79c09cede4
OrbStack 라이선스 만료로 Mac mini Docker 서비스를 GPU 서버로 통합. nginx → Caddy 전환, 12개 서브도메인 자동 HTTPS, fail2ban Caddy JSON 연동. 주요 변경: - home-caddy: Caddy 리버스 프록시 (Let's Encrypt 자동 HTTPS) - home-fail2ban: Caddy JSON 로그 기반 보안 모니터링 - home-ddns: Cloudflare DDNS (API 키 .env 분리) - gpu-hub-api/web: AI 백엔드 라우터 + 웹 UI (gpu-services에서 이전) - AI 런타임(Ollama) 내부망 전용, 외부는 gpu-hub 인증 게이트웨이 경유 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
169 lines
4.7 KiB
Caddyfile
169 lines
4.7 KiB
Caddyfile
{
|
|
# Global options
|
|
log default {
|
|
output file /var/log/caddy/access.log {
|
|
roll_size 100MiB
|
|
roll_keep 5
|
|
}
|
|
format json
|
|
}
|
|
servers {
|
|
trusted_proxies static 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/13 104.24.0.0/14 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32
|
|
}
|
|
}
|
|
|
|
# ============================================================
|
|
# GPU Hub — default route (direct IP access, no HTTPS)
|
|
# ============================================================
|
|
:80 {
|
|
handle /v1/* {
|
|
reverse_proxy gpu-hub-api:8000 {
|
|
flush_interval -1
|
|
}
|
|
}
|
|
handle /auth/* {
|
|
reverse_proxy gpu-hub-api:8000
|
|
}
|
|
handle /health {
|
|
reverse_proxy gpu-hub-api:8000
|
|
}
|
|
handle /health/* {
|
|
reverse_proxy gpu-hub-api:8000
|
|
}
|
|
handle /gpu {
|
|
reverse_proxy gpu-hub-api:8000
|
|
}
|
|
handle {
|
|
reverse_proxy gpu-hub-web:80
|
|
}
|
|
}
|
|
|
|
# ============================================================
|
|
# AI Gateway — authenticated external access
|
|
# ============================================================
|
|
ai.hyungi.net {
|
|
reverse_proxy gpu-hub-api:8000 {
|
|
flush_interval -1
|
|
}
|
|
}
|
|
|
|
# ============================================================
|
|
# Jellyfin — Mac mini (192.168.1.122)
|
|
# ============================================================
|
|
jellyfin.hyungi.net {
|
|
reverse_proxy 192.168.1.122:8096 {
|
|
transport http {
|
|
read_timeout 300s
|
|
write_timeout 300s
|
|
}
|
|
}
|
|
}
|
|
|
|
# ============================================================
|
|
# Komga — GPU local
|
|
# ============================================================
|
|
komga.hyungi.net {
|
|
reverse_proxy host.docker.internal:25600
|
|
}
|
|
|
|
# ============================================================
|
|
# Document Server — GPU local (via internal Caddy, Phase 6에서 직접 라우팅 전환)
|
|
# ============================================================
|
|
document.hyungi.net {
|
|
request_body {
|
|
max_size 100MB
|
|
}
|
|
reverse_proxy host.docker.internal:8080
|
|
}
|
|
|
|
# ============================================================
|
|
# WebDAV — NAS (192.168.1.227)
|
|
# ============================================================
|
|
webdav.hyungi.net {
|
|
request_body {
|
|
max_size 2GB
|
|
}
|
|
reverse_proxy https://192.168.1.227:5006 {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
read_timeout 600s
|
|
write_timeout 600s
|
|
}
|
|
header_up Host {host}
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Forwarded-Proto {scheme}
|
|
}
|
|
}
|
|
|
|
# ============================================================
|
|
# DSM — NAS
|
|
# ============================================================
|
|
ds1525.hyungi.net {
|
|
request_body {
|
|
max_size 0
|
|
}
|
|
reverse_proxy 192.168.1.227:5000
|
|
}
|
|
|
|
# ============================================================
|
|
# Gitea — NAS
|
|
# ============================================================
|
|
git.hyungi.net {
|
|
request_body {
|
|
max_size 512MB
|
|
}
|
|
reverse_proxy 192.168.1.227:10300
|
|
}
|
|
|
|
# ============================================================
|
|
# Vaultwarden — NAS (WebSocket)
|
|
# ============================================================
|
|
vault.hyungi.net {
|
|
reverse_proxy 192.168.1.227:8443
|
|
}
|
|
|
|
# ============================================================
|
|
# Synology Drive — NAS (WebSocket, unlimited upload)
|
|
# ============================================================
|
|
link.hyungi.net {
|
|
request_body {
|
|
max_size 0
|
|
}
|
|
reverse_proxy 192.168.1.227:10002
|
|
}
|
|
|
|
# ============================================================
|
|
# MailPlus — NAS
|
|
# ============================================================
|
|
mailplus.hyungi.net {
|
|
request_body {
|
|
max_size 100MB
|
|
}
|
|
reverse_proxy 192.168.1.227:21680
|
|
}
|
|
|
|
# ============================================================
|
|
# Contacts — NAS
|
|
# ============================================================
|
|
contacts.hyungi.net {
|
|
reverse_proxy 192.168.1.227:25555
|
|
}
|
|
|
|
# ============================================================
|
|
# Calendar — NAS
|
|
# ============================================================
|
|
calendar.hyungi.net {
|
|
reverse_proxy 192.168.1.227:20002
|
|
}
|
|
|
|
# ============================================================
|
|
# Note Station — NAS (WebSocket, unlimited upload)
|
|
# ============================================================
|
|
note.hyungi.net {
|
|
request_body {
|
|
max_size 0
|
|
}
|
|
reverse_proxy 192.168.1.227:9350
|
|
}
|