Hey guys, new to caddy and I need a second opinion on my setup regarding my security in my config file if anyone could give me some advice
Is there anything I can do better?
I couldn’t get roll_size, keep to work under logs for some reason.
(crowdsec) {
crowdsec
}
(auth) {
forward_auth http://192.168.1.51:9091 {
uri /api/verify?rd=https://auth.domain.com
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
}
{
# order webdav before file_server
order crowdsec before forward_auth
order crowdsec before reverse_proxy
servers {
trusted_proxies cloudflare {
interval 12h
timeout 15s
}
}
# Logging
log stdout_logger {
output stdout
format console
exclude http.log.access
}
log file_logger {
output file /var/log/caddy/access.log
include http.log.access
#roll_size 10mb
#roll_keep 20
#roll_keep_for 720h
}
crowdsec {
api_key redacted
api_url http://192.168.1.19:8080/
ticker_interval 15s
}
}
*.domain.com {
tls {
dns cloudflare redacted
resolvers 1.1.1.1
}
#Authelia
@authelia host auth.domain.com
handle @authelia {
import crowdsec
#import auth
reverse_proxy @authelia http://192.168.1.51:9091
}
# homepage
@homepage host homepage.domain.com
handle @homepage {
import crowdsec
import auth
reverse_proxy @homepage http://192.168.1.23:3000
}
#Home Assistant
@homeassistant host ha.domain.com
handle @homeassistant {
import crowdsec
#import auth
reverse_proxy @homeassistant http://192.168.1.20:8123
}
#Mealie
@mealie host food.domain.com
handle @mealie {
import crowdsec
#import auth
reverse_proxy @mealie http://192.168.1.23:9925
}
#Meshcentral
@meshcentral host remote.domain.com
handle @meshcentral {
import crowdsec
#import auth
reverse_proxy @meshcentral http://192.168.1.17:8443
}
# Fallback for otherwise unhandled domains
handle {
abort
}
}