Auto-update blog content from Obsidian: 2025-10-20 10:37:04
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 6s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 9s
Blog Deployment / Test-Staging (push) Successful in 2s
Blog Deployment / Merge (push) Successful in 7s
Blog Deployment / Deploy-Production (push) Successful in 10s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 2s
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 6s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 9s
Blog Deployment / Test-Staging (push) Successful in 2s
Blog Deployment / Merge (push) Successful in 7s
Blog Deployment / Deploy-Production (push) Successful in 10s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 2s
This commit is contained in:
Gitea Actions
@@ -362,7 +362,28 @@ Finally in the `Handlers` tab, I define to which upstream these domains are forw
|
|||||||
- **TLS Insecure Skip Verify**: Enabled
|
- **TLS Insecure Skip Verify**: Enabled
|
||||||
- **Description**: OPNSense
|
- **Description**: OPNSense
|
||||||
|
|
||||||
|
#### Layer4 Proxy
|
||||||
|
|
||||||
|
Most of my services are behind another reverse proxy on my network, Traefik. To let it manage normally its domains, I forward them using `Layer4 Routes`. It prevents Caddy to terminate SSL, the HTTPS stream is left intact.
|
||||||
|
|
||||||
|
In `Services` > `Caddy` > `Layer4 Proxy`, I create 3 routes.
|
||||||
|
|
||||||
|
The first one is for internet exposed services, like this blog or my Gitea instance:
|
||||||
|
- Enabled: Yes
|
||||||
|
- Sequence: 1
|
||||||
|
- Layer 4
|
||||||
|
- Routing Type: listener_wrappers
|
||||||
|
- Layer 7
|
||||||
|
- Matchers: TLS (SNI Client Hello)
|
||||||
|
- Domain: `blog.vezpi.com` `git.vezpi.com`
|
||||||
|
- Terminate SSL: No
|
||||||
|
- Upstream
|
||||||
|
- Upstream Domain: `192.168.66.50`
|
||||||
|
- Upstream Port: `443`
|
||||||
|
- Proxy Protocol: v2
|
||||||
|
- Description: External Traefik HTTPS dockerVM
|
||||||
|
|
||||||
|
The second one is for internal only services. It is configured pretty much the same but using
|
||||||
|
|
||||||
### mDNS Repeater
|
### mDNS Repeater
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user