From ef1885652cd854bb55c35826d1fea6f30297aeb5 Mon Sep 17 00:00:00 2001
From: traveler <phil@pncharris.com>
Date: Tue, 28 Apr 2026 08:13:35 -0500
Subject: [PATCH] revert caddyfile

---
 swarm/stack/caddy/Caddyfile | 181 ++++++++++++++++++------------------
 1 file changed, 92 insertions(+), 89 deletions(-)

diff --git a/swarm/stack/caddy/Caddyfile b/swarm/stack/caddy/Caddyfile
index e0bcb7a..b0ca058 100644
--- a/swarm/stack/caddy/Caddyfile
+++ b/swarm/stack/caddy/Caddyfile
@@ -1,9 +1,11 @@
 # ─────────────────────────────────────────────────────────────────────────────
-# GLOBAL BLOCK
+# GLOBAL BLOCK — add this at the very top before any snippets
 # ─────────────────────────────────────────────────────────────────────────────
 {
-    order crowdsec first
-
+    crowdsec {
+        api_url http://crowdsec:8080
+        api_key {$CROWDSEC_API_KEY}
+    }
     log {
         output file /var/log/caddy/access.log {
             roll_size 50mb
@@ -14,16 +16,16 @@
 }
 
 # ─────────────────────────────────────────────────────────────────────────────
-# SNIPPETS
+# CROWDSEC SNIPPET — add alongside existing auth snippets
 # ─────────────────────────────────────────────────────────────────────────────
 
 (crowdsec) {
-    crowdsec {
-        api_url http://crowdsec:8080
-        api_key {$CROWDSEC_API_KEY}
+    route {
+        crowdsec
     }
 }
 
+
 (authentik) {
     route /outpost.goauthentik.io/* {
         reverse_proxy http://authentik:9000
@@ -31,102 +33,36 @@
 
     forward_auth http://authentik:9000 {
         uri /outpost.goauthentik.io/auth/caddy
-         header_up X-Forwarded-Host {http.request.host}
-        header_up X-Forwarded-Proto {http.request.scheme}
+      #  header_up X-Forwarded-Host {http.request.host}
+       # header_up X-Forwarded-Proto {http.request.scheme}
         header_up X-Forwarded-URI {http.request.uri}
         copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
     }
 }
 
 (authelia) {
-    forward_auth http://authelia:9091 {
-        uri /api/verify?rd=https://login.wasted-bandwidth.net/
-        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
-    }
+  forward_auth http://authelia:9091 {
+    uri /api/verify?rd=https://login.wasted-bandwidth.net/
+    copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+  }
+}
+
+
+
+
+(email-proxy) {
+    redir https://mail.netgrimoire.com/sogo 301
 }
 
 (mailcow-proxy) {
     reverse_proxy nginx-mailcow:80
 }
 
-# ─────────────────────────────────────────────────────────────────────────────
-# SITE BLOCKS
-# ─────────────────────────────────────────────────────────────────────────────
 
-# Nextcloud AIO - Optimized for WebDAV and Folder Uploads
 cloud.netgrimoire.com {
-    # No CrowdSec here for now to prevent 404s on rapid-fire WebDAV requests
-    reverse_proxy http://nextcloud-aio-apache:11000 {
-        header_up Host {host}
-        header_up X-Real-IP {remote_host}
-        header_up X-Forwarded-For {remote_host}
-        header_up X-Forwarded-Proto {scheme}
-        header_up Destination {http.request.header.Destination}
-        
-        transport http {
-            response_header_timeout 300s
-            dial_timeout 30s
-        }
-    }
+    reverse_proxy http://nextcloud-aio-apache:11000
 }
 
-# Services with Authentik Protection
-dozzle.netgrimoire.com {
-    import crowdsec
-    import authentik
-    reverse_proxy http://192.168.4.72:8043
-}
-
-dns.netgrimoire.com {
-    import crowdsec
-    import authentik
-    reverse_proxy http://192.168.5.7:5380
-}
-
-webtop.netgrimoire.com {
-    import crowdsec
-    import authentik
-    reverse_proxy http://webtop:3000
-}
-
-jackett.netgrimoire.com {
-    import crowdsec
-    import authentik
-    reverse_proxy http://gluetun:9117
-}
-
-transmission.netgrimoire.com {
-    import crowdsec
-    import authentik
-    reverse_proxy http://gluetun:9091
-}
-
-scrutiny.netgrimoire.com {
-    import crowdsec
-    import authentik
-    reverse_proxy http://192.168.5.10:8081
-}
-
-homelable.netgrimoire.com {
-    import crowdsec
-    import authentik
-    reverse_proxy http://homelable-frontend:80
-}
-
-# Services with Authelia Protection
-stash.wasted-bandwidth.net {
-    import crowdsec
-    import authelia
-    reverse_proxy http://192.168.5.10:9999
-}
-
-namer.wasted-bandwidth.net {
-    import crowdsec
-    import authelia
-    reverse_proxy http://192.168.5.10:6980
-}
-
-# Standard Services (Direct Proxy)
 log.netgrimoire.com {
     reverse_proxy http://graylog:9000
 }
@@ -135,6 +71,11 @@ win.netgrimoire.com {
     reverse_proxy http://192.168.5.10:8006
 }
 
+
+#jellyfin.netgrimoire.com {
+#    reverse_proxy http://jellyfin:8096
+#}
+
 docker.netgrimoire.com {
     reverse_proxy http://portainer:9000
 }
@@ -147,10 +88,48 @@ npm.netgrimoire.com {
     reverse_proxy http://librenms:8000
 }
 
+
+dozzle.netgrimoire.com {
+    import authentik
+    reverse_proxy http://192.168.4.72:8043
+}
+
+
+dns.netgrimoire.com {
+    import authentik
+    reverse_proxy http://192.168.5.7:5380
+}
+
+webtop.netgrimoire.com {
+    import authentik
+    reverse_proxy http://webtop:3000
+}
+
 accounts.netgrimoire.com, accounts.pncharris.com {
     reverse_proxy http://bigcapital-proxy-1:80
 }
 
+
+jackett.netgrimoire.com {
+    import authentik
+    reverse_proxy http://gluetun:9117
+}
+
+transmission.netgrimoire.com {
+    import authentik
+    reverse_proxy http://gluetun:9091
+}
+
+stash.wasted-bandwidth.net  {
+    import authelia
+    reverse_proxy http://192.168.5.10:9999
+}
+
+namer.wasted-bandwidth.net  {
+    import authelia
+    reverse_proxy http://192.168.5.10:6980
+}
+
 fish.pncharris.com {
     reverse_proxy http://web
 }
@@ -159,11 +138,26 @@ www.wasted-bandwidth.net {
     reverse_proxy http://web
 }
 
+scrutiny.netgrimoire.com  {
+    import authentik
+    reverse_proxy http://192.168.5.10:8081
+}
+
+homelable.netgrimoire.com  {
+    import authentik
+    reverse_proxy http://homelable-frontend:80
+}
+
+
+
 webmail.netgrimoire.com, webmail.gnarlypandaproductions.com, webmail.pncharris.com, webmail.pncfishandmore.com, webmail.pncharrisenterprises.com, webmail.florosafd.org {
     reverse_proxy http://roundcube:80
 }
 
-# Mailcow Stack
+
+
+
+
 mail.netgrimoire.com, autodiscover.netgrimoire.com, autoconfig.netgrimoire.com, \
 mail.wasted-bandwidth.net, autodiscover.wasted-bandwidth.net, autoconfig.wasted-bandwidth.net, \
 mail.gnarlypandaproductions.com, autodiscover.gnarlypandaproductions.com, autoconfig.gnarlypandaproductions.com, \
@@ -172,4 +166,13 @@ mail.pncharrisenterprises.com, autodiscover.pncharrisenterprises.com, autoconfig
 mail.pncharris.com, autodiscover.pncharris.com, autoconfig.pncharris.com, \
 mail.florosafd.org, autodiscover.florosafd.org, autoconfig.florosafd.org {
     import mailcow-proxy
-}
\ No newline at end of file
+}
+
+
+
+
+
+
+
+
+