# Reusable snippet for standard TLS configuration (standard_tls) { tls { dns duckdns {env.DUCKDNS_TOKEN} resolvers 1.1.1.1 8.8.8.8 } } # --- Your Services --- # Nextcloud (Port 8082) - OMV800 nextcloud.pressmess.duckdns.org { reverse_proxy 192.168.50.229:8082 import standard_tls } # AppFlowy Server (Port 8080) - lenovo420 (192.168.50.254) appflowy-server.pressmess.duckdns.org { reverse_proxy 192.168.50.254:8080 import standard_tls } # Jellyfin (Port 8096) - OMV800 jellyfin.pressmess.duckdns.org { reverse_proxy 192.168.50.229:8096 import standard_tls } # Immich (Port 2283) - OMV800 immich.pressmess.duckdns.org { reverse_proxy 192.168.50.229:2283 import standard_tls } # Gitea (Port 3001) - OMV800 gitea.pressmess.duckdns.org { reverse_proxy 192.168.50.229:3001 import standard_tls } # Joplin (Port 22300) - OMV800 joplin.pressmess.duckdns.org { reverse_proxy 192.168.50.229:22300 import standard_tls } # Vikunja (Port 3456) - OMV800 vikunja.pressmess.duckdns.org { reverse_proxy 192.168.50.229:3456 import standard_tls } # n8n (Port 5678) - jonathan-2518f5u (FIXED: Correct IP) n8npressmess.duckdns.org { reverse_proxy 192.168.50.181:5678 { header_up X-Forwarded-Proto https header_up X-Forwarded-Port 443 header_up X-Forwarded-For {remote_host} header_up Host {host} } import standard_tls } # OMV Main (Port 80) - OMV800 - REMOVED: Security risk (system management) # omv.pressmess.duckdns.org { # reverse_proxy 192.168.50.229:80 # import standard_tls # } # OMV Backup (Port 80) - OMV Backup - REMOVED: Security risk (backup management) # omvbackup.pressmess.duckdns.org { # reverse_proxy 192.168.50.107:80 # import standard_tls # } # --- Docker Services --- # Portainer (Port 9000) - jonathan-2518f5u portainer.pressmess.duckdns.org { reverse_proxy 192.168.50.181:9000 import standard_tls } # Home Assistant (Port 8123) - jonathan-2518f5u homeassistant.pressmess.duckdns.org { reverse_proxy 192.168.50.181:8123 import standard_tls } # Music Assistant (Port 8095) - jonathan-2518f5u music-assistant.pressmess.duckdns.org { reverse_proxy 192.168.50.181:8095 import standard_tls } # ESPHome (Port 6052) - jonathan-2518f5u esphome.pressmess.duckdns.org { reverse_proxy 192.168.50.181:6052 import standard_tls } # Paperless-AI (Port 3000) - OMV800 (UPDATED: Now running on .229) paperless-ai.pressmess.duckdns.org { reverse_proxy 192.168.50.229:3000 import standard_tls } # Paperless-NGX (Port 8000) - OMV800 (UPDATED: Now running on .229) paperless.pressmess.duckdns.org { reverse_proxy 192.168.50.229:8000 { header_up X-Forwarded-Proto https header_up X-Forwarded-Port 443 header_up X-Forwarded-For {remote_host} header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-Host {host} } import standard_tls } # Z-Wave JS UI (Port 8091) - jonathan-2518f5u zwave.pressmess.duckdns.org { reverse_proxy 192.168.50.181:8091 import standard_tls } # Vaultwarden (Port 8088) - jonathan-2518f5u vaultwarden.pressmess.duckdns.org { reverse_proxy 192.168.50.181:8088 reverse_proxy /notifications/hub 192.168.50.181:3012 import standard_tls } # Homepage (Port 8080) - REMOVED: Not currently used, conflicts with AppFlowy # homepage.pressmess.duckdns.org { # reverse_proxy 192.168.50.254:8080 # import standard_tls # } # OmniTools (Port 9080) - immich_photos omnitools.pressmess.duckdns.org { reverse_proxy 192.168.50.66:9080 import standard_tls } # Node-Red (Port 1880) - OFFLINE DEVICE # node-red.pressmess.duckdns.org { # reverse_proxy 192.168.50.85:1880 # import standard_tls # } # Code-Server (Port 8443) - audrey - REMOVED: Security risk (full IDE access) # code-server.pressmess.duckdns.org { # reverse_proxy 192.168.50.145:8443 # import standard_tls # } # Dashboard (Port 8090) - lenovo420 (192.168.50.254) dashboard.pressmess.duckdns.org { reverse_proxy 192.168.50.254:8090 import standard_tls } # --- Monitoring Services (NEW) --- # Uptime Kuma (Port 3001) - audrey uptime-kuma.pressmess.duckdns.org { reverse_proxy 192.168.50.145:3001 import standard_tls } # Prometheus (Port 9091) - OMV800 (Docker Swarm Manager) prometheus.pressmess.duckdns.org { reverse_proxy 192.168.50.229:9091 import standard_tls } # Grafana (Port 3002) - OMV800 (Docker Swarm Manager) grafana.pressmess.duckdns.org { reverse_proxy 192.168.50.229:3002 import standard_tls } # Dozzle (Port 9999) - audrey - REMOVED: Security risk (Docker logs exposure) # dozzle.pressmess.duckdns.org { # reverse_proxy 192.168.50.145:9999 # import standard_tls # } # Portainer Agent (Port 9001) - audrey - REMOVED: Security risk (Docker daemon access) # portainer-agent.pressmess.duckdns.org { # reverse_proxy 192.168.50.145:9001 # import standard_tls # } # Netdata (Port 19999) - OFFLINE DEVICE # http://netdata.pressmess.duckdns.org { # reverse_proxy 192.168.50.243:19999 # } # --- COMMENTS ON CHANGES --- # # FIXES APPLIED: # 1. n8n: 192.168.50.225 → 192.168.50.181 (correct IP) # 2. Paperless-NGX: port 8010 → 8001 (correct port) # 3. AppFlowy: 192.168.50.229 → 192.168.50.254 (lenovo420) (correct IP) # 4. Dashboard: localhost → 192.168.50.254 (lenovo420) (correct IP) # 5. Homepage: REMOVED (not currently used, conflicts with AppFlowy) # # NEW SERVICES ADDED: # 6. Uptime Kuma: Service monitoring dashboard # 7. Dozzle: REMOVED - Security risk (Docker logs exposure) # 8. Portainer Agent: REMOVED - Security risk (Docker daemon access) # # SECURITY DECISIONS: # - AdGuard Home: KEPT LOCAL-ONLY (DNS filtering security) # - Database ports: KEPT LOCAL-ONLY (security) # - MQTT: KEPT LOCAL-ONLY (IoT security) # - OMV/OMV Backup: REMOVED (system management security) # - Portainer Agent: REMOVED (Docker daemon security) # - Code-Server: REMOVED (IDE access security) # - Dozzle: REMOVED (Docker logs security) # # DEVICE MAPPINGS: # - 192.168.50.229: OMV800 (root) # - 192.168.50.181: jonathan-2518f5u (jonathan) # - 192.168.50.254: lenovo420 (jon) # - 192.168.50.66: immich_photos (jon) # - 192.168.50.145: audrey (jon) # - 192.168.50.107: omvbackup (jon) # - 192.168.50.225: fedora (jonathan) # # OFFLINE SERVICES: # 1. Node-Red device (192.168.50.85) is offline # 2. Netdata device (192.168.50.243) is offline # # STATUS: All conflicts resolved, monitoring services added, ready for deployment