From e4e3796f89d821d15de82845626e22c75fe2809a Mon Sep 17 00:00:00 2001
From: Uladzimir K <admin@catmedved.com>
Date: Tue, 17 Feb 2026 11:12:51 +0300
Subject: [PATCH] reconfigure caddy to autoparse wireguard incoming requests

---
 hosts/home-morefine/docker/caddy/Caddyfile | 152 ++++++++-------------
 1 file changed, 58 insertions(+), 94 deletions(-)

diff --git a/hosts/home-morefine/docker/caddy/Caddyfile b/hosts/home-morefine/docker/caddy/Caddyfile
index b8a5072..0059e27 100644
--- a/hosts/home-morefine/docker/caddy/Caddyfile
+++ b/hosts/home-morefine/docker/caddy/Caddyfile
@@ -1,31 +1,71 @@
 {
-    admin :2019
-    # email me@example.com
+    admin off
+    email admin@catmedved.com
+    auto_https disable_redirects
+
+    servers {
+        trusted_proxies static 10.8.0.1
+    }
 }
 
-# A
-ai.catmedved.com {
-    reverse_proxy http://librechat:3080
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
+(apps) {
+
+    @beszel host beszel.catmedved.com
+    handle @beszel {
+        reverse_proxy http://beszel:8090
+    }
+    
+    @gameyfin host gameyfin.catmedved.com
+    handle @gameyfin {
+        reverse_proxy http://gameyfin:8080
+    }
+
+    @gitea host gitea.catmedved.com
+    handle @gitea {
+        reverse_proxy http://gitea:3000
+    }
+  
+    @music host music.catmedved.com
+    handle @music {
+        reverse_proxy http://navidrome:4533
+    }
+
+    @pdftools host pdf-tools.catmedved.com
+    handle @pdftools {
+        reverse_proxy http://stirling_pdf:8080
+    }
+
+    @photo host photo.catmedved.com
+    handle @photo {
+        reverse_proxy immich_server:2283
+    }
+
+    @recepies host recepies.catmedved.com
+    handle @recepies {
+        reverse_proxy http://mealie:9000
+    }
 }
 
+http://*.catmedved.com {
+    @not_from_wg not remote_ip 10.8.0.0/24
+    
+    redir @not_from_wg https://{host}{uri} permanent
+
+    import apps
+}
+
+https://*.catmedved.com {
+    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
+    
+    import apps
+}
+
+
 auth.catmedved.com {
     reverse_proxy http://authentik_server:9000
     tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 
-# B
-beszel.catmedved.com {
-    reverse_proxy http://beszel:8090
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# C
-caddy-minipc.catmedved.com {
-    reverse_proxy http://caddyui:8000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
 # D
 databasus.catmedved.com {
     reverse_proxy http://databasus:4005
@@ -48,17 +88,6 @@ films.catmedved.com {
     tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 
-# G
-gameyfin.catmedved.com {
-    reverse_proxy http://gameyfin:8080
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-gitea.catmedved.com {
-    reverse_proxy http://gitea:3000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
 glances-minipc.catmedved.com {
     reverse_proxy http://glances:61208
     tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
@@ -70,86 +99,21 @@ home.catmedved.com {
     tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 
-# M
-myspeed-minipc.catmedved.com {
-    reverse_proxy http://myspeed:5216
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-music.catmedved.com {
-    reverse_proxy http://navidrome:4533
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# N
-nocodb.catmedved.com {
-    reverse_proxy http://nocodb:8080
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
 # P
 passwords.catmedved.com {
     reverse_proxy http://vaultwarden:80
     tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 
-pdf-tools.catmedved.com {
-    reverse_proxy http://stirling_pdf:8080
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
 pihole.catmedved.com {
     reverse_proxy http://pihole:80
     tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 
-photo.catmedved.com {
-    reverse_proxy http://immich_server:2283
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# R
-recepies.catmedved.com {
-    reverse_proxy http://mealie:9000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
 # S
-speedtest-minipc.catmedved.com {
-    reverse_proxy http://speedtest-tracker:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
 sync-minipc.catmedved.com {
     reverse_proxy http://172.24.0.1:8384 {
         header_up Host {upstream_hostport}
     }
     tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
-
-# T
-transmission.catmedved.com {
-    reverse_proxy transmission:9091
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# W
-weatherapp.catmedved.com {
-    reverse_proxy http://weatherapp:8080
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-wekan.catmedved.com {
-    reverse_proxy http://wekan:8080
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-wikijs.catmedved.com {
-    reverse_proxy http://wikijs:3000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-whatsupdocker-minipc.catmedved.com {
-    reverse_proxy http://whatsupdocker:3000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}