foodotfiles/docker/caddy/Caddyfile

korhonen.cc, *.korhonen.cc {
	tls {$CLOUDFLARE_EMAIL} {
		dns cloudflare {$CLOUDFLARE_API_TOKEN}
		resolvers 1.1.1.1
	}

	encode zstd gzip

	@static {
		file
		path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest
	}

	header {
		Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	}

	@homepage-www-redir host www.korhonen.cc
	handle @homepage-www-redir {
		redir https://korhonen.cc
	}

	@homepage host korhonen.cc
	handle @homepage {
		# Redirect finnish WIP
		# @redirFinnish {
		#     header Accept-Language *fi-FI*
		#     not path *.js *.css *.png *.jpg *.jpeg *.svg
		#     not path /en* /fi*
		#   }
		#   redir @redirFinnish /fi{uri}
		#
		#   uri strip_prefix /en

		header @static Cache-Control max-age=5184000
		root * /var/www/korhonen.cc
		file_server
	}

	@wkd host openpgpkey.korhonen.cc
	handle @wkd {
		root * /var/www/wkd
		file_server browse
		header Access-Control-Allow-Origin "*"
	}

	@index host index.korhonen.cc
	handle @index {
		root * /var/www/index.korhonen.cc
		file_server browse
	}

	@home-assistant host home.korhonen.cc
	handle @home-assistant {
		reverse_proxy home-assistant:8123
	}

	@authentik host sso.korhonen.cc
	handle @authentik {
		reverse_proxy authentik:9000
	}

	@forgejo host git.korhonen.cc
	handle @forgejo {
		rewrite /user/login /user/oauth2/authentik
		reverse_proxy forgejo:3000
	}

	@woodpecker host ci.korhonen.cc
	handle @woodpecker {
		reverse_proxy woodpecker:8000
	}

	@searx host search.korhonen.cc
	handle @searx {
		reverse_proxy searx:8080
	}

	@freshrss host rss.korhonen.cc
	handle @freshrss {
		reverse_proxy freshrss
	}

	@jellyfin host jellyfin.korhonen.cc
	handle @jellyfin {
		reverse_proxy jellyfin:8096
	}

	@pihole host pihole.korhonen.cc
	handle @pihole {
		reverse_proxy pihole
	}

	@umami host umami.korhonen.cc
	handle @umami {
		reverse_proxy umami:3000
		rewrite /ua9quuaW.js /script.js
	}

	@nextcloud host cloud.korhonen.cc
	handle @nextcloud {
		# Redirect login page to Authentik
		redir /login /apps/sociallogin/custom_oidc/korhonen-sso 301

		# .htaccess / data / config / ... shouldn't be accessible from outside
		@forbidden {
			path /.htaccess
			path /data/*
			path /config/*
			path /db_structure
			path /.xml
			path /README
			path /3rdparty/*
			path /lib/*
			path /templates/*
			path /occ
			path /console.php
		}
		handle @forbidden {
			respond 404
		}

		redir /.well-known/carddav /remote.php/dav 301
		redir /.well-known/caldav /remote.php/dav 301

		root * /var/www/nextcloud
		php_fastcgi nextcloud:9000 {
			root /var/www/html
			# Tells nextcloud to remove /index.php from URLs in links
			env front_controller_active true
		}
		file_server
	}

	@tvheadend host tvheadend.korhonen.cc
	handle @tvheadend {
		reverse_proxy tvheadend:9981
	}

	@collabora host collabora.korhonen.cc
	handle @collabora {
		reverse_proxy collabora:9980
	}

	@grafana host grafana.korhonen.cc
	handle @grafana {
		reverse_proxy grafana:3000
	}

	@drop host drop.korhonen.cc
	handle @drop {
		reverse_proxy drop:3000
	}

	@ipvX host ipv6.korhonen.cc ipv4.korhonen.cc
	handle @ipvX {
		respond {remote_host}
	}

	handle {
		respond "404 Not Found" 404
	}

	handle_errors {
		@homepage_404 {
			expression {http.error.status_code} == 404
			host korhonen.cc
		}
		handle @homepage_404 {
			root * /var/www/korhonen.cc
			rewrite * /404.html
			file_server
		}

		respond "{err.status_code} {err.status_text}"
	}
}

korhonen.social, *.korhonen.social {
	tls {$CLOUDFLARE_EMAIL} {
		dns cloudflare {$CLOUDFLARE_API_TOKEN}
		resolvers 1.1.1.1
	}

	encode zstd gzip

	header {
		Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	}

	@firefish-www-redir host www.korhonen.social
	handle @firefish-www-redir {
		redir https://korhonen.social
	}

	@firefish host korhonen.social
	handle @firefish {
		reverse_proxy firefish:3000
	}

	handle {
		respond "404 Not Found" 404
	}

	handle_errors {
		respond "{err.status_code} {err.status_text}"
	}
}