esxi:caddy_server
This is an old revision of the document!
Table of Contents
Caddy Server
: Explain the page/service.
Using Caddy to host the list, Love Letter counter, and reverse proxy many internal sites
Setup
- Set up DNS with Cloudflare using the [web:cloudflare|Guide]
- Add the subdomains used in the caddyfile to Cloudflare:
- Navigate to the domain >
DNS - For each subdomain:
Add recordType>CNAMEName> <subdomain>Target> <domain name>Proxy status>DNS onlySave
- Repeat for any other domains
Install a base installation of Photon OS with the following changes:
- Hostname:
Caddy - CPU: 1
- Memory: 2GB
Setup minimal installed profile of PhotonOS
- Download the latest Photon OS
OVA with virtual hardware v15from https://github.com/vmware/photon/wiki/Downloading-Photon-OS - In ESXi:
Create/Register VM:Deploy a virtual machine from an OVF or OVA file- Name the VM
- Upload the Photon OS OVA file
- Specify the desired
Target Datastore - Accept the License Agreement
- Deselect
Power on automatically - Confirm settings and
Finish
- Wait for the files to upload
- If autostart is desired for this machine go to
Host>Manage>System>Autostart:- Click on the current VM
Enable- Use
Start earlierandStart laterto set the desired order
- Go to
Virtual Machineson the sidebar and click on the current VM Actions>Edit Settings:- Set the required CPU and Memory requirements
- If using NVMe storage for the datastore:
Add other device>NVMe controllerHard Disk 1>Controller location>NVMe controller 0- Save and reopen
Edit Settings - Remove
SCSI controller 0
- Select other appropriate VM settings depending on desired applications
- Power on the VM, then shut it down again to generate a MAC address
- Give the VM a static IP address from your router using the generated MAC address (found under
Hardware Configuration>Network adapter 1) and desired hostname - Power on the VM
- Using an SSH client, connect to the hostname set above, then run:
# Login with root details from the VM note # Follow instructions to set new password # Remove docker related packages if not needed to save space and faster updates tdnf erase containerd docker docker-cli docker-engine # Update packages: tdnf upgrade tdnf clean all # Disable password expiry: chage -M -1 root # Set new hostname: hostnamectl set-hostname <hostname-as-set-in-router> # Set the timezone to Perth ln -sf /usr/share/zoneinfo/Australia/Perth /etc/localtime # Change the SSH port to 50001: sed -i "s/#Port 22/Port 50001/" /etc/ssh/sshd_config sed -i "s/-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT/-A INPUT -p tcp -m tcp --dport 50001 -m state --state NEW -j ACCEPT/" /etc/systemd/scripts/ip4save exit
- Shut down the VM
- Edit VM note to be the following:
Minimal installed profile of PhotonOS User: root Ports: 50001/tcp SSH
- Save a snapshot called
Base Install
Install Caddy Server:
- Add a port forwarding rule in your router for tcp, port
http,httpsto the IP of the VM - Using an SSH client, connect to <hostname>:50001 then run:
# Allow http/https through iptables sed -i "s/COMMIT/-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\nCOMMIT/" /etc/systemd/scripts/ip4save reboot # And then reconnect the SSH client # Download Caddy tdnf install tar mkdir /tmp/caddydir # Copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file from https://github.com/caddyserver/caddy/releases/latest curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>" tar -xzf caddy.tar.gz -C /tmp/caddydir mv /tmp/caddydir/caddy /usr/bin/ rm /tmp/caddydir/* # Add the caddy group and user groupadd --system caddy useradd --system \ --gid caddy \ --create-home \ --home-dir /var/lib/caddy \ --shell /usr/sbin/nologin \ --comment "Caddy web server" \ caddy # Config file and html pages cd /usr/bin curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64" chmod u+x fetch # Generate a GitHub Personal Access Token at https://github.com/settings/tokens fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy chmod -R a=r,u+w,a+X /etc/caddy # Setup startup, and run curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service" systemctl daemon-reload systemctl enable caddy systemctl start caddy
- Edit the VM note and append the following:
80,443/tcp Http,Https Caddy
- Save a snapshot called
Configured
Notes
# View the Caddy log (add -n <num> to see the latest <num> entries, or -f to actively follow the log) journalctl -u caddy # Use updated config file systemctl reload caddy
@No_Backup
Update
- If desired, Log in to ESXi, navigate to the photon based VM and create new temporary snapshot
- Using an SSH client, connect to <hostname>:50001 then run:
tdnf upgrade
tdnf clean all
reboot # If desired/needed
# Update Caddy caddy version # Compare with the version from https://github.com/caddyserver/caddy/releases/latest and copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file if newer curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>" tar -xzf caddy.tar.gz -C /tmp/caddydir mv /tmp/caddydir/caddy /usr/bin/ rm /tmp/caddydir/* systemctl reload caddy # Update just config # Generate a GitHub Personal Access Token at https://github.com/settings/tokens fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy/Caddyfile" --github-oauth-token="<GitHub PAT>" /etc/caddy/Caddyfile # Update Config and HTML rm -r /etc/caddy # Generate a GitHub Personal Access Token at https://github.com/settings/tokens fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy chmod -R a=r,u+w,a+X /etc/caddy # Use updated config file systemctl reload caddy
Sources
esxi/caddy_server.1721922684.txt.gz · Last modified: 2024/09/22 19:51 (external edit)
