TIL - Caddy

irmadlad@lemmy.world · edit-2 17 days ago

TIL - Caddy

excess0680@lemmy.world · edit-2 16 days ago

If you’re using git to version Caddy configuration, you can use a pre-commit hook to test it, ensuring that you’ll never have invalid configuration. That’s what I do.

caddy validate

There’s some extra command args that may be necessary but that should be an adequate first step.

uranibaba@lemmy.world · 17 days ago

I did some bad formatting during my initial setup of caddy. Having the formater is really handy.

irmadlad@lemmy.world · 17 days ago

Well, I had a time wrapping my old head around Caddy. It took me an embarrassingly long time to get it, and one day the clouds cleared, and the sun shone through, and it made sense. I had no clue about the formater, but you can bet I’ve made some notes so I don’t do that shit again. LOL

Xanza@lemm.ee · 16 days ago

I like to use a justfile to do this all in one fell swoop;

default:
  just --list

caddy-refresh:
  caddy fmt --overwrite ~/.caddy
  caddy validate --config /etc/caddy/Caddyfile -a caddyfile
caddy-reload: caddy-refresh
  doas docker exec -it caddy caddy reload --config /etc/caddy/Caddyfile

~/.caddy is my caddyfile, which is system linked to /etc/caddy/Caddyfile. Doing it this way ensures there are no permission issues, and you don’t need sudo to edit your caddyfile. So you simply nvim ~/.caddy, make your changes, and then run just caddy-reload, which runs caddy-refresh before reloading the caddy config via docker.

Works great, and only involves one command.

InvertedParallax@lemm.ee · 17 days ago

Been using nginx, probably should change just because my mail uses letsencyrot while my http uses bought certs.

Letsencrypt has gone far enough that we can just rely on it now apparently.

4am@lemm.ee · 17 days ago

The orange menace apparently just defunded it so we’ll see

Akatsuki Levi@lemmy.world · 17 days ago

I have switched production to Caddy before V2 and haven’t looked back ever since. During my Apache era, always had to keep a eye on stuff and deal when things decided to break With caddy? I just throw the config and it just works without complaining at all

someacnt@sh.itjust.works · 17 days ago

Wait. I got the format warning in caddy, so does this mean it could contain substantial error? I gotta check

irmadlad@lemmy.world · 17 days ago

Don’t forget to make a backup before any changes.

sugar_in_your_tea@sh.itjust.works · 17 days ago

Better yet, track your configs in version control do you can easily roll it back and back it up, all at the same time.

effward@lemmy.world · 17 days ago

My ingress firewall blocks the cert renewal challenge requests because they always come from countries that I blanket block, which requires me to keep an eye on it and disable blocking on certain countries to allow the renewals to happen, then re-enable blocking… Let’s Encrypt (somewhat understandably) doesn’t publish the list of IPs that they will use for the challenge requests, so I’m not sure if there’s a better solution. Anyone dealt with this?

forbiddenlake@lemmy.world · 17 days ago

Use the DNS challenge instead? You’ll need a DNS provider with an API though

4am@lemm.ee · 17 days ago

Does Caddy use certbot to do the renewal? A long time ago DNS was a pain but now it seems like a lot of providers are supported.

effward@lemmy.world · 17 days ago

Huh, I didn’t know about this option. I’ll check it out. Thanks!

just_another_person@lemmy.world · 17 days ago

Cool. You got lucky. This is covered in the docs and is normal behavior.

The problems arise when this exchange doesn’t happen without issue though.