caddy: enable tailscale https
This commit is contained in:
parent
80fb573166
commit
7999ff7e26
3 changed files with 39 additions and 29 deletions
|
@ -23,6 +23,7 @@
|
|||
# Running Services
|
||||
./services/adguardhome.nix
|
||||
./services/avahi.nix
|
||||
./services/caddy.nix
|
||||
./services/cf-dyndns.nix
|
||||
./services/cloudflared.nix
|
||||
./services/hydra.nix
|
||||
|
|
|
@ -7,36 +7,44 @@
|
|||
services.caddy = {
|
||||
enable = true;
|
||||
email = "hedgehog@mrhedgehog.xyz";
|
||||
# globalConfig = ''
|
||||
# '';
|
||||
virtualHosts = {
|
||||
"cache.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
import cf_tls
|
||||
reverse_proxy http://localhost:5000
|
||||
'';
|
||||
};
|
||||
"hydra.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
import cf_tls
|
||||
reverse_proxy http://localhost:3000
|
||||
'';
|
||||
};
|
||||
"reddit.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
import cf_tls
|
||||
reverse_proxy http://localhost:4000
|
||||
'';
|
||||
};
|
||||
};
|
||||
globalConfig = ''
|
||||
http_port 81
|
||||
'';
|
||||
extraConfig = ''
|
||||
(cf_tls) {
|
||||
tls ${config.age.secrets.thehedgehog-pem.path} ${config.age.secrets.thehedgehog-key.path} {
|
||||
protocols tls1.3
|
||||
client_auth {
|
||||
mode require_and_verify
|
||||
trusted_ca_cert_file ${config.age.secrets.cloudflare-ca.path}
|
||||
}
|
||||
*.tailnet-a79e.ts.net {
|
||||
@libreddit host libreddit.tailnet-a79e.ts.net
|
||||
handle @libreddit {
|
||||
reverse_proxy localhost:4000
|
||||
}
|
||||
|
||||
@hydra host hydra.tailnet-a79e.ts.net
|
||||
handle @hydra {
|
||||
reverse_proxy localhost:3000
|
||||
}
|
||||
|
||||
@radicale host dav.tailnet-a79e.ts.net
|
||||
handle @radicale {
|
||||
reverse_proxy localhost:5352
|
||||
}
|
||||
|
||||
@vaultwarden host bw.tailnet-a79e.ts.net
|
||||
handle @vaultwarden {
|
||||
reverse_proxy localhost:8000
|
||||
}
|
||||
|
||||
@miniflux host bw.tailnet-a79e.ts.net
|
||||
handle @miniflux {
|
||||
reverse_proxy localhost:6000
|
||||
}
|
||||
|
||||
@jellyfin host media.tailnet-a79e.ts.net
|
||||
handle @jellyfin {
|
||||
reverse_proxy localhost:8096
|
||||
}
|
||||
|
||||
@rssbridge host rss-bridge.tailnet-a79e.ts.net
|
||||
handle @rssbridge {
|
||||
reverse_proxy localhost:80
|
||||
}
|
||||
}
|
||||
'';
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{config, ...}: {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
permitCertUid = "962";
|
||||
};
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
|
|
Loading…
Reference in a new issue