roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a43f9fbf0da462e5c81e42eb8762782bc508d9fe
pic/config/api/caddy/Caddyfile
T
roof 0c12e3fc97 fix: change domain from dev to lan to avoid browser HSTS preload blocking HTTP 
The .dev TLD has been HSTS preloaded in Chrome/Firefox/Safari/Edge since 2019.
Browsers silently redirect http://anything.dev to https://anything.dev before
making any network request. Since Caddy has auto_https off, all browser-based
access to .dev domains fails with a connection error even though DNS, routing,
and HTTP all work correctly (curl works; browsers don't).

- cell_config.json: domain "dev" -> "lan"
- Caddyfile: all http://*.dev blocks -> http://*.lan
- Corefile: dev zone -> lan zone (file /data/lan.zone)
- data/dns/lan.zone: new zone file (dev.zone removed live)
- test_wg_domain_access.py: remove hardcoded DOMAIN_IPS / .dev references;
  read domain from /api/config at runtime so tests work with any configured TLD

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 01:54:33 -04:00

58 lines
1.1 KiB
Caddyfile
Raw Blame History

{
auto_https off
}
# Main cell domain — no service-IP restriction needed
http://pic0.lan, http://172.20.0.2:80 {
handle /api/* {
reverse_proxy cell-api:3000
}
handle /calendar* {
reverse_proxy cell-radicale:5232
}
handle /files* {
reverse_proxy cell-filegator:8080
}
handle /webmail* {
reverse_proxy cell-rainloop:8888
}
handle {
reverse_proxy cell-webui:80
}
}
# Per-service virtual IPs — each gets its own IP so iptables can target them
http://calendar.lan, http://172.20.0.21:80 {
reverse_proxy cell-radicale:5232
}
http://files.lan, http://172.20.0.22:80 {
reverse_proxy cell-filegator:8080
}
http://mail.lan, http://webmail.lan, http://172.20.0.23:80 {
reverse_proxy cell-rainloop:8888
}
http://webdav.lan, http://172.20.0.24:80 {
reverse_proxy cell-webdav:80
}
http://api.lan {
reverse_proxy cell-api:3000
}
http://webui.lan {
reverse_proxy cell-webui:80
}
# Catch-all for direct IP / localhost
:80 {
handle /api/* {
reverse_proxy cell-api:3000
}
handle {
reverse_proxy cell-webui:80
}
}
Reference in New Issue View Git Blame Copy Permalink