updates caddy, separates caddyfiles, introduces env file for secrets, improves deployment/update process

docker_compose_applications/reverse-proxy/Caddyfile

@@ -1,100 +1 @@
-(oauth2_protect) {
-	handle /oauth2/* {
-		reverse_proxy oauth2-proxy:4180
-	}
-
-	handle {
-		forward_auth oauth2-proxy:4180 {
-			uri /oauth2/auth
-			copy_headers Authorization
-
-			@bad status 4xx
-			handle_response @bad {
-				redir https://{args[0]}/oauth2/start
-			}
-		}
-
-		reverse_proxy {args[1]}
-	}
-}
-
-pseudo.cortex.consider-funding.de {
-	import oauth2_protect pseudo.cortex.consider-funding.de http://10.20.0.2:5000
-}
-
-# transcript-prompter
-p-3001.cortex.consider-funding.de {
-	reverse_proxy http://10.20.0.2:3001
-}
-
-#hubspot-writer
-p-8002.cortex.consider-funding.de {
-	reverse_proxy http://10.20.0.2:8002
-}
-
-# pseudomizer
-p-8003.cortex.consider-funding.de {
-	reverse_proxy http://10.20.0.2:8003
-}
-
-pdf.consider-it.de {
-	import oauth2_protect pdf.consider-it.de http://stirling-pdf:8080
-}
-
-registry.cortex.consider-funding.de {
-	handle /oauth2/* {
-		reverse_proxy oauth2-proxy:4180
-	}
-
-	handle {
-		forward_auth oauth2-proxy:4180 {
-			uri /oauth2/auth
-			copy_headers Authorization
-			copy_headers X-Auth-Request-Email
-
-			@bad status 4xx
-			handle_response @bad {
-				redir https://registry.cortex.consider-funding.de/oauth2/start
-			}
-		}
-
-		reverse_proxy https://ai-registry.neukiefer.de {
-			header_up Host ai-registry.neukiefer.de
-			header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA="
-		}
-	}
-}
-
-enricher.cortex.consider-funding.de {
-	handle /oauth2/* {
-		reverse_proxy oauth2-proxy:4180
-	}
-
-	handle {
-		forward_auth oauth2-proxy:4180 {
-			uri /oauth2/auth
-			copy_headers Authorization
-			copy_headers X-Auth-Request-Email
-
-			@bad status 4xx
-			handle_response @bad {
-				redir https://enricher.cortex.consider-funding.de/oauth2/start
-			}
-		}
-
-		reverse_proxy https://ai-enricher.neukiefer.de {
-			header_up Host ai-enricher.neukiefer.de
-			header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA="
-		}
-	}
-}
-
-n8n.consider-funding.de {
-	reverse_proxy n8n:5678 {
-		flush_interval -1
-	}
-}
-
-metabase.consider-it.de {
-	reverse_proxy metabase:3000
-}
+import /etc/caddy/sites/*.caddy

docker_compose_applications/reverse-proxy/compose.yaml

@@ -3,19 +3,21 @@
 # - https://caddyserver.com/docs/
 
 services:
-
   caddy:
-    image: caddy
     container_name: caddy
+    image: caddy:2.10
+    restart: unless-stopped
+    ports:
+      - 0.0.0.0:80:80
+      - 0.0.0.0:443:443
     volumes:
       - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./sites/:/etc/caddy/sites/:ro
       - /ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data
-    ports:
-      - '0.0.0.0:80:80'
-      - '0.0.0.0:443:443'
+    env_file:
+      - .env
     networks:
       - caddy_net
-    restart: unless-stopped
 
 networks:
   caddy_net:

docker_compose_applications/reverse-proxy/sites/oauthed.caddy

@@ -0,0 +1,50 @@
+(oauth2) {
+	handle /oauth2/* {
+		reverse_proxy oauth2-proxy:4180
+	}
+
+	handle {
+		forward_auth oauth2-proxy:4180 {
+			uri /oauth2/auth
+			copy_headers Authorization
+			copy_headers X-Auth-Request-Email
+
+			@bad status 4xx
+			handle_response @bad {
+				redir https://{args[0]}/oauth2/start
+			}
+		}
+
+		{block}
+	}
+}
+
+registry.cortex.consider-funding.de {
+	import oauth2 registry.cortex.consider-funding.de {
+		reverse_proxy https://ai-registry.neukiefer.de {
+			header_up Host ai-registry.neukiefer.de
+			header_up Authorization {env.REGISTRY_DOWNSTREAM_AUTH}
+		}
+	}
+}
+
+pdf.consider-it.de {
+	import oauth2 pdf.consider-it.de {
+		reverse_proxy http://stirling-pdf:8080
+	}
+}
+
+pseudo.cortex.consider-funding.de {
+	import oauth2 pseudo.cortex.consider-funding.de {
+		reverse_proxy http://10.20.0.2:5000
+	}
+}
+
+enricher.cortex.consider-funding.de {
+	import oauth2 enricher.cortex.consider-funding.de {
+		reverse_proxy https://ai-enricher.neukiefer.de {
+			header_up Host ai-enricher.neukiefer.de
+			header_up Authorization {env.ENRICHER_DOWNSTREAM_AUTH}
+		}
+	}
+}

docker_compose_applications/reverse-proxy/sites/redirect.caddy

@@ -0,0 +1,11 @@
+adlerpersonal.de, www.adlerpersonal.de {
+	redir https://consider-it.de permanent
+}
+
+arbeiterkneipe.de, www.arbeiterkneipe.de {
+	redir https://consider-it.de permanent
+}
+
+consider-us.com, www.consider-us.com {
+	redir https://consider-it.de permanent
+}

docker_compose_applications/reverse-proxy/sites/services.caddy

@@ -0,0 +1,24 @@
+n8n.consider-funding.de {
+	reverse_proxy n8n:5678 {
+		flush_interval -1
+	}
+}
+
+metabase.consider-it.de {
+	reverse_proxy metabase:3000
+}
+
+# transcript-prompter
+p-3001.cortex.consider-funding.de {
+	reverse_proxy http://10.20.0.2:3001
+}
+
+#hubspot-writer
+p-8002.cortex.consider-funding.de {
+	reverse_proxy http://10.20.0.2:8002
+}
+
+# pseudomizer
+p-8003.cortex.consider-funding.de {
+	reverse_proxy http://10.20.0.2:8003
+}

playbooks/05-update-caddy.yml

@@ -3,8 +3,8 @@
   tasks:
     - name: Deploy desired projects, adding new ones and updating existing ones
       ansible.posix.synchronize:
-        src: "../docker_compose_applications/reverse-proxy/Caddyfile"
-        dest: "/ansible_docker_compose/projects/reverse-proxy/Caddyfile"
+        src: "../docker_compose_applications/reverse-proxy/"
+        dest: "/ansible_docker_compose/projects/reverse-proxy/"
         mode: push
         archive: false
         copy_links: false