LLM/n8n-install
1
0
Fork 0
mirror of https://github.com/kossakovsky/n8n-install.git synced 2026-04-26 01:16:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a99676e3d52cd5b7b1e23c2bedaa3a78f0803440
n8n-install/Caddyfile
Yury Kossakovsky bf7ce20f7b fix(caddy): add http block for welcome page to prevent redirect loop 
when accessing welcome page through cloudflare tunnel, caddy was
redirecting http to https, causing an infinite redirect loop.
adding an explicit http block prevents automatic https redirect.
2026-01-17 19:42:50 -07:00

251 lines
5.5 KiB
Caddyfile
Raw Blame History

{
# Global options - works for both environments
email {$LETSENCRYPT_EMAIL}
}
# N8N
{$N8N_HOSTNAME} {
# For domains, Caddy will automatically use Let's Encrypt
# For localhost/port addresses, HTTPS won't be enabled
reverse_proxy n8n:5678
}
# Open WebUI
{$WEBUI_HOSTNAME} {
reverse_proxy open-webui:8080
}
# Flowise
{$FLOWISE_HOSTNAME} {
reverse_proxy flowise:3001
}
# Dify
{$DIFY_HOSTNAME} {
reverse_proxy nginx:80
}
# RAGApp
{$RAGAPP_HOSTNAME} {
basic_auth {
{$RAGAPP_USERNAME} {$RAGAPP_PASSWORD_HASH}
}
reverse_proxy ragapp:8000
}
# RAGFlow
{$RAGFLOW_HOSTNAME} {
reverse_proxy ragflow:80
}
# Langfuse
{$LANGFUSE_HOSTNAME} {
reverse_proxy langfuse-web:3000
}
# # Ollama API
# {$OLLAMA_HOSTNAME} {
# reverse_proxy ollama:11434
# }
# Supabase
{$SUPABASE_HOSTNAME} {
reverse_proxy kong:8000
}
# Grafana
{$GRAFANA_HOSTNAME} {
reverse_proxy grafana:3000
}
# WAHA (WhatsApp HTTP API)
{$WAHA_HOSTNAME} {
reverse_proxy waha:3000
}
# Prometheus
{$PROMETHEUS_HOSTNAME} {
basic_auth {
{$PROMETHEUS_USERNAME} {$PROMETHEUS_PASSWORD_HASH}
}
reverse_proxy prometheus:9090
}
# Portainer
{$PORTAINER_HOSTNAME} {
reverse_proxy portainer:9000
}
# Postiz
{$POSTIZ_HOSTNAME} {
reverse_proxy postiz:5000
}
# Temporal UI (workflow orchestration for Postiz)
{$TEMPORAL_UI_HOSTNAME} {
basic_auth {
{$TEMPORAL_UI_USERNAME} {$TEMPORAL_UI_PASSWORD_HASH}
}
reverse_proxy temporal-ui:8080
}
# Databasus
{$DATABASUS_HOSTNAME} {
reverse_proxy databasus:4005
}
# Letta
{$LETTA_HOSTNAME} {
reverse_proxy letta:8283
}
# LightRAG (Graph-based RAG with Knowledge Extraction)
{$LIGHTRAG_HOSTNAME} {
reverse_proxy lightrag:9621
}
# Weaviate
{$WEAVIATE_HOSTNAME} {
reverse_proxy weaviate:8080
}
# Qdrant
{$QDRANT_HOSTNAME} {
reverse_proxy qdrant:6333
}
# ComfyUI
{$COMFYUI_HOSTNAME} {
basic_auth {
{$COMFYUI_USERNAME} {$COMFYUI_PASSWORD_HASH}
}
reverse_proxy comfyui:8188
}
# LibreTranslate (Self-hosted Translation API)
{$LT_HOSTNAME} {
basic_auth {
{$LT_USERNAME} {$LT_PASSWORD_HASH}
}
reverse_proxy libretranslate:5000
}
# Neo4j
{$NEO4J_HOSTNAME} {
reverse_proxy neo4j:7474
}
# Neo4j Bolt Protocol (wss)
https://{$NEO4J_HOSTNAME}:7687 {
reverse_proxy neo4j:7687
}
# NocoDB
{$NOCODB_HOSTNAME} {
reverse_proxy nocodb:8080
}
# PaddleOCR (PaddleX Basic Serving)
{$PADDLEOCR_HOSTNAME} {
basic_auth {
{$PADDLEOCR_USERNAME} {$PADDLEOCR_PASSWORD_HASH}
}
reverse_proxy paddleocr:8080
}
# Docling (Document Conversion API)
{$DOCLING_HOSTNAME} {
basic_auth {
{$DOCLING_USERNAME} {$DOCLING_PASSWORD_HASH}
}
reverse_proxy docling:5001
}
# Welcome Page (Post-install dashboard)
# HTTP block for Cloudflare Tunnel access (prevents redirect loop)
http://{$WELCOME_HOSTNAME} {
basic_auth {
{$WELCOME_USERNAME} {$WELCOME_PASSWORD_HASH}
}
root * /srv/welcome
file_server
try_files {path} /index.html
}
# HTTPS block for direct access
{$WELCOME_HOSTNAME} {
basic_auth {
{$WELCOME_USERNAME} {$WELCOME_PASSWORD_HASH}
}
root * /srv/welcome
file_server
try_files {path} /index.html
}
import /etc/caddy/addons/*.conf
# # SearXNG
{$SEARXNG_HOSTNAME} {
@protected not remote_ip 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 100.64.0.0/10
basic_auth @protected {
{$SEARXNG_USERNAME} {$SEARXNG_PASSWORD_HASH}
}
encode zstd gzip
@api {
path /config
path /healthz
path /stats/errors
path /stats/checker
}
@search {
path /search
}
@imageproxy {
path /image_proxy
}
@static {
path /static/*
}
header {
# CSP (https://content-security-policy.com)
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src * data:; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com;"
# Disable some browser features
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
# Set referrer policy
Referrer-Policy "no-referrer"
# Force clients to use HTTPS
Strict-Transport-Security "max-age=31536000"
# Prevent MIME type sniffing from the declared Content-Type
X-Content-Type-Options "nosniff"
# X-Robots-Tag (comment to allow site indexing)
X-Robots-Tag "noindex, noarchive, nofollow"
# Remove "Server" header
-Server
}
header @api {
Access-Control-Allow-Methods "GET, OPTIONS"
Access-Control-Allow-Origin "*"
}
route {
# Cache policy
header Cache-Control "max-age=0, no-store"
header @search Cache-Control "max-age=5, private"
header @imageproxy Cache-Control "max-age=604800, public"
header @static Cache-Control "max-age=31536000, public, immutable"
}
# SearXNG (uWSGI)
reverse_proxy searxng:8080 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Real-IP {http.request.remote.host}
# https://github.com/searx/searx-docker/issues/24
header_up Connection "close"
}
}
Reference in New Issue View Git Blame Copy Permalink