Guides

User Tools

Site Tools

You are here: start » esxi » caddy_server
esxi:caddy_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
esxi:caddy_server [2024/07/26 10:01]
derek 		esxi:caddy_server [2024/09/22 19:51] (current)
Line 4: Line 4:
  
 ====Setup==== ====Setup====
-  * Set up DNS with Cloudflare using the [web:cloudflare|Guide] +  * Set up DNS with Cloudflare using [[web:cloudflare|This Guide]
-  * Add the desired publicly accessible subdomains used in the caddyfile to Cloudflare+  * For each domain used: 
-    * Navigate to the domain > ''DNS'' +    * Navigate to each domain > ''DNS'': 
-    For each subdomain+      Add wildcard CNAME record
-      * ''Add record'' +        * ''Add record'' 
-      * ''Type'' > ''CNAME''  +        * ''Type'' > ''CNAME''  
-      * ''Name''<subdomain> +        * ''Name'''*' 
-      * ''Target'' > <domain name> +        * ''Target'' > <domain name> 
-      * ''Proxy status'' > ''DNS only'' +        * ''Proxy status'' > ''DNS only'' 
-      * ''Save'' +        * ''Save'' 
-    Repeat for any other domains+      Add a 'SRV' record for any minecraft servers to allow accessing them using subdomains instead of port numbers 
 +        * If not using a wildcard CNAME record, add a CNAME record for the desired subdomain as above 
 +        * ''Add record'' 
 +        * ''Type'' > ''SRV''  
 +        * ''Name'' > '_minecraft._tcp' 
 +        * ''Priority'' & ''Weight'' > 0 
 +        * ''Port'' > <port configured in minecraft server> 
 +        * ''Target'' > <full sub.domain name desired> 
 +        * ''Save''
  
 Install a base installation of Photon OS with the following changes: Install a base installation of Photon OS with the following changes:
Line 31: Line 39:
 sed -i "s/COMMIT/-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\nCOMMIT/" /etc/systemd/scripts/ip4save sed -i "s/COMMIT/-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\nCOMMIT/" /etc/systemd/scripts/ip4save
 reboot  # And then reconnect the SSH client reboot  # And then reconnect the SSH client
- 
-# Download Caddy 
-tdnf install tar 
-mkdir /tmp/caddydir 
-# Copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file from https://github.com/caddyserver/caddy/releases/latest 
-curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>" 
-tar -xzf caddy.tar.gz -C /tmp/caddydir 
-mv /tmp/caddydir/caddy /usr/bin/ 
-rm /tmp/caddydir/* 
  
 # Add the caddy group and user # Add the caddy group and user
Line 51: Line 50:
     caddy     caddy
  
-# Config file and html pages 
 cd /usr/bin cd /usr/bin
 +
 +# Download Caddy
 +curl -L -o "caddy" "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fcloudflare&p=github.com%2Fgreenpau%2Fcaddy-security&p=github.com%2Fcaddyserver%2Fntlm-transport&idempotency=99104049722873"
 +chmod 755 caddy
 +
 +# Config file and html pages
 curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64" curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64"
 chmod u+x fetch chmod u+x fetch
-# Generate a GitHub Personal Access Token at https://github.com/settings/tokens + 
-fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy+# Generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
 +# Enter the key when this command asks 
 +read -rp "Enter github api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token" > /etc/profile.d/github_token.sh 
 +# Reload the shell so it exports the tokens in this session 
 +exec $SHELL 
 + 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" /etc/caddy
 chmod -R a=r,u+w,a+X /etc/caddy chmod -R a=r,u+w,a+X /etc/caddy
  
-# Setup startup, and run+# Setup caddy startup service
 curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service" curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service"
 systemctl daemon-reload systemctl daemon-reload
-systemctl enable caddy + 
-systemctl start caddy+# Get a DNS API token from https://dash.cloudflare.com/profile/api-tokens: 
 +#   Edit zone DNS > Use template: 
 +#     Zone.Zone:Read permission 
 +#     Access to all zones 
 +#   Save/keep open the API token 
 +#   Edit zone DNS > Use template: 
 +#     Zone.DNS:Edit permission 
 +#     Restriction of the domain you're managing with Caddy 
 +#   Save/keep open the API token 
 + 
 +# Set up Google OAuth 2.0: 
 +#   Go to: [[https://console.cloud.google.com/projectcreate]] 
 +#   Follow the guide on [[https://docs.authcrunch.com/docs/authenticate/oauth/backend-oauth2-0002-google]] 
 +#   Save/keep open the Client ID/Secret 
 + 
 +systemctl edit caddy 
 +# Paste in the following lines with their respective keys filled in: 
 +[Service] 
 +Environment="CF_ZONE_TOKEN=" 
 +Environment="CF_API_TOKEN=" 
 +Environment="GOOGLE_CLIENT_ID=" 
 +Environment="GOOGLE_CLIENT_SECRET=" 
 +# Then save and exit the file with: ESC, :wq 
 + 
 +# Enable and run the Caddy service 
 +systemctl enable --now caddy
 </code> </code>
  
Line 80: Line 115:
 systemctl reload caddy systemctl reload caddy
 </code> </code>
 +
 +Edit the Caddyfile at [[https://github.com/Archer4499/Configs/blob/master/Server/Caddy/Caddyfile]] to add or modify services then follow the command in [[#Update]] to update the file in the VM.
 +
 +Services that require setting Trusted Proxies:
 +  * [[esxi:xpenology]]
 +  * [[home:Home Assistant]]
 +  * [[esxi:AMP Game Server]]
  
 @No_Backup @No_Backup
Line 86: Line 128:
 {{page>esxi:photon_os#Update&noheader}} {{page>esxi:photon_os#Update&noheader}}
  
 +Check for updates and changelogs from: [[https://github.com/caddyserver/caddy/releases/latest]]
 <code bash> <code bash>
-Update Caddy+Check the current running version
 caddy version caddy version
-Compare with the version from https://github.com/caddyserver/caddy/releases/latest and copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file if newer + 
-curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>" +Update Caddy 
-tar -xzf caddy.tar.gz -C /tmp/caddydir +caddy update 
-mv /tmp/caddydir/caddy /usr/bin/ +chmod 755 /usr/bin/caddy
-rm /tmp/caddydir/*+
 systemctl reload caddy systemctl reload caddy
  
-Update just config +Once a year generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
-# Generate a GitHub Personal Access Token at https://github.com/settings/tokens +# Enter the key when this command asks 
-fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy/Caddyfile" --github-oauth-token="<GitHub PAT>" /etc/caddy/Caddyfile+read -rp "Enter api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token" > /etc/profile.d/github_token.sh 
 +# Reload the shell so it exports the tokens in this session 
 +exec $SHELL 
 + 
 +# Update just the Caddy config 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy/Caddyfile" /etc/caddy/Caddyfile
  
 # Update Config and HTML # Update Config and HTML
 # Remove old folder if any files have been deleted/moved/renamed # Remove old folder if any files have been deleted/moved/renamed
 rm -r /etc/caddy rm -r /etc/caddy
-# Generate a GitHub Personal Access Token at https://github.com/settings/tokens +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" /etc/caddy
-fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy+
 chmod -R a=r,u+w,a+X /etc/caddy chmod -R a=r,u+w,a+X /etc/caddy
  
esxi/caddy_server.1721988060.txt.gz · Last modified: 2024/09/22 19:51 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki