Guides

User Tools

Site Tools

You are here: start » esxi » caddy_server
esxi:caddy_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
esxi:caddy_server [2020/07/03 18:47]
derek 		esxi:caddy_server [2025/12/25 09:41] (current)
derek
Line 1: Line 1:
 =====Caddy Server===== =====Caddy Server=====
-FIXME: Explain the page/service.+Caddy is a reverse proxy and lightweight webserver that automatically acquires and uses https certificates. 
 +Caddy is used here to host a list of links, the Love Letter counter, and reverse proxy many internal sites.
  
 ====Setup==== ====Setup====
-Firstinstall a base installation of Photon OS with the following changes:+  * Set up DNS with Cloudflare using [[web:cloudflare|This Guide]] 
 +  * For each domain used: 
 +    * Navigate to each domain > ''DNS'': 
 +      * Add wildcard CNAME record: 
 +        * ''Add record'' 
 +        * ''Type'' > ''CNAME''  
 +        * ''Name'' > '*' 
 +        * ''Target'' > <domain name> 
 +        * ''Proxy status'' > ''DNS only'' 
 +        * ''Save'' 
 +      * Add a 'SRV' record for any minecraft servers to allow accessing them using subdomains instead of port numbers 
 +        * If not using a wildcard CNAME recordadd a CNAME record for the desired subdomain as above 
 +        * ''Add record'' 
 +        * ''Type'' > ''SRV''  
 +        * ''Name'' > '_minecraft._tcp' 
 +        * ''Priority'' & ''Weight'' > 0 
 +        * ''Port'' > <port configured in minecraft server> 
 +        * ''Target'' > <full sub.domain name desired> 
 +        * ''Save'' 
 + 
 +Install a base installation of Photon OS with the following changes:
   * Hostname: ''Caddy''   * Hostname: ''Caddy''
   * CPU: 1   * CPU: 1
Line 11: Line 32:
  
 ===Install Caddy Server:=== ===Install Caddy Server:===
-  * Add a port forwarding rule in your router for tcp, port ''http,https'' to the IP of the VM+  * Add a port forwarding rule in your router for tcp, port''http,https'' to the IP of this VM
   * Using an SSH client, connect to <hostname>:50001 then run:   * Using an SSH client, connect to <hostname>:50001 then run:
  
Line 19: Line 40:
 reboot  # And then reconnect the SSH client reboot  # And then reconnect the SSH client
  
-Download Caddy +Add the caddy group and user
-tdnf install tar +
-mkdir /tmp/caddy +
-cd /tmp/caddy +
-# Copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file from https://github.com/caddyserver/caddy/releases/latest +
-curl -OL "<DownloadLink>" +
-tar -xzf <DownloadedFile> +
-mv caddy /usr/bin/ +
-cd ~ +
-rm -r /tmp/caddy +
- +
-# Add caddy group/user+
 groupadd --system caddy groupadd --system caddy
 useradd --system \ useradd --system \
Line 40: Line 50:
     caddy     caddy
  
-# Setup startup +cd /usr/bin 
-cd /etc/systemd/system/ + 
-curl -OL "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service"+# Download Caddy 
 +curl -L -o "caddy" "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fcloudflare&p=github.com%2Fgreenpau%2Fcaddy-security&p=github.com%2Fcaddyserver%2Fntlm-transport&idempotency=99104049722873" 
 +chmod 755 caddy 
 + 
 +# Config file and html pages 
 +curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64" 
 +chmod u+x fetch 
 + 
 +# Generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
 +# Enter the key when this command asks 
 +read -rp "Enter github api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token" > /etc/profile.d/github_token.sh 
 +# Reload the shell so it exports the tokens in this session 
 +exec $SHELL 
 + 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" /etc/caddy 
 +chmod -R a=r,u+w,a+X /etc/caddy 
 + 
 +# Setup caddy startup service 
 +curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service"
 systemctl daemon-reload systemctl daemon-reload
-systemctl enable caddy 
  
-Config file +Get a DNS API token from https://dash.cloudflare.com/profile/api-tokens: 
-mkdir /etc/caddy +#   Edit zone DNS > Use template: 
-chmod 755 /etc/caddy +#     Zone.DNS:Edit permission 
-cd /etc/caddy +#     Add a Permissions entry for: Zone.Zone:Read 
-FIXMEDownload Caddyfile +#     Restriction of the domain you're managing with Caddy 
-chmod 644 Caddyfile+#   Save/keep open the API token 
 + 
 +# Set up Google OAuth 2.0: 
 +#   Go to: [[https://console.cloud.google.com/projectcreate]] 
 +#   Follow the guide on [[https://docs.authcrunch.com/docs/authenticate/oauth/backend-oauth2-0002-google]] 
 +#   Save/keep open the Client ID/Secret 
 + 
 +systemctl edit caddy 
 +Paste in the following lines with their respective keys filled in
 +[Service] 
 +Environment="CF_API_TOKEN=" 
 +Environment="GOOGLE_CLIENT_ID=" 
 +Environment="GOOGLE_CLIENT_SECRET=" 
 +# Then save and exit the file with: ESC, :wq
  
-systemctl start caddy+# Enable and run the Caddy service 
 +systemctl enable --now caddy
 </code> </code>
  
   * Edit the VM note and append the following:   * Edit the VM note and append the following:
 <code> <code>
 +80,443/tcp Http,Https Caddy
 </code> </code>
   * Save a snapshot called ''Configured''   * Save a snapshot called ''Configured''
Line 69: Line 111:
 systemctl reload caddy systemctl reload caddy
 </code> </code>
 +
 +Edit the Caddyfile at [[https://github.com/Archer4499/Configs/blob/master/Server/Caddy/Caddyfile]] to add or modify services then follow the command in [[#Update]] to update the file in the VM.
 +
 +Services that require setting Trusted Proxies:
 +  * [[esxi:xpenology]]
 +  * [[home:Home Assistant]]
 +  * [[esxi:AMP Game Server]]
 +
 +@No_Backup
  
 ====Update==== ====Update====
 {{page>esxi:photon_os#Update&noheader}} {{page>esxi:photon_os#Update&noheader}}
  
-  * FIXMEDescribe update Process +Check for updates and changelogs from[[https://github.com/caddyserver/caddy/releases/latest]]
-  * Include in update all page using ''%%{{page>esxi:caddy_server#Update}}%%'' +
 <code bash> <code bash>
-Copy the link for the "caddy_2.x.x_linux_amd64.tar.gzfile from https://github.com/caddyserver/caddy/releases/latest +Check the current running version 
-curl -OL "<DownloadLink>" +caddy version 
-tar -xzf <DownloadedFile> + 
-mv caddy /usr/bin+# Update Caddy 
-cd ~ +caddy update 
-rm -r /tmp/caddy+chmod 755 /usr/bin/caddy 
 +systemctl reload caddy 
 + 
 +# Once a year generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
 +# Enter the key when this command asks 
 +read -rp "Enter api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token" > /etc/profile.d/github_token.sh 
 +# Reload the shell so it exports the tokens in this session 
 +exec $SHELL 
 + 
 +# Update just the Caddy config 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy/Caddyfile" /etc/caddy/Caddyfile 
 + 
 +# Update Config and HTML 
 +# Remove old folder if any files have been deleted/moved/renamed 
 +rm -r /etc/caddy 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" /etc/caddy 
 +chmod -R a=r,u+w,a+X /etc/caddy 
 + 
 +# Test updated Caddyfile 
 +caddy validate --config /etc/caddy/Caddyfile 
 + 
 +# Use updated config file
 systemctl reload caddy systemctl reload caddy
 </code> </code>
esxi/caddy_server.1593802054.txt.gz · Last modified: 2024/09/22 19:51 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki