# Caddy ## Structure ``` . ├── caddy (80 | 443) └── Caddyfile ``` ### Caddy / xcaddy ```bash sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl # caddy curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list # xcaddy curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-xcaddy.list sudo apt update && sudo apt install -y caddy xcaddy ``` #### Build with dns-ovh ``` https://go.dev/dl/ ``` ```bash wget https://go.dev/dl/go1.23.1.linux-arm64.tar.gz rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.23.1.linux-arm64.tar.gz export PATH=$PATH:/usr/local/go/bin ``` ```bash mkdir ~/caddy cd caddy xcaddy build --with github.com/caddy-dns/ovh sudo mv caddy /usr/bin sudo chown root:root /usr/bin/caddy sudo chmod 755 /usr/bin/caddy sudo systemctl daemon-reload ``` ```bash sudo vim /etc/caddy/Caddyfile ``` ``` { debug http_port 80 https_port 443 email admin@delmar.bzh default_sni delmar.bzh acme_dns ovh { endpoint ovh-eu application_key 3f8bdfed17f848d8 application_secret 6946758d7515ecef108aeb286bf3c7d0 consumer_key 94b2ddf482d36421a33aa6b3aa515956 } } (LAN_only) { @local_subnets { not remote_ip 192.168.1.0/24 } respond @local_subnets 403 } *:80 { root * /var/www/comics encode gzip zstd file_server } bookstack.delmar.bzh reverse_proxy carlo:6875 encode gzip zstd } books.delmar.bzh { reverse_proxy sandy:8083 { header_up X-Scheme https } encode gzip zstd } cloud.delmar.bzh { encode gzip zstd reverse_proxy sandy:35771 { header_up Host {upstream_hostport} } redir /.well-known/carddav /remote.php/dav/ 301 redir /.well-known/caldav /remote.php/dav/ 301 header { Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" X-XSS-Protection "1; mode=block;" X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" } } webmin.delmar.bzh { reverse_proxy bob:10000 { transport http { read_buffer 0 write_buffer 0 tls_insecure_skip_verify versions 1.1 } } encode gzip zstd } dolibarr.delmar.bzh { reverse_proxy carlo:64616 encode gzip zstd } draw.delmar.bzh { reverse_proxy carlo:8080 encode gzip zstd } git.delmar.bzh { reverse_proxy carlo:3001 encode gzip zstd } homepage.delmar.bzh { reverse_proxy bob:5005 encode gzip zstd } home-assistant.delmar.bzh { reverse_proxy carlo:8123 encode gzip zstd } it.delmar.bzh { reverse_proxy bob:8888 encode gzip zstd } jellyfin.delmar.bzh { reverse_proxy gary:8096 encode gzip zstd } jellyseerr.delmar.bzh { reverse_proxy gary:5055 encode gzip zstd } wizarr.delmar.bzh { reverse_proxy gary:5690 encode gzip zstd } julien.delmar.bzh { root * /var/www/resumes/julien encode gzip zstd file_server } kontadenn.delmar.bzh { root * /var/www/kontadenn encode gzip zstd file_server } nds.delmar.bzh { root * /var/www/nds encode gzip zstd file_server } nsns.delmar.bzh { root * /var/www/nsns encode gzip zstd file_server } paperless.delmar.bzh { reverse_proxy sandy:8000 encode gzip zstd } penpot.delmar.bzh { reverse_proxy sandy:43735 encode gzip zstd } portainer.delmar.bzh { reverse_proxy bob:9000 encode gzip zstd } mobilizon.delmar.bzh { reverse_proxy carlo:4000 encode gzip zstd } send.delmar.bzh { reverse_proxy krabs:3000 encode gzip zstd } tools.delmar.bzh { reverse_proxy sandy:9890 encode gzip zstd } ugo.delmar.bzh { reverse_proxy carlo:8090 encode gzip zstd } vault.delmar.bzh { reverse_proxy carlo:8081 encode gzip zstd } www.delmar.bzh { root * /var/www/comics encode gzip zstd file_server } octoprint.delmar.bzh { handle_path /webcam/* { reverse_proxy localhost:54964 } reverse_proxy bernie:54963 { header_up X-Forwarded-Proto {scheme} } encode gzip zstd } ``` ```bash sudo systemctl restart caddy ``` # Services
ServiceHostIP:port
books.delmar.bzhsandy192.168.1.65:8083
bookstack.delmar.bzh sheldon192.168.1.230:6875
cloud.delmar.bzh sandy192.168.1.65:9880
cockpit.delmar.bzhbob192.168.1.99:9090
dolibarr.delmar.bzhcarlo192.168.1.163:8080
git.delmar.bzhcarlo192.168.1.163:3001
homepage.delmar.bzhbob192.168.1.99:5005
jellyfin.delmar.bzhsandy192.168.1.65:8096
jellyseer.delmar.bzhsandy192.168.1.65:5055
julien.delmar.bzhbob> Caddyfile
kontadenn.delmar.bzhbob> Caddyfile
nds.delmar.bzhbob> Caddyfile
nsns.delmar.bzhbob> Caddyfile
penpot.delmar.bzhcarlo192.168.1.163:8082
portainer.delmar.bzhbob192.168.1.99:9443
rallly.delmar.bzhcarlo192.168.1.163:3000
send.delmar.bzhkrabs192.168.1.229:8080
shop.delmar.bzhpatrick192.168.1.186:86
ugo.delmar.bzhpatrick192.168.1.186:82
uptime.delmar.bzhbob192.168.1.99:3001
vault.delmar.bzhcarlo192.168.1.163:8081
www.delmar.bzhbob> Caddyfile