infra/master/Caddyfile

{
    # Keep this ONLY for the .io domains
    local_certs
}

# The Authelia Protection Snippet
(authelia_auth) {
    forward_auth authelia:9091 {
        uri /api/verify?rd=https://auth.corebot.ca/
        copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
    }
}

# --- PUBLIC PRODUCTION (.ca) ---

auth.corebot.ca {
    reverse_proxy authelia:9091 {
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto {scheme}
    }
}

git.corebot.ca {
    reverse_proxy 100.98.158.31:3000 {
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto {scheme}
    }
}

core.corebot.ca {
    reverse_proxy komodo-core:9120 {
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto {scheme}
    }
}

vault.corebot.ca {
    import authelia_auth
    reverse_proxy 100.120.171.124:8081 {
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto {scheme}
    }
}

tos.corebot.ca {
    root * /usr/share/caddy/legal
    file_server
}

privacy.corebot.ca {
    root * /usr/share/caddy/legal
    file_server
}

# --- INTERNAL LAB (.io) ---

main.bray.io {
    tls internal
    reverse_proxy mystic-home:80
}

core.bray.io {
    tls internal
    reverse_proxy 100.80.179.128:9120
}

vault.bray.io {
    tls internal
    reverse_proxy 100.120.171.124:8081
}

git.bray.io {
    tls internal
    reverse_proxy 100.98.158.31:3000
}

dns.bray.io {
    tls internal
    redir / /admin/ 308
    reverse_proxy 100.64.238.34:80
}

database.bray.io {
    tls internal
    reverse_proxy 100.109.59.41:80
}

prometheus.bray.io {
    tls internal
    reverse_proxy prometheus:9090
}

grafana.bray.io {
    tls internal
    reverse_proxy grafana:3000
}