initial commit

2026-05-29 17:12:19 +02:00
commit a8593afa61
24 changed files with 1322 additions and 0 deletions
@@ -0,0 +1,46 @@
+{
+	email office@linumiq.com
+	on_demand_tls {
+		# Self-hosted ask endpoint on :9999 (always 200 in Wave A).
+		# TODO Wave B: point ask at https://api.linumiq.net/functions/v1/check-subdomain
+		# (an Edge Function that returns 200 only for subdomains present in tunnels table).
+		ask http://localhost:9999/check
+	}
+}
+
+# Apex -> dashboard redirect
+linumiq.net {
+	tls {
+		on_demand
+	}
+	redir https://app.linumiq.net{uri} permanent
+}
+
+# Reserved hostname: Next.js dashboard (upstream not yet running in Wave A)
+app.linumiq.net {
+	tls {
+		on_demand
+	}
+	reverse_proxy web:3000
+}
+
+# Reserved hostname: Supabase API (Kong)
+api.linumiq.net {
+	tls {
+		on_demand
+	}
+	reverse_proxy supabase-kong:8000
+}
+
+# Wildcard tunnel subdomains -> frps vhost HTTP. Per-name HTTP-01 issued on first hit.
+*.linumiq.net {
+	tls {
+		on_demand
+	}
+	reverse_proxy frps:7080
+}
+
+# Internal ask endpoint for on-demand TLS. Bound to loopback inside the container.
+http://localhost:9999 {
+	respond /check 200
+}
@@ -0,0 +1,18 @@
+services:
+  caddy:
+    image: caddy:2.10.2-alpine
+    container_name: caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./data:/data
+      - ./config:/config
+    networks:
+      - edge
+networks:
+  edge:
+    external: true