# ============================================================ # Caddy Reverse Proxy - manticorum.com homelab # Replaces: Nginx Proxy Manager on 10.10.0.16 # ============================================================ # Global options { email admin@manticorum.com # DNS-01 challenge via Cloudflare for automatic wildcard cert acme_dns cloudflare {env.CF_API_TOKEN} # Trust Cloudflare proxy IPs so {client_ip} reflects real visitor servers { trusted_proxies static \ 173.245.48.0/20 \ 103.21.244.0/22 \ 103.22.200.0/22 \ 103.31.4.0/22 \ 141.101.64.0/18 \ 108.162.192.0/18 \ 190.93.240.0/20 \ 188.114.96.0/20 \ 197.234.240.0/22 \ 198.41.128.0/17 \ 162.158.0.0/15 \ 104.16.0.0/13 \ 104.24.0.0/14 \ 172.64.0.0/13 \ 131.0.72.0/22 \ 10.0.0.0/8 \ 172.16.0.0/12 \ 192.168.0.0/16 client_ip_headers CF-Connecting-IP } } # ============================================================ # Reusable snippets # ============================================================ # Internal-only access list # Allows: local subnets + home public IP # Equivalent to NPM "Internal Only" access list (id=1) (internal_only) { @blocked not remote_ip 10.0.0.0/23 10.10.0.0/24 73.36.102.55/32 respond @blocked "Access denied" 403 } # Standard proxy headers sent to backends (proxy_headers) { header_up X-Real-IP {client_ip} header_up X-Forwarded-For {client_ip} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} } # ============================================================ # Public services (no IP restriction) # ============================================================ # SBA Dev Website sbadev.manticorum.com { reverse_proxy 10.10.0.33:801 { import proxy_headers } header Access-Control-Allow-Origin * } # SBA News (Ghost blog) sbanews.manticorum.com { reverse_proxy 10.10.0.88:2368 { import proxy_headers } } # Paper Dynasty Dev pddev.manticorum.com { reverse_proxy 10.10.0.42:813 { import proxy_headers } } # Foundry VTT foundry.manticorum.com { reverse_proxy 10.10.0.223:30000 { import proxy_headers } } # Paper Dynasty Staging pds.manticorum.com { reverse_proxy 10.10.0.42:810 { import proxy_headers } } # n8n Automation (extended timeouts for long workflows) n8n.manticorum.com { reverse_proxy 10.10.0.210:5678 { import proxy_headers transport http { read_timeout 300s write_timeout 300s dial_timeout 300s } } } # Gameplay Demo Frontend gameplay-demo.manticorum.com { reverse_proxy 10.0.0.206:3000 { import proxy_headers } } # Gameplay Demo API gameplay-api-demo.manticorum.com { reverse_proxy 10.0.0.206:8000 { import proxy_headers } } # Memos memos.manticorum.com { reverse_proxy 10.10.0.222:5230 { import proxy_headers } } # NoteDiscovery notes.manticorum.com { reverse_proxy 10.10.0.222:8000 { import proxy_headers } } # Vagabond (Foundry VTT - alternate world) vagabond.manticorum.com { reverse_proxy 10.10.0.223:30000 { import proxy_headers } } # Pocket pocket.manticorum.com { reverse_proxy 10.0.0.233:80 { import proxy_headers } } # Gitea git.manticorum.com { reverse_proxy 10.10.0.225:3000 { import proxy_headers } } # OmniTools omnitools.manticorum.com { reverse_proxy 10.10.0.210:8080 { import proxy_headers } } # Termix termix.manticorum.com { reverse_proxy 10.10.0.210:8180 { import proxy_headers } } # Uptime Kuma status.manticorum.com { reverse_proxy 10.10.0.227:3001 { import proxy_headers } } # Jellyfin Media Server jellyfin.manticorum.com { reverse_proxy 10.10.0.226:8096 { import proxy_headers } } # ============================================================ # Internal-only services (restricted to local network) # ============================================================ # Radarr radarr.manticorum.com { import internal_only reverse_proxy 10.10.0.221:7878 { import proxy_headers } } # Sonarr sonarr.manticorum.com { import internal_only reverse_proxy 10.10.0.221:8989 { import proxy_headers } } # Jellyseerr jellyseer.manticorum.com { import internal_only reverse_proxy 10.10.0.221:5055 { import proxy_headers } } # OpenClaw AI Assistant openclaw.manticorum.com { import internal_only reverse_proxy 10.10.0.224:18789 { import proxy_headers } }