codexss · October 18, 2017 13:01
diff --git a/caddy.service b/caddy.service
 #sudo nano /etc/systemd/system/caddy.service
 [Unit]
 Description=Caddy HTTP/2 web server
 Documentation=https://caddyserver.com/docs
 After=network-online.target
 Wants=network-online.target systemd-networkd-wait-online.service

 [Service]
 Restart=on-failure

 ; User and group the process will run as.
 User=root
 Group=root

 ; Letsencrypt-issued certificates will be written to this directory.
 ;Environment=HOME=/etc/ssl/caddy

 ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
 ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
 ExecReload=/bin/kill -USR1 $MAINPID

 ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
 LimitNOFILE=1048576
 ; Unmodified caddy is not expected to use more than that.
 LimitNPROC=64

 ; Use private /tmp and /var/tmp, which are discarded after caddy stops.
 PrivateTmp=true
 ; Use a minimal /dev
 ;PrivateDevices=true
 ; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
 ;ProtectHome=true
 ; Make /usr, /boot, /etc and possibly some more folders read-only.
 ;ProtectSystem=full
 ; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
 ;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
 ;ReadWriteDirectories=/etc/ssl/caddy

 ; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
 ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 ; … but permit caddy to open ports reserved for system services.
 ;   This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
 ;AmbientCapabilities=CAP_NET_BIND_SERVICE
 ; … and prevent gaining any new privileges.
 ;NoNewPrivileges=true

 ; Caveat: Some plugins need additional capabilities. Add them to both above lines.
 ; - plugin "upload" needs: CAP_LEASE

 [Install]
 WantedBy=multi-user.target
diff --git a/Caddyfile b/Caddyfile
 #cd /etc/caddy/Caddyfile
 example.com {
    root /usr/share/nginx/html
    gzip
    log /var/log/caddy/access.log
    #fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
    #fastcgi / fastcgi / 127.0.0.1:9000 php # Fast CGI php interpreter
    #using with laravel
    fastcgi / unix:/var/run/php-fpm/php-fpm.sock php {
        index index.php
    }

    rewrite {
        to {path} {path}/ /index.php?{query}
    }
 }
diff --git a/command.txt b/command.txt
 #login as root
 #download caddy web server and put file on /usr/local/bin
 #create caddy config file aka Caddyfile on /etc/caddy
 #http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
 #http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
 #https://binaryfigments.com/news/limit-requests-on-caddy-with-fail2ban/
 #https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
 https://briansnelson.com/How_to_install_gifsicle_for_CentOS
 https://briansnelson.com/How_to_install_jpegoptim_for_CentOS
 http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
 https://blog.harrier.us/running-caddy-as-a-reverse-proxy-on-centos-7/
	#sudo nano /etc/systemd/system/caddy.service
	[Unit]
	Description=Caddy HTTP/2 web server
	Documentation=https://caddyserver.com/docs
	After=network-online.target
	Wants=network-online.target systemd-networkd-wait-online.service

	[Service]
	Restart=on-failure

	; User and group the process will run as.
	User=root
	Group=root

	; Letsencrypt-issued certificates will be written to this directory.
	;Environment=HOME=/etc/ssl/caddy

	; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
	ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
	ExecReload=/bin/kill -USR1 $MAINPID

	; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
	LimitNOFILE=1048576
	; Unmodified caddy is not expected to use more than that.
	LimitNPROC=64

	; Use private /tmp and /var/tmp, which are discarded after caddy stops.
	PrivateTmp=true
	; Use a minimal /dev
	;PrivateDevices=true
	; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
	;ProtectHome=true
	; Make /usr, /boot, /etc and possibly some more folders read-only.
	;ProtectSystem=full
	; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
	; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
	;ReadWriteDirectories=/etc/ssl/caddy

	; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
	;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
	; … but permit caddy to open ports reserved for system services.
	; This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
	;AmbientCapabilities=CAP_NET_BIND_SERVICE
	; … and prevent gaining any new privileges.
	;NoNewPrivileges=true

	; Caveat: Some plugins need additional capabilities. Add them to both above lines.
	; - plugin "upload" needs: CAP_LEASE

	[Install]
	WantedBy=multi-user.target
	#cd /etc/caddy/Caddyfile
	example.com {
	root /usr/share/nginx/html
	gzip
	log /var/log/caddy/access.log
	#fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
	#fastcgi / fastcgi / 127.0.0.1:9000 php # Fast CGI php interpreter
	#using with laravel
	fastcgi / unix:/var/run/php-fpm/php-fpm.sock php {
	index index.php
	}

	rewrite {
	to {path} {path}/ /index.php?{query}
	}
	}
	#login as root
	#download caddy web server and put file on /usr/local/bin
	#create caddy config file aka Caddyfile on /etc/caddy
	#http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
	#http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
	#https://binaryfigments.com/news/limit-requests-on-caddy-with-fail2ban/
	#https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
	https://briansnelson.com/How_to_install_gifsicle_for_CentOS
	https://briansnelson.com/How_to_install_jpegoptim_for_CentOS
	http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
	https://blog.harrier.us/running-caddy-as-a-reverse-proxy-on-centos-7/