mirror of
https://github.com/kossakovsky/n8n-install.git
synced 2026-03-07 22:33:11 +00:00
c343d2c1e9
- Introduced Weaviate service in docker-compose.yml with necessary environment variables and health checks. - Updated Caddyfile to include reverse proxy settings for Weaviate with basic authentication. - Enhanced README.md to document Weaviate's integration and access details. - Modified scripts to generate secrets for Weaviate, including username and password handling. - Updated final report script to display Weaviate configuration details for user clarity.
120 lines
3.2 KiB
Caddyfile
120 lines
3.2 KiB
Caddyfile
{
|
|
# Global options - works for both environments
|
|
email {$LETSENCRYPT_EMAIL}
|
|
}
|
|
|
|
# N8N
|
|
{$N8N_HOSTNAME} {
|
|
# For domains, Caddy will automatically use Let's Encrypt
|
|
# For localhost/port addresses, HTTPS won't be enabled
|
|
reverse_proxy n8n:5678
|
|
}
|
|
|
|
# Open WebUI
|
|
{$WEBUI_HOSTNAME} {
|
|
reverse_proxy open-webui:8080
|
|
}
|
|
|
|
# Flowise
|
|
{$FLOWISE_HOSTNAME} {
|
|
reverse_proxy flowise:3001
|
|
}
|
|
|
|
# Langfuse
|
|
{$LANGFUSE_HOSTNAME} {
|
|
reverse_proxy langfuse-web:3000
|
|
}
|
|
|
|
# Supabase
|
|
{$SUPABASE_HOSTNAME} {
|
|
reverse_proxy kong:8000
|
|
}
|
|
|
|
# Grafana
|
|
{$GRAFANA_HOSTNAME} {
|
|
reverse_proxy grafana:3000
|
|
}
|
|
|
|
# Letta
|
|
{$LETTA_HOSTNAME} {
|
|
reverse_proxy letta:8283
|
|
}
|
|
|
|
# Weaviate
|
|
{$WEAVIATE_HOSTNAME} {
|
|
basic_auth {
|
|
{$WEAVIATE_USERNAME} {$WEAVIATE_PASSWORD_HASH}
|
|
}
|
|
reverse_proxy weaviate:8080
|
|
}
|
|
|
|
# Prometheus
|
|
{$PROMETHEUS_HOSTNAME} {
|
|
basic_auth {
|
|
{$PROMETHEUS_USERNAME} {$PROMETHEUS_PASSWORD_HASH}
|
|
}
|
|
reverse_proxy prometheus:9090
|
|
}
|
|
|
|
# SearXNG
|
|
{$SEARXNG_HOSTNAME} {
|
|
basic_auth {
|
|
{$SEARXNG_USERNAME} {$SEARXNG_PASSWORD_HASH}
|
|
}
|
|
encode zstd gzip
|
|
|
|
@api {
|
|
path /config
|
|
path /healthz
|
|
path /stats/errors
|
|
path /stats/checker
|
|
}
|
|
@search {
|
|
path /search
|
|
}
|
|
@imageproxy {
|
|
path /image_proxy
|
|
}
|
|
@static {
|
|
path /static/*
|
|
}
|
|
|
|
header {
|
|
# CSP (https://content-security-policy.com)
|
|
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src * data:; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com;"
|
|
# Disable some browser features
|
|
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
|
|
# Set referrer policy
|
|
Referrer-Policy "no-referrer"
|
|
# Force clients to use HTTPS
|
|
Strict-Transport-Security "max-age=31536000"
|
|
# Prevent MIME type sniffing from the declared Content-Type
|
|
X-Content-Type-Options "nosniff"
|
|
# X-Robots-Tag (comment to allow site indexing)
|
|
X-Robots-Tag "noindex, noarchive, nofollow"
|
|
# Remove "Server" header
|
|
-Server
|
|
}
|
|
|
|
header @api {
|
|
Access-Control-Allow-Methods "GET, OPTIONS"
|
|
Access-Control-Allow-Origin "*"
|
|
}
|
|
|
|
route {
|
|
# Cache policy
|
|
header Cache-Control "max-age=0, no-store"
|
|
header @search Cache-Control "max-age=5, private"
|
|
header @imageproxy Cache-Control "max-age=604800, public"
|
|
header @static Cache-Control "max-age=31536000, public, immutable"
|
|
}
|
|
|
|
# SearXNG (uWSGI)
|
|
reverse_proxy searxng:8080 {
|
|
header_up X-Forwarded-Port {http.request.port}
|
|
header_up X-Real-IP {http.request.remote.host}
|
|
# https://github.com/searx/searx-docker/issues/24
|
|
header_up Connection "close"
|
|
}
|
|
}
|