feat: home-gateway 초기 구성 — Mac mini에서 GPU 서버로 전면 이전

OrbStack 라이선스 만료로 Mac mini Docker 서비스를 GPU 서버로 통합. nginx → Caddy 전환, 12개 서브도메인 자동 HTTPS, fail2ban Caddy JSON 연동. 주요 변경: - home-caddy: Caddy 리버스 프록시 (Let's Encrypt 자동 HTTPS) - home-fail2ban: Caddy JSON 로그 기반 보안 모니터링 - home-ddns: Cloudflare DDNS (API 키 .env 분리) - gpu-hub-api/web: AI 백엔드 라우터 + 웹 UI (gpu-services에서 이전) - AI 런타임(Ollama) 내부망 전용, 외부는 gpu-hub 인증 게이트웨이 경유 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 04:55:28 +00:00
commit 79c09cede4
52 changed files with 6847 additions and 0 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -0,0 +1,168 @@
+{
+    # Global options
+    log default {
+        output file /var/log/caddy/access.log {
+            roll_size 100MiB
+            roll_keep 5
+        }
+        format json
+    }
+    servers {
+        trusted_proxies static 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/13 104.24.0.0/14 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32
+    }
+}
+
+# ============================================================
+# GPU Hub — default route (direct IP access, no HTTPS)
+# ============================================================
+:80 {
+    handle /v1/* {
+        reverse_proxy gpu-hub-api:8000 {
+            flush_interval -1
+        }
+    }
+    handle /auth/* {
+        reverse_proxy gpu-hub-api:8000
+    }
+    handle /health {
+        reverse_proxy gpu-hub-api:8000
+    }
+    handle /health/* {
+        reverse_proxy gpu-hub-api:8000
+    }
+    handle /gpu {
+        reverse_proxy gpu-hub-api:8000
+    }
+    handle {
+        reverse_proxy gpu-hub-web:80
+    }
+}
+
+# ============================================================
+# AI Gateway — authenticated external access
+# ============================================================
+ai.hyungi.net {
+    reverse_proxy gpu-hub-api:8000 {
+        flush_interval -1
+    }
+}
+
+# ============================================================
+# Jellyfin — Mac mini (192.168.1.122)
+# ============================================================
+jellyfin.hyungi.net {
+    reverse_proxy 192.168.1.122:8096 {
+        transport http {
+            read_timeout 300s
+            write_timeout 300s
+        }
+    }
+}
+
+# ============================================================
+# Komga — GPU local
+# ============================================================
+komga.hyungi.net {
+    reverse_proxy host.docker.internal:25600
+}
+
+# ============================================================
+# Document Server — GPU local (via internal Caddy, Phase 6에서 직접 라우팅 전환)
+# ============================================================
+document.hyungi.net {
+    request_body {
+        max_size 100MB
+    }
+    reverse_proxy host.docker.internal:8080
+}
+
+# ============================================================
+# WebDAV — NAS (192.168.1.227)
+# ============================================================
+webdav.hyungi.net {
+    request_body {
+        max_size 2GB
+    }
+    reverse_proxy https://192.168.1.227:5006 {
+        transport http {
+            tls_insecure_skip_verify
+            read_timeout 600s
+            write_timeout 600s
+        }
+        header_up Host {host}
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+    }
+}
+
+# ============================================================
+# DSM — NAS
+# ============================================================
+ds1525.hyungi.net {
+    request_body {
+        max_size 0
+    }
+    reverse_proxy 192.168.1.227:5000
+}
+
+# ============================================================
+# Gitea — NAS
+# ============================================================
+git.hyungi.net {
+    request_body {
+        max_size 512MB
+    }
+    reverse_proxy 192.168.1.227:10300
+}
+
+# ============================================================
+# Vaultwarden — NAS (WebSocket)
+# ============================================================
+vault.hyungi.net {
+    reverse_proxy 192.168.1.227:8443
+}
+
+# ============================================================
+# Synology Drive — NAS (WebSocket, unlimited upload)
+# ============================================================
+link.hyungi.net {
+    request_body {
+        max_size 0
+    }
+    reverse_proxy 192.168.1.227:10002
+}
+
+# ============================================================
+# MailPlus — NAS
+# ============================================================
+mailplus.hyungi.net {
+    request_body {
+        max_size 100MB
+    }
+    reverse_proxy 192.168.1.227:21680
+}
+
+# ============================================================
+# Contacts — NAS
+# ============================================================
+contacts.hyungi.net {
+    reverse_proxy 192.168.1.227:25555
+}
+
+# ============================================================
+# Calendar — NAS
+# ============================================================
+calendar.hyungi.net {
+    reverse_proxy 192.168.1.227:20002
+}
+
+# ============================================================
+# Note Station — NAS (WebSocket, unlimited upload)
+# ============================================================
+note.hyungi.net {
+    request_body {
+        max_size 0
+    }
+    reverse_proxy 192.168.1.227:9350
+}