best { + encode zstd gzip + + reverse_proxy localhost:8081 { + header_up X-Real-IP {remote_host} + } + + import basicerrors +} diff --git a/conf.d/emotes.boba.best b/conf.d/emotes.boba.best new file mode 100644 index 0000000..8949a44 --- /dev/null +++ b/conf.d/emotes.boba.best @@ -0,0 +1,12 @@ +# vim: ft=caddyfile + +emotes.boba.best { + encode zstd gzip + + root * /var/www/emotes.boba.best/public + file_server { + index index.json + } + + import basicerrors +} diff --git a/conf.d/flower.boba.best b/conf.d/flower.boba.best new file mode 100644 index 0000000..6033565 --- /dev/null +++ b/conf.d/flower.boba.best @@ -0,0 +1,13 @@ +# vim: ft=caddyfile + +flower.boba.best { + encode zstd gzip + + root * /var/www/flower.boba.best + handle { + rewrite * /flowerpet.gif + file_server + } + + import basicerrors +} diff --git a/conf.d/furry.boba.best b/conf.d/furry.boba.best new file mode 100644 index 0000000..3fc8a45 --- /dev/null +++ b/conf.d/furry.boba.best @@ -0,0 +1,13 @@ +# vim: ft=caddyfile + +furry.boba.best { + encode zstd gzip + + root * /var/www/furry.boba.best + handle { + rewrite * /alien_furry.gif + file_server + } + + import basicerrors +} diff --git a/conf.d/git.boba.best b/conf.d/git.boba.best new file mode 100644 index 0000000..7041dea --- /dev/null +++ b/conf.d/git.boba.best @@ -0,0 +1,18 @@ +# vim: ft=caddyfile + +git.boba.best { + encode zstd gzip + + handle_path /_/static/* { + root * /var/www/git.boba.best/public + file_server + } + + handle { + reverse_proxy unix//run/gitea/gitea.sock { + header_up X-Real-IP {remote_host} + } + } + + import basicerrors +} diff --git a/conf.d/grafana.boba.best b/conf.d/grafana.boba.best new file mode 100644 index 0000000..9041724 --- /dev/null +++ b/conf.d/grafana.boba.best @@ -0,0 +1,8 @@ +# vim: ft=caddyfile + +grafana.boba.best { + encode zstd gzip + + reverse_proxy localhost:84 + import basicerrors +} diff --git a/conf.d/mail.boba.best b/conf.d/mail.boba.best new file mode 100644 index 0000000..9ee63d8 --- /dev/null +++ b/conf.d/mail.boba.best @@ -0,0 +1,10 @@ +# vim: ft=caddyfile + +mail.boba.best mail.bbaovanc.com autodiscover.boba.best autodiscover.bbaovanc.com autoconfig.boba.best autoconfig.bbaovanc.com { + encode zstd gzip + + reverse_proxy localhost:8082 { + header_up X-Real-IP {remote_host} + } + import basicerrors +} diff --git a/conf.d/matrix.boba.best b/conf.d/matrix.boba.best new file mode 100644 index 0000000..1a51322 --- /dev/null +++ b/conf.d/matrix.boba.best @@ -0,0 +1,154 @@ +# vim: ft=caddyfile + +matrix.boba.best { + encode zstd gzip + + import matrix-well-known + + + redir /admin /admin/ + handle_path /admin/* { + file_server { + root /var/www/synapse-admin/build + } + } + + + @generic { + # Sync requests + path /_matrix/client/*/events + + # Federation requests + path /_matrix/federation/v1/event/* + path /_matrix/federation/v1/state/* + path /_matrix/federation/v1/state_ids/* + path /_matrix/federation/v1/backfill/* + path /_matrix/federation/v1/get_missing_events/* + path /_matrix/federation/v1/publicRooms* + path /_matrix/federation/v1/query/* + path /_matrix/federation/v1/make_join/* + path /_matrix/federation/v1/make_leave/* + path /_matrix/federation/v1/send_join/* + path /_matrix/federation/v2/send_join/* + path /_matrix/federation/v1/send_leave/* + path /_matrix/federation/v2/send_leave/* + path /_matrix/federation/v1/invite/* + path /_matrix/federation/v2/invite/* + path /_matrix/federation/v1/query_auth/* + path /_matrix/federation/v1/event_auth/* + path /_matrix/federation/v1/exchange_third_party_invite/* + path /_matrix/federation/v1/user/devices/* + path /_matrix/federation/v1/get_groups_publicised + path /_matrix/key/v2/query + path /_matrix/key/v2/query/* + + # Client API requests + path /_matrix/client/*/publicRooms + path /_matrix/client/*/rooms/*/joined_members + path /_matrix/client/*/rooms/*/context/* + path /_matrix/client/*/rooms/*/members + path /_matrix/client/*/rooms/*/state + path /_matrix/client/*/account/3pid + path /_matrix/client/*/devices + path /_matrix/client/*/keys/query + path /_matrix/client/*/keys/changes + path /_matrix/client/versions + path /_matrix/client/*/voip/turnServer + path /_matrix/client/*/joined_groups + path /_matrix/client/*/publicised_groups + path /_matrix/client/*/publicised_groups/* + path /_matrix/client/*/rooms/*/event/* + path /_matrix/client/*/joined_rooms + path /_matrix/client/*/search + + # Registration/login requests + path /_matrix/client/*/login + path /_matrix/client/*/register + + # Event sending requests + path /_matrix/client/*/rooms/*/redact + path /_matrix/client/*/rooms/*/send + path /_matrix/client/*/rooms/*/state/* + path_regexp /_matrix/client/*/rooms/*/(join|invite|leave|ban|unban|kick)$ + path /_matrix/client/*/join/* + path /_matrix/client/*/profile/* + + # Additionally, the following REST endpoints can be handled for GET requests: + path /_matrix/federation/v1/groups/* + } + + @generic_iphash { + path /_matrix/client/*/rooms/*/messages + + # Sync requests (again) + path /_matrix/client/*/sync + path /_matrix/client/*/initialSync + path /_matrix/client/*/rooms/*/initialSync + + # Inbound federation transaction request + path /_matrix/federation/v1/send/* + } + + @media { + path /_matrix/media/* + + path /_synapse/admin/v1/purge_media_cache + path /_synapse/admin/v1/room/*/media* + path /_synapse/admin/v1/user/*/media* + path /_synapse/admin/v1/media/* + path /_synapse/admin/v1/quarantine_media/* + } + + + handle @generic { + reverse_proxy { + to localhost:8010 + to localhost:8011 + to localhost:8012 + to localhost:8013 + lb_policy round_robin + health_uri /health + health_interval 15s + health_timeout 5s + } + } + handle @generic_iphash { + reverse_proxy { + to localhost:8010 + to localhost:8011 + to localhost:8012 + to localhost:8013 + lb_policy ip_hash + health_uri /health + health_interval 15s + health_timeout 5s + } + } + + handle @media { + reverse_proxy { + to localhost:8009 + health_uri /health + health_interval 15s + health_timeout 5s + } + } + + + handle /_matrix/* { + reverse_proxy localhost:8008 + } + handle /_synapse/client/* { + reverse_proxy localhost:8008 + } + handle /_synapse/admin/* { + reverse_proxy localhost:8008 + } + + + handle { + redir https://element.boba.best + } + + import basicerrors +} diff --git a/conf.d/peertube.boba.best b/conf.d/peertube.boba.best new file mode 100644 index 0000000..b907225 --- /dev/null +++ b/conf.d/peertube.boba.best @@ -0,0 +1,11 @@ +# vim: ft=caddyfile + +peertube.boba.best { + encode zstd gzip + + reverse_proxy 127.0.0.1:9000 { + header_up X-Real-IP {remote_host} + } + + import basicerrors +} diff --git a/conf.d/rick.boba.best b/conf.d/rick.boba.best new file mode 100644 index 0000000..f009d07 --- /dev/null +++ b/conf.d/rick.boba.best @@ -0,0 +1,6 @@ +# vim: ft=caddyfile + +rick.boba.best { + redir https://www.youtube.com/watch?v=dQw4w9WgXcQ temporary + import basicerrors +} diff --git a/conf.d/status.boba.best b/conf.d/status.boba.best new file mode 100644 index 0000000..a45c8cc --- /dev/null +++ b/conf.d/status.boba.best @@ -0,0 +1,10 @@ +# vim: ft=caddyfile + +status.boba.best { + encode zstd gzip + + reverse_proxy localhost:82 { + header_up X-Real-IP {remote_host} + } + import basicerrors +} diff --git a/conf.d/turn.boba.best b/conf.d/turn.boba.best new file mode 100644 index 0000000..26c557c --- /dev/null +++ b/conf.d/turn.boba.best @@ -0,0 +1,5 @@ +# vim: ft=caddyfile + +turn.boba.best { + respond "where are you" +} diff --git a/conf.d/vault.boba.best b/conf.d/vault.boba.best new file mode 100644 index 0000000..66f0437 --- /dev/null +++ b/conf.d/vault.boba.best @@ -0,0 +1,22 @@ +# vim: ft=caddyfile + +vault.boba.best { + encode zstd gzip + + header { + X-XSS-Protection "1; mode=block" + X-Frame-Options "DENY" + } + + handle /notifications/hub { + reverse_proxy localhost:3012 + } + + handle { + reverse_proxy localhost:81 { + header_up X-Real-IP {remote_host} + } + } + + import basicerrors +}