services/Caddyfile

dns.netgrimoire.com {
    reverse_proxy https://192.168.5.7:53443 {
                transport http {
                        tls_insecure_skip_verify
                }
       }
}

webtop.netgrimoire.com {
	reverse_proxy https://webtop:3005 {
                transport http {
                        tls_insecure_skip_verify
                }
       }
}

mail.netgrimoire.com, imap.netgrimoire.com, smtp.netgrimoire.com, autodiscover.netgrimoire.com, autoconfig.netgrimoire.com {
	reverse_proxy mailcow-nginx:80 {
	}
}

mail.wasted-bandwidth.net, imap.wasted-bandwidth.net, smtp.wasted-bandwidth.net, autodiscover.wasted-bandwidth.net, autoconfig.wasted-bandwidth.net {
	reverse_proxy mailcow-nginx:80 {
	}
}

 (authentik) {
	# Always forward outpost path to actual outpost
	reverse_proxy /outpost.goauthentik.io/* http://authentik:9000

	# Forward authentication to outpost
	forward_auth http://authentik:9000 {
		uri /outpost.goauthentik.io/auth/caddy

		# Capitalization of the headers is important, otherwise they will be empty
		copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
	}
}