summaryrefslogtreecommitdiff
path: root/caddy/entrypoint.sh
AgeCommit message (Collapse)AuthorLines
13 daysRestrict proxy to Japan IPs using ipdeny.com CIDR listyyamashita-10/+10
Downloads jp-aggregated.zone from ipdeny.com at container startup (no account required). Falls back to open access if download fails. Removed caddy-maxmind-geoip module (no longer needed). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 daysAdd GeoIP Japan-only filter to forward proxyyyamashita-5/+22
Uses caddy-maxmind-geoip module to restrict proxy access to JP IPs. DB file (GeoLite2-Country.mmdb) must be placed manually on the server. Filter is inactive when DB file is absent, allowing safe rollout. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 daysFix HTTP proxy: use catch-all http:// block for port 80yyamashita-1/+2
The forward_proxy site block must catch all hosts on port 80 because proxy clients send Host: <target> not Host: proxy.yyamashita.com. Non-proxy requests fall through to the redir for HTTPS upgrade. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 daysFix forward_proxy config: remove unsupported hide_ip/hide_via directivesyyamashita-6/+2
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 daysTemporarily disable proxy auth (PROXY_NO_AUTH=1)yyamashita-2/+2
Add PROXY_NO_AUTH env var support to entrypoint.sh to skip basicauth generation. Set to 1 in docker-compose.yml to allow unauthenticated access. Revert by removing the environment block from docker-compose.yml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 daysMove forward proxy from Squid to Caddy (port 80/443)yyamashita-0/+35
Replace standalone Squid container with caddy-forwardproxy plugin so the proxy shares Caddy's existing ports and TLS. HTTP on :80 and HTTPS on :443. Auth is read from the same vpn/users.conf at Caddy startup via entrypoint.sh. DNS: add proxy to setup-route53.py WEB_SUBDOMAINS. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>