Fossil/Foscarealm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PROD5 for Micinas

Browse Source
This commit is contained in:
hubaceks
2026-05-01 22:39:54 +02:00
parent f891a75063
commit d5760660f3
3 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/generate_caddy.py
View File

@@ -24,7 +24,8 @@ def validate_service(data: dict, source: Path) -> None:
raise ValueError(f"{source.name}: missing required key '{key}'") raise ValueError(f"{source.name}: missing required key '{key}'")
svc_type = data["type"] svc_type = data["type"]
if svc_type not in {"static", "proxy"}:
if svc_type not in {"static", "proxy", "redirect"}:
raise ValueError(f"{source.name}: unsupported type '{svc_type}'") raise ValueError(f"{source.name}: unsupported type '{svc_type}'")
if svc_type == "static" and "root" not in data: if svc_type == "static" and "root" not in data:
@@ -33,6 +34,9 @@ def validate_service(data: dict, source: Path) -> None:
if svc_type == "proxy" and "backend" not in data: if svc_type == "proxy" and "backend" not in data:
raise ValueError(f"{source.name}: proxy service requires 'backend'") raise ValueError(f"{source.name}: proxy service requires 'backend'")
if svc_type == "redirect" and "target" not in data:
raise ValueError(f"{source.name}: redirect service requires 'target'")
def render_service(env: Environment, data: dict) -> str: def render_service(env: Environment, data: dict) -> str:
svc_type = data["type"] svc_type = data["type"]
@@ -43,6 +47,13 @@ def render_service(env: Environment, data: dict) -> str:
"real_ip": False, "real_ip": False,
"health_uri": None, "health_uri": None,
"health_interval": None, "health_interval": None,
"internal": False,
"internal_ranges": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
],
"redirect_code": 301,
} }
merged = {**defaults, **data} merged = {**defaults, **data}
@@ -51,6 +62,10 @@ def render_service(env: Environment, data: dict) -> str:
template = env.get_template("static.caddy.j2") template = env.get_template("static.caddy.j2")
return template.render(**merged).strip() + "\n" return template.render(**merged).strip() + "\n"
if svc_type == "redirect":
template = env.get_template("redirect.caddy.j2")
return template.render(**merged).strip() + "\n"
reverse_proxy_block = any( reverse_proxy_block = any(
[ [
merged.get("real_ip"), merged.get("real_ip"),

28
templates/proxy.caddy.j2
View File

@@ -5,6 +5,12 @@
{% if auth %} {% if auth %}
import common_auth import common_auth
{% endif %} {% endif %}
{% if internal %}
@internal {
remote_ip {% for range in internal_ranges %}{{ range }}{% if not loop.last %} {% endif %}{% endfor %}
}
handle @internal {
{% if reverse_proxy_block %} {% if reverse_proxy_block %}
reverse_proxy {{ backend }} { reverse_proxy {{ backend }} {
{% if real_ip %} {% if real_ip %}
@@ -19,5 +25,27 @@
} }
{% else %} {% else %}
reverse_proxy {{ backend }} reverse_proxy {{ backend }}
{% endif %}
}
handle {
respond "Forbidden" 403
}
{% else %}
{% if reverse_proxy_block %}
reverse_proxy {{ backend }} {
{% if real_ip %}
header_up X-Real-IP {remote_host}
{% endif %}
{% if health_uri %}
health_uri {{ health_uri }}
{% endif %}
{% if health_interval %}
health_interval {{ health_interval }}
{% endif %}
}
{% else %}
reverse_proxy {{ backend }}
{% endif %}
{% endif %} {% endif %}
} }

3
templates/redirect.caddy.j2 Normal file
View File

@@ -0,0 +1,3 @@
{{ domain }} {
redir {{ target }} {{ code | default(redirect_code) }}
}