Caddy
Caddy is running on jlpgreencloud and handles all the routing from outside to Traefik (TODO add link) as well as HomeAssistant .
Standard routing
This routing works for almost all kubernetes routes that are exposed since they only need to be pointed to their destination.
/etc/caddy/Caddyfile
# K8s HTTPRoute redirect
(k8s_backend) {
to blackstaff.leechpepin.tailnet
to arthur.leechpepin.tailnet
#health_port 80
#health_interval 10s
#health_timeout 5s
lb_policy first
lb_try_duration 30s
lb_try_interval 250ms
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
header_up X-Forwarded-For {remote_host}
#header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Proto https
}
target {
reverse_proxy {
import k8s_backend
}
log {
output file /var/log/caddy/standard.log
format json
}
}Special routing
Vaultwarden
Vaultwarden (TODO insert link) has an admin interface that I only want accessible from my Tailscale (*TODO insert link) network.
/etc/caddy/Caddyfile
# K8s HTTPRoute redirect
(k8s_backend) {
to blackstaff.leechpepin.tailnet
to arthur.leechpepin.tailnet
#health_port 80
#health_interval 10s
#health_timeout 5s
lb_policy first
lb_try_duration 30s
lb_try_interval 250ms
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
header_up X-Forwarded-For {remote_host}
#header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Proto https
}
vaultwarden.leechpepin.com {
@admin {
path /admin*
not remote_ip private_ranges 100.64.0.0/10
}
redir @admin /
reverse_proxy {
import k8s_backend
# Custom Headers
header_up X-Caddy-IP {http.request.header.Cf-Connecting-Ip}
}
log {
output file /var/log/caddy/vaultwarden.log
format json
}
}HomeAssistant
Home assistant is just a simple reverse proxy pointing at the instance within my tailnet.