# Caddy ## Structure ``` . ├── caddy (80 | 443) └── Caddyfile ``` ### Caddy / xcaddy ```bash sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl # caddy curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list # xcaddy curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-xcaddy.list sudo apt update && sudo apt install -y caddy xcaddy ``` #### Build with dns-ovh ``` https://go.dev/dl/ ``` ```bash wget https://go.dev/dl/go1.23.1.linux-arm64.tar.gz rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.23.1.linux-arm64.tar.gz export PATH=$PATH:/usr/local/go/bin ``` ```bash mkdir ~/caddy cd caddy xcaddy build --with github.com/caddy-dns/ovh sudo mv caddy /usr/bin sudo chown root:root /usr/bin/caddy sudo chmod 755 /usr/bin/caddy sudo systemctl daemon-reload ``` ```bash sudo vim /etc/caddy/Caddyfile ``` ``` { debug http_port 80 https_port 443 email admin@delmar.bzh default_sni delmar.bzh admin :2019 acme_dns ovh { endpoint ovh-eu application_key 3f8bdfed17f848d8 application_secret 6946758d7515ecef108aeb286bf3c7d0 consumer_key 94b2ddf482d36421a33aa6b3aa515956 } log { output stderr format filter { # Preserves first 8 bits from IPv4 and 32 bits from IPv6 request>remote_ip ip_mask 8 32 request>client_ip ip_mask 8 32 # Remove identificable information request>remote_port delete request>headers delete request>uri query { delete url delete h delete q } } } servers { client_ip_headers X-Forwarded-For X-Real-IP # Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG # https://caddyserver.com/docs/caddyfile/options#trusted-proxies trusted_proxies static private_ranges trusted_proxies_strict } } (LAN_only) { @local_subnets { not remote_ip 192.168.1.0/24 } respond @local_subnets 403 } *:80 { encode { zstd gzip minimum_length 1024 } root * /var/www/comics file_server } 3dm.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bernie:3214 } affine.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:3010 } bookstack.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:6875 } books.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:32768 } cloud.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:35771 { header_up Host {upstream_hostport} } redir /.well-known/carddav /remote.php/dav/ 301 redir /.well-known/caldav /remote.php/dav/ 301 header { Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" X-XSS-Protection "1; mode=block;" X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" } } cpt.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:9090 { transport http { tls_insecure_skip_verify } } } cs.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy carlo:49505 } ctr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:47810 } cvs.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:54268 } dev.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:50154 } dkr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:32519 { header_up Host {upstream_hostport} } } ssm.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:32520 { header_up Host {upstream_hostport} } } dolibarr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:64616 } draw.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:24928 } gen.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy carlo:63578 } git.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy krabs:3001 } gotify.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:41901 } homepage.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:7575 } home-assistant.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:8123 } it.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:8888 } jellyfin.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:8096 } jellyseerr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:5055 } kontadenn.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/kontadenn file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } minio.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:9000 } mmm.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:8081 } nds.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/nds file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } nsns.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/nsns file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } octoprint.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bernie:54963 { header_up X-Forwarded-Proto {scheme} } } paperless.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:8000 } pdf.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:9890 } penpot.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:43735 } rallly.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy sandy:17818 } search.delmar.bzh encode { zstd gzip minimum_length 1024 } reverse_proxy carlo:23485 } send.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy krabs:53842 } shop.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/shop file_server } mailbear.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy carlo:1234 { header_up Host {upstream_hostport} } } cap.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:55338 } stream.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bernie:62036 basic_auth / { admin $2a$14$RuKvTkZWcLpyX/ptJmkmYOd6WpDACXi.fIcz2feCcvTW73vZ/4TSi } } tpml.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/tpml file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 / file_server } } twip.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy bob:23473 handle_errors { rewrite * /{err.status_code} reverse_proxy bob:23473 { header_up Host {upstream_hostport} replace_status {err.status_code} } } } ugo.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:8090 } vault.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:16081 } wizarr.delmar.bzh { encode { zstd gzip minimum_length 1024 } reverse_proxy gary:5690 } www.delmar.bzh { encode { zstd gzip minimum_length 1024 } root * /var/www/comics file_server handle_errors { @404 { expression {http.error.status_code} == 404 } rewrite @404 /404.html file_server } } ``` ```bash sudo systemctl restart caddy ``` # Services
Service Host IP:port
affine.delmar.bzh sandy (affine_server) 3010
(affine_migration_job)
(affine_postgres)
(affine_redis)
books.delmar.bzh sandy (booklore) 32768
(mariadb)
bookstack.delmar.bzh sandy (bookstack) 6875
(bookstack_db)
cloud.delmar.bzh sandy (nextcloud) 35771
(nextcloud-adminer) 62674
(nextcloud-coturn) 3478 | 5439 | 49160
(nextcloud-cron)
(nextcloud-mariadb)
(nextcloud-redis)
cpt.delmar.bzh All () 9090
cs.delmar.bzh sheldon (code-server) 49505
ctr.delmar.bzh bob (compose-craft-saas) 47810
(compose-craft-db) 27017
dev.delmar.bzh gary (appsmith) 50154
(pgadmin)
(postgres)
dkr.delmar.bzh bob (dokemon) 32519
dolibarr.delmar.bzh sandy (dolibarr_app) 64616
(dolibarr_db)
draw.delmar.bzh sandy drawio 24928
gen.delmar.bzh sheldon (webtrees) 63578
git.delmar.bzh carlo 192.168.1.163:3001
gotify.delmar.bzh bob (gotify) 41901
homepage.delmar.bzh gary (homarr) 7575
home-assistant.delmar.bzh gary (homeassistant) 8123
(mosquitto) 16883 | 19001
it.delmar.bzh bob (it-tools) 8888
jellyfin.delmar.bzh
jellyseer.delmar.bzh
wizarr.delmar.bzh		 gary (jellyfin) 8096
(jellyseerr) 5055
(wizarr) 5690
(qbittorrent)
(sabnzbd)
(radarr)
(sonarr)
(lidarr)
(prowlarr)
(bazarr)
(tdarr)
(unpackerr)
(gluetun) >>> VPN
kontadenn.delmar.bzh bob > Caddyfile
nds.delmar.bzh bob > Caddyfile
nsns.delmar.bzh bob > Caddyfile
octoprint.delmar.bzh
stream.delmar.bzh		 bernie (octoprint) 54963
(camera-streamer) 62036
paperless.delmar.bzh sandy (paperless-ngx) 8000
(paperless-postgres)
(paperless-redis)
pdf.delmar.bzh sandy (stirling-pdf) 9890
penpot.delmar.bzh sandy (penpot-frontend) 43735 (penpot-backend)
(penpot-exporter)
(penpot-postgres)
(penpot-redis)
*postgres* sheldon (postgres) 5432
(pgadmin) 15432
rallly.delmar.bzh sandy (reactive-resume_app) 54268
(reactive-resume_minio) 9000
(reactive-resume_chrome)
(reactive-resume_postgres)
search.delmar.bzh carlo (searxng) 23485
send.delmar.bzh krabs (zipline) 53842
tpml.delmar.bzh bob > Caddyfile
twip.delmar.bzh bob (twip) 23473
ugo.delmar.bzh gary (wordpress-app) 8090
(wordpress-adminer) 62674
(wordpress-mariadb)
vault.delmar.bzh gary (vaultwarden) 3012 | 16081
www.delmar.bzh bob > Caddyfile
... All watchtower