Caddy: Difference between revisions
No edit summary |
Cartwatson (talk | contribs) mNo edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 14: | Line 14: | ||
This snippet will let Caddy respond on <code>http://localhost</code> and <code>https://localhost</code> with a dummy text "Hello world!". When no port is mentioned on virtualhost like just <code>localhost</code> instead of <code>localhost:8080</code>, Caddy listens on <code>80</code> and <code>443</code> by default and redirects requests from port 80 (unsecured) to 443 (secured). | This snippet will let Caddy respond on <code>http://localhost</code> and <code>https://localhost</code> with a dummy text "Hello world!". When no port is mentioned on virtualhost like just <code>localhost</code> instead of <code>localhost:8080</code>, Caddy listens on <code>80</code> and <code>443</code> by default and redirects requests from port 80 (unsecured) to 443 (secured). | ||
Use <code>curl -iLk localhost</code> to verify the configuration. | |||
For SSL to work, just supply a public domain and ensure HTTP and HTTPS ports are accessible. Caddy will automatically configure TLS: | For SSL to work, just supply a public domain and ensure HTTP and HTTPS ports are accessible. Caddy will automatically configure TLS: | ||
| Line 27: | Line 29: | ||
== Configuration == | == Configuration == | ||
=== Reverse proxy === | === Reverse proxy === | ||
| Line 98: | Line 88: | ||
You'll need a [[Phpfpm|PHP-FPM]] socket listening on Unix socket path <code>/var/run/phpfpm/localhost.sock</code>. | You'll need a [[Phpfpm|PHP-FPM]] socket listening on Unix socket path <code>/var/run/phpfpm/localhost.sock</code>. | ||
=== Plug-ins === | |||
Following example is adding the plugin powerdns in version 1.0.1 to your Caddy binary | |||
<syntaxhighlight lang="nix"> | |||
services.caddy = { | |||
enable = true; | |||
package = pkgs.caddy.withPlugins { | |||
plugins = [ "github.com/caddy-dns/powerdns@v1.0.1" ]; | |||
hash = "sha256-F/jqR4iEsklJFycTjSaW8B/V3iTGqqGOzwYBUXxRKrc="; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
Get the correct hash by leaving the string empty at first and after rebuild, insert the hash which the build process calculated. | |||
In case a plugin has no version tag, you'll have to query it first. In this example we'll do this for the plugin caddy-webdav | |||
<syntaxhighlight lang="sh"> | |||
$ go mod init temp | |||
$ go get github.com/mholt/caddy-webdav | |||
$ grep 'caddy-webdav' go.mod | |||
github.com/mholt/caddy-webdav v0.0.0-20241008162340-42168ba04c9d // indirect | |||
</syntaxhighlight> | |||
Add this version string to your final config | |||
<syntaxhighlight lang="nix"> | |||
services.caddy = { | |||
enable = true; | |||
package = pkgs.caddy.withPlugins { | |||
plugins = [ "github.com/caddy-dns/caddy-webdav@v0.0.0-20241008162340-42168ba04c9d" ]; | |||
hash = "sha256-F/jqR4iEsklJFycTjSaW8B/V3iTGqqGOzwYBUXxRKrc="; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
=== uWSGI apps === | |||
Serving uWSGI apps with Caddy also requires a plugin, in this example we'll use [https://github.com/wxh06/caddy-uwsgi-transport caddy-uwsgi-transport]. See section above on how to fetch and update plugins.<syntaxhighlight lang="nix"> | |||
services.caddy = { | |||
package = pkgs.caddy.withPlugins { | |||
plugins = [ "github.com/BadAimWeeb/caddy-uwsgi-transport@v0.0.0-20240317192154-74a1008b9763" ]; | |||
hash = "sha256-aEdletYtVFnQMlWL6YW4gUgrrTBatoCIuugA/yvMGmI="; | |||
}; | |||
virtualHosts = { | |||
"myapp.example.org" = { | |||
extraConfig = '' | |||
reverse_proxy unix/${config.services.uwsgi.runDir}/myapp.sock { | |||
transport uwsgi | |||
} | |||
''; | |||
}; | |||
}; | |||
</syntaxhighlight>This example will serve a [[uWSGI]] app, provided by a unix socket file, on the host <code>myapp.example.org</code>. | |||
=== Passing environment variable secrets/configuring acme_dns === | === Passing environment variable secrets/configuring acme_dns === | ||