User Tools

Site Tools


esxi:caddy_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
esxi:caddy_server [2020/07/05 17:25]
derek
esxi:caddy_server [2024/09/22 19:51] (current)
Line 1: Line 1:
 =====Caddy Server===== =====Caddy Server=====
-FIXME: Explain the page/service+Caddy is a reverse proxy and lightweight webserver that automatically acquires and uses https certificates
-Using Caddy to host the list, Love Letter counter, and reverse proxy many internal sites+Caddy is used here to host list of linksthe Love Letter counter, and reverse proxy many internal sites.
  
 ====Setup==== ====Setup====
-Firstinstall a base installation of Photon OS with the following changes:+  * Set up DNS with Cloudflare using [[web:cloudflare|This Guide]] 
 +  * For each domain used: 
 +    * Navigate to each domain > ''DNS'': 
 +      * Add wildcard CNAME record: 
 +        * ''Add record'' 
 +        * ''Type'' > ''CNAME''  
 +        * ''Name'' > '*' 
 +        * ''Target'' > <domain name> 
 +        * ''Proxy status'' > ''DNS only'' 
 +        * ''Save'' 
 +      * Add a 'SRV' record for any minecraft servers to allow accessing them using subdomains instead of port numbers 
 +        * If not using a wildcard CNAME recordadd a CNAME record for the desired subdomain as above 
 +        * ''Add record'' 
 +        * ''Type'' > ''SRV''  
 +        * ''Name'' > '_minecraft._tcp' 
 +        * ''Priority'' & ''Weight'' > 0 
 +        * ''Port'' > <port configured in minecraft server> 
 +        * ''Target'' > <full sub.domain name desired> 
 +        * ''Save'' 
 + 
 +Install a base installation of Photon OS with the following changes:
   * Hostname: ''Caddy''   * Hostname: ''Caddy''
   * CPU: 1   * CPU: 1
Line 12: Line 32:
  
 ===Install Caddy Server:=== ===Install Caddy Server:===
-  * Add a port forwarding rule in your router for tcp, port ''http,https'' to the IP of the VM+  * Add a port forwarding rule in your router for tcp, port''http,https'' to the IP of this VM
   * Using an SSH client, connect to <hostname>:50001 then run:   * Using an SSH client, connect to <hostname>:50001 then run:
  
Line 19: Line 39:
 sed -i "s/COMMIT/-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\nCOMMIT/" /etc/systemd/scripts/ip4save sed -i "s/COMMIT/-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\nCOMMIT/" /etc/systemd/scripts/ip4save
 reboot  # And then reconnect the SSH client reboot  # And then reconnect the SSH client
- 
-# Download Caddy 
-tdnf install tar 
-mkdir /tmp/caddydir 
-# Copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file from https://github.com/caddyserver/caddy/releases/latest 
-curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>" 
-tar -xzf caddy.tar.gz -C /tmp/caddydir 
-mv /tmp/caddydir/caddy /usr/bin/ 
-rm /tmp/caddydir/* 
  
 # Add the caddy group and user # Add the caddy group and user
Line 39: Line 50:
     caddy     caddy
  
-# Config file and html pages 
 cd /usr/bin cd /usr/bin
 +
 +# Download Caddy
 +curl -L -o "caddy" "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fcloudflare&p=github.com%2Fgreenpau%2Fcaddy-security&p=github.com%2Fcaddyserver%2Fntlm-transport&idempotency=99104049722873"
 +chmod 755 caddy
 +
 +# Config file and html pages
 curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64" curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64"
 chmod u+x fetch chmod u+x fetch
-# Generate a GitHub Personal Access Token at https://github.com/settings/tokens + 
-fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy+# Generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
 +# Enter the key when this command asks 
 +read -rp "Enter github api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token" > /etc/profile.d/github_token.sh 
 +# Reload the shell so it exports the tokens in this session 
 +exec $SHELL 
 + 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" /etc/caddy
 chmod -R a=r,u+w,a+X /etc/caddy chmod -R a=r,u+w,a+X /etc/caddy
  
-# Setup startup, and run+# Setup caddy startup service
 curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service" curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service"
 systemctl daemon-reload systemctl daemon-reload
-systemctl enable caddy + 
-systemctl start caddy+# Get a DNS API token from https://dash.cloudflare.com/profile/api-tokens: 
 +#   Edit zone DNS > Use template: 
 +#     Zone.Zone:Read permission 
 +#     Access to all zones 
 +#   Save/keep open the API token 
 +#   Edit zone DNS > Use template: 
 +#     Zone.DNS:Edit permission 
 +#     Restriction of the domain you're managing with Caddy 
 +#   Save/keep open the API token 
 + 
 +# Set up Google OAuth 2.0: 
 +#   Go to: [[https://console.cloud.google.com/projectcreate]] 
 +#   Follow the guide on [[https://docs.authcrunch.com/docs/authenticate/oauth/backend-oauth2-0002-google]] 
 +#   Save/keep open the Client ID/Secret 
 + 
 +systemctl edit caddy 
 +# Paste in the following lines with their respective keys filled in: 
 +[Service] 
 +Environment="CF_ZONE_TOKEN=" 
 +Environment="CF_API_TOKEN=" 
 +Environment="GOOGLE_CLIENT_ID=" 
 +Environment="GOOGLE_CLIENT_SECRET=" 
 +# Then save and exit the file with: ESC, :wq 
 + 
 +# Enable and run the Caddy service 
 +systemctl enable --now caddy
 </code> </code>
  
-  * Edit the VM note and append the following FIXME:+  * Edit the VM note and append the following:
 <code> <code>
 +80,443/tcp Http,Https Caddy
 </code> </code>
   * Save a snapshot called ''Configured''   * Save a snapshot called ''Configured''
Line 67: Line 115:
 systemctl reload caddy systemctl reload caddy
 </code> </code>
 +
 +Edit the Caddyfile at [[https://github.com/Archer4499/Configs/blob/master/Server/Caddy/Caddyfile]] to add or modify services then follow the command in [[#Update]] to update the file in the VM.
 +
 +Services that require setting Trusted Proxies:
 +  * [[esxi:xpenology]]
 +  * [[home:Home Assistant]]
 +  * [[esxi:AMP Game Server]]
  
 @No_Backup @No_Backup
Line 73: Line 128:
 {{page>esxi:photon_os#Update&noheader}} {{page>esxi:photon_os#Update&noheader}}
  
 +Check for updates and changelogs from: [[https://github.com/caddyserver/caddy/releases/latest]]
 <code bash> <code bash>
-Update Caddy+Check the current running version
 caddy version caddy version
-Compare with the version from https://github.com/caddyserver/caddy/releases/latest and copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file if newer + 
-curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>" +Update Caddy 
-tar -xzf caddy.tar.gz -C /tmp/caddydir +caddy update 
-mv /tmp/caddydir/caddy /usr/bin/ +chmod 755 /usr/bin/caddy
-rm /tmp/caddydir/*+
 systemctl reload caddy systemctl reload caddy
  
-Update just config +Once a year generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
-# Generate a GitHub Personal Access Token at https://github.com/settings/tokens +# Enter the key when this command asks 
-fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy/Caddyfile" --github-oauth-token="<GitHub PAT>" /etc/caddy/Caddyfile+read -rp "Enter api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token" > /etc/profile.d/github_token.sh 
 +# Reload the shell so it exports the tokens in this session 
 +exec $SHELL 
 + 
 +# Update just the Caddy config 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy/Caddyfile" /etc/caddy/Caddyfile
  
 # Update Config and HTML # Update Config and HTML
 +# Remove old folder if any files have been deleted/moved/renamed
 rm -r /etc/caddy rm -r /etc/caddy
-# Generate a GitHub Personal Access Token at https://github.com/settings/tokens +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" /etc/caddy
-fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy+
 chmod -R a=r,u+w,a+X /etc/caddy chmod -R a=r,u+w,a+X /etc/caddy
 +
 +# Test updated Caddyfile
 +caddy validate --config /etc/caddy/Caddyfile
  
 # Use updated config file # Use updated config file
esxi/caddy_server.1593969931.txt.gz · Last modified: 2024/09/22 19:51 (external edit)