{ auto_https disable_redirects storage file_system { root /mnt/data/caddy } servers { # trusted_proxies placeholder } log { level {$CADDY_LOG_LEVEL} } } https://{$ADDITIONAL_TRUSTED_DOMAIN}:443, http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI requests, see containers.json {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} { header { Strict-Transport-Security max-age=31536000; -Server -X-Powered-By -Via } # Collabora route /browser/* { reverse_proxy {$COLLABORA_HOST}:9980 } route /hosting/* { reverse_proxy {$COLLABORA_HOST}:9980 } route /cool/* { reverse_proxy {$COLLABORA_HOST}:9980 } # Notify Push route /push/* { uri strip_prefix /push reverse_proxy {$NOTIFY_PUSH_HOST}:7867 } # Onlyoffice route /onlyoffice/* { uri strip_prefix /onlyoffice reverse_proxy {$ONLYOFFICE_HOST}:80 { header_up X-Forwarded-Host {http.request.hostport}/onlyoffice header_up X-Forwarded-Proto https } } # Talk route /standalone-signaling/* { uri strip_prefix /standalone-signaling reverse_proxy {$TALK_HOST}:8081 } # Whiteboard route /whiteboard/* { uri strip_prefix /whiteboard reverse_proxy {$WHITEBOARD_HOST}:3002 } # HaRP (ExApps) route /exapps/* { reverse_proxy {$HARP_HOST}:8780 } # Nextcloud route { reverse_proxy 127.0.0.1:8000 } redir /.well-known/carddav /remote.php/dav/ 301 redir /.well-known/caldav /remote.php/dav/ 301 # TLS options tls { issuer acme { profile shortlived # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer). # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT. disable_http_challenge } } }