netmaker/docker/Caddyfile

# Dashboard
https://dashboard.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	# Apply basic security headers
	header {
		# Enable cross origin access to *.{$NM_DOMAIN}
		Access-Control-Allow-Origin *.{$NM_DOMAIN}
		# Enable HTTP Strict Transport Security (HSTS)
		Strict-Transport-Security "max-age=31536000;"
		# Enable cross-site filter (XSS) and tell browser to block detected attacks
		X-XSS-Protection "1; mode=block"
		# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
		X-Frame-Options "SAMEORIGIN"
		# Prevent search engines from indexing
		X-Robots-Tag "none"
		# Remove the server name
		-Server
	}

	reverse_proxy http://netmaker-ui
}

# API
https://api.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy http://netmaker:8081
}

# STUN
https://stun.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy netmaker:3478
}

# TURN
https://turn.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy host.docker.internal:3479
}

# TURN API
https://turnapi.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy http://host.docker.internal:8089
}

# MQ
wss://broker.{$NM_DOMAIN} {
	tls /root/certs/fullchain.pem /root/certs/privkey.pem
	reverse_proxy ws://mq:8883 # For EMQX websockets use `reverse_proxy ws://mq:8083`
}
updating install docs and adding script 2021-10-04 03:50:22 +08:00			`# Dashboard`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`https://dashboard.{$NM_DOMAIN} {`
- fixed cert mounting - fixed caddy restart in nm-certs.sh - aligned all configs 2023-05-10 23:27:53 +08:00			`tls /root/certs/fullchain.pem /root/certs/privkey.pem`
- request and mount certs - handle caddy challenge - docker fixes - pull nm-certs.sh 2023-05-05 23:17:39 +08:00			`# Apply basic security headers`
			`header {`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`# Enable cross origin access to *.{$NM_DOMAIN}`
			`Access-Control-Allow-Origin *.{$NM_DOMAIN}`
- request and mount certs - handle caddy challenge - docker fixes - pull nm-certs.sh 2023-05-05 23:17:39 +08:00			`# Enable HTTP Strict Transport Security (HSTS)`
			`Strict-Transport-Security "max-age=31536000;"`
			`# Enable cross-site filter (XSS) and tell browser to block detected attacks`
			`X-XSS-Protection "1; mode=block"`
			`# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)`
			`X-Frame-Options "SAMEORIGIN"`
			`# Prevent search engines from indexing`
			`X-Robots-Tag "none"`
			`# Remove the server name`
			`-Server`
			`}`
Add basic security headers 2022-01-14 04:05:16 +08:00
- request and mount certs - handle caddy challenge - docker fixes - pull nm-certs.sh 2023-05-05 23:17:39 +08:00			`reverse_proxy http://netmaker-ui`
updating install docs and adding script 2021-10-04 03:50:22 +08:00			`}`

			`# API`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`https://api.{$NM_DOMAIN} {`
- fixed cert mounting - fixed caddy restart in nm-certs.sh - aligned all configs 2023-05-10 23:27:53 +08:00			`tls /root/certs/fullchain.pem /root/certs/privkey.pem`
- request and mount certs - handle caddy challenge - docker fixes - pull nm-certs.sh 2023-05-05 23:17:39 +08:00			`reverse_proxy http://netmaker:8081`
updating install docs and adding script 2021-10-04 03:50:22 +08:00			`}`
updating compose, installers 2022-11-29 01:16:50 +08:00
docker compose update, add stun to caddyfile 2022-12-06 21:57:38 +08:00			`# STUN`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`https://stun.{$NM_DOMAIN} {`
- fixed cert mounting - fixed caddy restart in nm-certs.sh - aligned all configs 2023-05-10 23:27:53 +08:00			`tls /root/certs/fullchain.pem /root/certs/privkey.pem`
docker compose update, add stun to caddyfile 2022-12-06 21:57:38 +08:00			`reverse_proxy netmaker:3478`
			`}`

turn server poc 2023-03-22 15:00:03 +08:00			`# TURN`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`https://turn.{$NM_DOMAIN} {`
- fixed cert mounting - fixed caddy restart in nm-certs.sh - aligned all configs 2023-05-10 23:27:53 +08:00			`tls /root/certs/fullchain.pem /root/certs/privkey.pem`
use host.docker.internal for turn services 2023-04-26 21:28:30 +08:00			`reverse_proxy host.docker.internal:3479`
use public ip func from netmaker 2023-04-26 18:25:56 +08:00			`}`

nm-certs.sh - support EE and new domains - minor fixes 2023-05-08 16:50:30 +08:00			`# TURN API`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`https://turnapi.{$NM_DOMAIN} {`
- fixed cert mounting - fixed caddy restart in nm-certs.sh - aligned all configs 2023-05-10 23:27:53 +08:00			`tls /root/certs/fullchain.pem /root/certs/privkey.pem`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`reverse_proxy http://host.docker.internal:8089`
turn server poc 2023-03-22 15:00:03 +08:00			`}`

updating compose, installers 2022-11-29 01:16:50 +08:00			`# MQ`
NET-147 full config for nm-quick.sh (#2291) * - moved all vars to config - compose override - use the config in compose, caddy - aligned local / remote setup - proper docker cleanup - support for a relative installation path * - config handling - error handling / env cleanups - reduced compose files - misc * fixed debugs * fixed UI_IMAGE_TAG / IMAGE_TAG 2023-05-16 19:00:16 +08:00			`wss://broker.{$NM_DOMAIN} {`
- fixed cert mounting - fixed caddy restart in nm-certs.sh - aligned all configs 2023-05-10 23:27:53 +08:00			`tls /root/certs/fullchain.pem /root/certs/privkey.pem`
- request and mount certs - handle caddy challenge - docker fixes - pull nm-certs.sh 2023-05-05 23:17:39 +08:00			reverse_proxy ws://mq:8883 # For EMQX websockets use `reverse_proxy ws://mq:8083`
updating compose, installers 2022-11-29 01:16:50 +08:00			`}`