m1ngsama/automa
1
0
Fork 0
mirror of https://github.com/m1ngsama/automa.git synced 2026-02-07 22:14:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
automa/infrastructure/caddy/Caddyfile
m1ngsama 7bb3e05942 feat: add infrastructure services for monitoring and automation 
Add infrastructure layer with following components:

**Reverse Proxy & SSL:**
- Caddy: Auto HTTPS with Let's Encrypt, simple configuration
- Caddyfile with reverse proxy rules for Nextcloud and Grafana

**Monitoring Stack (Observability):**
- Prometheus: Metrics collection and time-series database
- Grafana: Visualization dashboards with datasource provisioning
- Loki: Lightweight log aggregation
- Promtail: Log collection agent for Docker containers
- cAdvisor: Container resource monitoring

**Automation:**
- Watchtower: Automatic Docker image updates (label-based)
- Duplicati: Remote backup with web UI and encryption support

**Security:**
- Fail2ban: Intrusion prevention and IP banning

**Key Features:**
- All services use official Alpine-based images (lightweight)
- Network isolation (automa-proxy, automa-monitoring)
- Resource limits and health checks configured
- Read-only configs where applicable
- Comprehensive README with setup instructions

**Resource Usage:**
- Total additional overhead: ~1.5GB RAM, ~16GB disk
- Follows KISS principles and Unix philosophy
- All services replaceable and independently scalable

Refs: #3
2026-01-19 16:32:00 +08:00

39 lines
731 B
Caddyfile
Raw Blame History

# Global options
{
# ACME email for Let's Encrypt
email admin@{$DOMAIN}
# Disable admin API in production
admin off
}
# Nextcloud
cloud.{$DOMAIN} {
reverse_proxy nextcloud:80 {
header_up X-Forwarded-Proto {scheme}
header_up X-Real-IP {remote_host}
}
encode gzip
# Security headers
header Strict-Transport-Security "max-age=31536000;"
header X-Content-Type-Options "nosniff"
header X-Frame-Options "SAMEORIGIN"
}
# Grafana (monitoring dashboard)
grafana.{$DOMAIN} {
reverse_proxy grafana:3000
encode gzip
}
# Health check endpoint (no SSL)
http://health.{$DOMAIN} {
respond "OK" 200
}
# Default catch-all
{$DOMAIN} {
respond "Automa Services" 404
}
Reference in a new issue View git blame Copy permalink