Created
March 28, 2023 12:37
-
-
Save HelgeSverre/58eb6158a1fc48d340d7936d51f2867a to your computer and use it in GitHub Desktop.
Updated: Unlimited SSL Domain on Laravel Vapor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Stop and disable NGINX | |
| sudo systemctl stop nginx | |
| sudo systemctl disable nginx | |
| # Install Go | |
| wget https://go.dev/dl/go1.20.2.linux-amd64.tar.gz | |
| sudo rm -rf /usr/local/go | |
| sudo tar -C /usr/local -xzf go1.20.2.linux-amd64.tar.gz | |
| rm -f go1.20.2.linux-amd64.tar.gz | |
| # Add go directories to path | |
| export PATH=$PATH:/usr/local/go/bin:`go env GOPATH`/bin | |
| # Install xcaddy | |
| go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest | |
| # Build xcaddy with dynamodb module | |
| xcaddy build --with github.com/silinternational/certmagic-storage-dynamodb/v3 | |
| # Move the binary to $PATH | |
| sudo mv caddy /usr/bin/ | |
| # Make it executable | |
| sudo chmod +x /usr/bin/caddy | |
| # Create a group named caddy | |
| sudo groupadd --system caddy | |
| # Create a user named caddy, with a writeable home folder | |
| sudo useradd --system \ | |
| --gid caddy \ | |
| --create-home \ | |
| --home-dir /var/lib/caddy \ | |
| --shell /usr/sbin/nologin \ | |
| --comment "Caddy web server" \ | |
| caddy | |
| # Create the environment file | |
| sudo echo ' | |
| AWS_ACCESS_KEY=REPLACE | |
| AWS_SECRET_ACCESS_KEY=REPLACE | |
| AWS_REGION=REPLACE' | sudo tee /etc/environment | |
| # Create the caddy directory & Caddyfile | |
| sudo mkdir /etc/caddy | |
| sudo touch /etc/caddy/Caddyfile | |
| # Write the config file | |
| sudo echo '{ | |
| on_demand_tls { | |
| ask https://your-website.com/caddy-check | |
| } | |
| storage dynamodb caddy_ssl_certificates | |
| } | |
| :80 { | |
| respond /health "Im healthy!" 200 | |
| } | |
| :443 { | |
| tls [email protected] { | |
| on_demand | |
| } | |
| reverse_proxy https://your-website.com { | |
| header_up Host your-website.com | |
| header_up User-Custom-Domain {host} | |
| header_up X-Forwarded-Port {server_port} | |
| health_timeout 5s | |
| } | |
| }' | sudo tee /etc/caddy/Caddyfile | |
| sudo touch /etc/systemd/system/caddy.service | |
| # Write the caddy service file | |
| sudo echo '# caddy.service | |
| # | |
| # WARNING: This service does not use the -resume flag, so if you | |
| # use the API to make changes, they will be overwritten by the | |
| # Caddyfile next time the service is restarted. If you intend to | |
| # use Caddys API to configure it, add the -resume flag to the | |
| # `caddy run` command or use the caddy-api.service file instead. | |
| [Unit] | |
| Description=Caddy | |
| Documentation=https://caddyserver.com/docs/ | |
| After=network.target | |
| [Service] | |
| User=caddy | |
| Group=caddy | |
| ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile | |
| ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile | |
| TimeoutStopSec=5s | |
| LimitNOFILE=1048576 | |
| LimitNPROC=512 | |
| PrivateTmp=true | |
| ProtectSystem=full | |
| AmbientCapabilities=CAP_NET_BIND_SERVICE | |
| EnvironmentFile=/etc/environment | |
| [Install] | |
| WantedBy=multi-user.target' | sudo tee /etc/systemd/system/caddy.service | |
| # Start the service | |
| sudo systemctl daemon-reload | |
| sudo systemctl enable caddy | |
| sudo systemctl start caddy | |
| # Remember, when making changes to the config file, you need to run | |
| #sudo systemctl reload caddy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment