Guides

User Tools

Site Tools

You are here: start » esxi » caddy_server
esxi:caddy_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
esxi:caddy_server [2024/07/26 16:38]
derek 		esxi:caddy_server [2025/12/25 09:41] (current)
derek
Line 5: Line 5:
 ====Setup==== ====Setup====
   * Set up DNS with Cloudflare using [[web:cloudflare|This Guide]]   * Set up DNS with Cloudflare using [[web:cloudflare|This Guide]]
-  * Add the desired publicly accessible subdomains used in the caddyfile to Cloudflare+  * For each domain used: 
-    * Navigate to the domain > ''DNS'' +    * Navigate to each domain > ''DNS'': 
-    For each subdomain+      Add wildcard CNAME record
-      * ''Add record'' +        * ''Add record'' 
-      * ''Type'' > ''CNAME''  +        * ''Type'' > ''CNAME''  
-      * ''Name''<subdomain> +        * ''Name'''*' 
-      * ''Target'' > <domain name> +        * ''Target'' > <domain name> 
-      * ''Proxy status'' > ''DNS only'' +        * ''Proxy status'' > ''DNS only'' 
-      * ''Save'' +        * ''Save'' 
-    Repeat for any other domains+      Add a 'SRV' record for any minecraft servers to allow accessing them using subdomains instead of port numbers 
 +        * If not using a wildcard CNAME record, add a CNAME record for the desired subdomain as above 
 +        * ''Add record'' 
 +        * ''Type'' > ''SRV''  
 +        * ''Name'' > '_minecraft._tcp' 
 +        * ''Priority'' & ''Weight'' > 0 
 +        * ''Port'' > <port configured in minecraft server> 
 +        * ''Target'' > <full sub.domain name desired> 
 +        * ''Save''
  
 Install a base installation of Photon OS with the following changes: Install a base installation of Photon OS with the following changes:
Line 51: Line 59:
 curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64" curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64"
 chmod u+x fetch chmod u+x fetch
-# Generate a GitHub Personal Access Token at https://github.com/settings/tokens + 
-fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy+# Generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
 +# Enter the key when this command asks 
 +read -rp "Enter github api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token" > /etc/profile.d/github_token.sh 
 +# Reload the shell so it exports the tokens in this session 
 +exec $SHELL 
 + 
 +fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" /etc/caddy
 chmod -R a=r,u+w,a+X /etc/caddy chmod -R a=r,u+w,a+X /etc/caddy
  
-# Setup startup, and run+# Setup caddy startup service
 curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service" curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service"
 systemctl daemon-reload systemctl daemon-reload
 +
 +# Get a DNS API token from https://dash.cloudflare.com/profile/api-tokens:
 +#   Edit zone DNS > Use template:
 +#     Zone.DNS:Edit permission
 +#     Add a Permissions entry for: Zone.Zone:Read
 +#     Restriction of the domain you're managing with Caddy
 +#   Save/keep open the API token
 +
 +# Set up Google OAuth 2.0:
 +#   Go to: [[https://console.cloud.google.com/projectcreate]]
 +#   Follow the guide on [[https://docs.authcrunch.com/docs/authenticate/oauth/backend-oauth2-0002-google]]
 +#   Save/keep open the Client ID/Secret
 +
 +systemctl edit caddy
 +# Paste in the following lines with their respective keys filled in:
 +[Service]
 +Environment="CF_API_TOKEN="
 +Environment="GOOGLE_CLIENT_ID="
 +Environment="GOOGLE_CLIENT_SECRET="
 +# Then save and exit the file with: ESC, :wq
 +
 +# Enable and run the Caddy service
 systemctl enable --now caddy systemctl enable --now caddy
 </code> </code>
Line 75: Line 111:
 systemctl reload caddy systemctl reload caddy
 </code> </code>
 +
 +Edit the Caddyfile at [[https://github.com/Archer4499/Configs/blob/master/Server/Caddy/Caddyfile]] to add or modify services then follow the command in [[#Update]] to update the file in the VM.
 +
 +Services that require setting Trusted Proxies:
 +  * [[esxi:xpenology]]
 +  * [[home:Home Assistant]]
 +  * [[esxi:AMP Game Server]]
  
 @No_Backup @No_Backup
Line 88: Line 131:
 # Update Caddy # Update Caddy
 caddy update caddy update
 +chmod 755 /usr/bin/caddy
 systemctl reload caddy systemctl reload caddy
-# Once a year generate a new GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo and set it as an environment variable using the default profile + 
-touch /etc/profile.d/github_token.sh +# Once a year generate a GitHub Personal Access Token at https://github.com/settings/tokens with Read-Only Contents access to the Configs repo 
-vi /etc/profile.d/github_token.sh +# Enter the key when this command asks 
-# Add the following line with your token using ''i'', and ''ESC, :wq'' to save +read -rp "Enter api token: " token && echo "export GITHUB_OAUTH_TOKEN=$token"/etc/profile.d/github_token.sh 
-export GITHUB_OAUTH_TOKEN=<GitHub PAT> +# Reload the shell so it exports the tokens in this session
-# Reload the shell so it exports the token+
 exec $SHELL exec $SHELL
  
esxi/caddy_server.1722011931.txt.gz · Last modified: 2024/09/22 19:51 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki