feat(caddy): integrate Bunny.net DNS and dynamic IP support

- Replace Bazarr with NZBGet in Caddyfile routes - Add global DNS provider configuration for ACME DNS-01 challenges - Implement dynamic DNS updater with Bunny.net provider - Add comprehensive security headers and authentication - Update documentation with new requirements and setup instructions - Add .env.example, Dockerfile, cron jobs, and scripts - Modify compose.yml to use local build and add environment variables BREAKING CHANGE: Requires Bunny.net API key and updated Caddyfile configuration
2026-06-04 17:23:35 +02:00
parent d553094a88
commit 76933d21c1
7 changed files with 394 additions and 24 deletions
@@ -19,6 +19,147 @@
 	}
 }

+{
+	# Global DNS provider for ACME DNS challenge
+	acme_dns bunny {env.BUNNY_API_KEY}
+	
+	# Dynamic DNS configuration
+	dynamic_dns {
+		provider bunny {env.BUNNY_API_KEY}
+		domains {
+			gynther.se @ www bazarr prowlarr radarr sonarr jellyfin qbittorrent wetty portainer gitea import recept test nzbget
+		}
+		check_interval 5m
+		ttl 300s
+		versions ipv4
+	}
+}
+
+test.gynther.se {
+	import common
+	reverse_proxy recipe-flutter:5000
+}
+
+nzbget.gynther.se {
+	import common
+	reverse_proxy http://192.168.50.4:6789
+}
+
+prowlarr.gynther.se {
+	import common
+	reverse_proxy http://prowlarr:9696
+}
+
+radarr.gynther.se {
+	import common
+	reverse_proxy http://radarr:7878
+}
+
+sonarr.gynther.se {
+	import common
+	reverse_proxy http://sonarr:8989
+}
+
+jellyfin.gynther.se {
+	reverse_proxy http://jellyfin:8096
+}
+
+qbittorrent.gynther.se {
+	import common
+	reverse_proxy 192.168.50.4:8080
+}
+
+wetty.gynther.se {
+	import auth
+	import common
+	redir / /wetty
+	reverse_proxy wetty:3001
+}
+
+gitea.gynther.se {
+	import common
+	reverse_proxy 192.168.50.2:3002
+}
+
+# ============================================
+# Import Service (Document Converter) - Standalone UI
+# ============================================
+import.gynther.se {
+	import common
+	reverse_proxy recipe-import-service:3000
+}
+
+# ============================================
+# RECIPE APP + IMPORT SERVICE
+# ============================================
+recept.gynther.se {
+	import common
+
+	# === IMPORT SERVICE (Document Converter) ===
+	# Dessa endpoints måste komma FÖRST innan backend reglerna!
+	handle /api/recipes/import* {
+		reverse_proxy recipe-import-service:3000
+	}
+
+	# === RECIPE FRONTEND PROXY ENDPOINTS ===
+	# Next.js API routes
+	handle /api/inventory-history-proxy {
+		reverse_proxy recipe-frontend:3000
+	}
+
+	handle /api/admin/merge-preview-proxy {
+		reverse_proxy recipe-frontend:3000
+	}
+
+	handle /api/recipe-preview-proxy {
+		reverse_proxy recipe-frontend:3000
+	}
+
+	# === RECIPE BACKEND API ENDPOINTS ===
+	# Backend körs på port 8080 (från docker-compose)
+	handle /api/products* {
+		reverse_proxy recipe-api:8080
+	}
+
+	handle /api/inventory* {
+		reverse_proxy recipe-api:8080
+	}
+
+	handle /api/recipes* {
+		reverse_proxy recipe-api:8080
+	}
+
+	# === HEALTH CHECKS ===
+	handle /health {
+		reverse_proxy recipe-api:8080
+	}
+
+	# === CATCH ALL ===
+	# Övriga /api/* går till frontend
+	handle /api/* {
+		reverse_proxy recipe-frontend:3000
+	}
+
+	# Frontend - catch all remaining routes (port 3000)
+	reverse_proxy /* recipe-frontend:3000
+}
+}
+
+(common) {
+	encode gzip zstd
+	header {
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		X-Content-Type-Options "nosniff"
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+		Referrer-Policy "strict-origin-when-cross-origin"
+		Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()"
+		Cross-Origin-Opener-Policy "same-origin"
+		Cross-Origin-Resource-Policy "same-origin"
+		Cross-Origin-Embedder-Policy "require-corp"
+	}
+}
+
 test.gynther.se {
 	import auth
 	import common