{
    admin off
    metrics {
        per_host
    }

    crowdsec {
        api_url        http://crowdsec:8080
        api_key        {env.CROWDSEC_API_KEY}
        ticker_interval 15s
        appsec_url     http://crowdsec:7422
        appsec_fail_open
        appsec_timeout 1s
    }

    servers {
        trusted_proxies static private_ranges
        client_ip_headers X-Forwarded-For
    }
}

(access-log) {
    log {
        output stdout
        format json
    }
}

(security) {
    crowdsec
    appsec
}

:2019 {
    metrics
}

############## grafana ##############
{$GRAFANA_DOMAIN} {
    import access-log
    request_body {
        max_size 2048MB
    }
    route {
        import security
        reverse_proxy http://grafana:3000 {
            header_up Host {http.request.host}
        }
    }
}

############## gitea ##############
{$GITEA_DOMAIN} {
    import access-log
    request_body {
        max_size 2048MB
    }
    @not_registry not path /v2/*
    route {
        crowdsec
        appsec @not_registry
        reverse_proxy http://gitea:3000 {
            header_up Host {http.request.host}
        }
    }
}

############## slash ##############
{$SLASH_DOMAIN} {
    import access-log
    request_body {
        max_size 10MB
    }
    route {
        import security
        reverse_proxy http://slash:5231 {
            header_up Host {http.request.host}
        }
    }
}

############## memos ##############
{$MEMOS_DOMAIN} {
    import access-log
    request_body {
        max_size 1024MB
    }
    route {
        import security
        reverse_proxy http://memos:5230 {
            header_up Host {http.request.host}
        }
    }
}

############## wg-easy ##############
{$WG_EASY_DOMAIN} {
    import access-log
    request_body {
        max_size 10MB
    }
    route {
        import security
        reverse_proxy http://wg-easy:51821 {
            header_up Host {http.request.host}
        }
    }
}

############## vaultwarden ##############
{$VAULTWARDEN_DOMAIN} {
    import access-log
    request_body {
        max_size 128MB
    }
    route {
        import security
        reverse_proxy http://vaultwarden {
            header_up Host {http.request.host}
        }
    }
}

############## sftpgo ##############
{$SFTPGO_DOMAIN} {
    import access-log
    request_body {
        max_size 8120MB
    }
    route {
        import security
        reverse_proxy http://sftpgo:8080 {
            header_up Host {http.request.host}
        }
    }
}

############## glance ##############
{$GLANCE_DOMAIN} {
    import access-log
    request_body {
        max_size 64MB
    }
    route {
        import security
        reverse_proxy http://glance:8080 {
            header_up Host {http.request.host}
        }
    }
}

############## ghost ##############
{$GHOST_DOMAIN} {
    import access-log
    request_body {
        max_size 124MB
    }
    route {
        import security
        reverse_proxy http://ghost:2368 {
            header_up Host {http.request.host}
        }
    }
}

############## immich ##############
{$IMMICH_DOMAIN} {
    import access-log
    request_body {
        max_size 1024MB
    }
    route {
        import security
        reverse_proxy http://immich_server:2283 {
            header_up Host {http.request.host}
        }
    }
}

############## uptime-kuma ##############
{$UPTIME_KUMA_DOMAIN} {
    import access-log
    request_body {
        max_size 1024MB
    }
    route {
        import security
        reverse_proxy http://uptime_kuma:3001 {
            header_up Host {http.request.host}
        }
    }
}

############## stalwart ##############
{$STALWART_DOMAIN}, {$STALWART_AUTOCONFIG_DOMAIN}, {$STALWART_AUTODISCOVER_DOMAIN} {
    import access-log
    request_body {
        max_size 4048MB
    }
    route {
        import security
        reverse_proxy http://stalwart:8080 {
            header_up Host {http.request.host}
        }
    }
}

############## textarea ##############
{$TEXTAREA_DOMAIN} {
    import access-log
    route {
        import security
        root * /volume/textarea
        file_server {
            browse off
        }
    }
}

############## gopkg-proxy ##############
{$GOPKG_PROXY_DOMAIN} {
    import access-log
    request_body {
        max_size 2MB
    }
    route {
        import security
        reverse_proxy http://gopkg_proxy:8421 {
            header_up Host {http.request.host}
        }
    }
}

############## ech0 ##############
{$ECH0_DOMAIN} {
    import access-log
    header -Server
    request_body {
        max_size 5MB
    }
    route {
        import security
        reverse_proxy http://ech0:8421 {
            header_up -X-Forwarded-Host
            header_up -X-Forwarded-Proto
            header_up -Via

            transport http {
                compression off
            }
        }
    }
}

import Caddyfile.private
