Last active
July 8, 2023 23:00
-
-
Save derit/86ac2f82c91f586931c81c2c23349a85 to your computer and use it in GitHub Desktop.
caddy
{ # Must be in global options php-fpm { cmd php-fpm -y fpm.conf sock_location path/to/fpm.sock start_timeout 10s } }
{ @trailing-slash { path_regexp dir (.+)/$ } rewrite @trailing-slash {re.dir.1}
root * /var/www
try_files {path} {path}.php {path}/index.php =404
php_fastcgi php:9000
encode gzip
file_server
}
:80
root * /var/www/html rewrite * /index.php?{query}&p={path} php_fastcgi php:9000 encode gzip file_server tls internal
router.example.duckdns.org { reverse_proxy 10.0.10.250.:5800 tls internal log { output file $PWD/caddy.log } }
localhost { encode zstd gzip templates file_server browse }
http://site1.com { root * /var/www/site_1 file_server }
http://site2.com { root * /var/www/site_2 file_server }
http://php-site.com { root * /var/www/php_site php_fastcgi * php-server:9000 file_server }
http://node-site.com { reverse_proxy node-server:8080 }
http://wordpress-site.com { reverse_proxy wordpress:80 }
FROM caddy:2.2.1
EXPOSE 80 443
RUN mkdir /var/www
&& chown -R root /var/www
&& apk add wget
RUN wget https://raw.githubusercontent.com/ColoradoStark/caddy-ssl-multisite/master/Caddyfile
&& mv Caddyfile /etc/caddy/Caddyfile
WORKDIR /var/www
ssl staging
{ email [email protected] }
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} ca https://acme-staging-v02.api.letsencrypt.org/directory }
example.com { file_server }
anotherdomain.com { file_server }
prod tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} }
zerossl tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} ca https://acme.zerossl.com/v2/DV90 }
143.198.139.109 { tls [email protected] { ca https://acme.zerossl.com/v2/DV90 } root * /tmp/public/ file_server }
{ acme_ca https://acme.zerossl.com/v2/DV90 email [email protected] }
{ cert_issuer zerossl <api_key> }
eab
Then you can specify them directly (this also works with Caddy 2.1):
{ acme_ca https://acme.zerossl.com/v2/DV90 acme_eab { key_id <key_id> mac_key <mac_key> } }
Using the tls directive If you want to use ZeroSSL for only some of your sites, you can use the tls directive 93 like you’re used to:
tls [email protected] { ca https://acme.zerossl.com/v2/DV90 } or, with an API key:
tls { issuer zerossl <api_key> } Or, with manually-generated EAB credentials:
tls { ca https://acme.zerossl.com/v2/DV90 eab <key_id> <mac_key> }
===api
#!/bin/bash
CADDY_API_URL="http://localhost:2019/load" DOMAIN="example.com" NEW_ROOT="/path/to/new/root"
curl -X POST $CADDY_API_URL
-H "Content-Type: application/json"
-d '{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":80"],
"routes": [
{
"match": [{
"host": ["'$DOMAIN'"]
}],
"handle": [
{
"handler": "file_server",
"root": "'$NEW_ROOT'"
}
]
}
]
}
}
}
}
}'
###path
#!/bin/bash
CADDY_API_URL="http://localhost:2019/config/apps/http/servers/srv0"
NEW_CONFIG='{ "listen": [":8081", ":8082"], "routes": [ { "handle": [{ "handler": "file_server", "root": "/path/to/new/root" }], "match": [{ "path": ["/"], "method": ["GET"] }] } ] }'
curl -X PATCH $CADDY_API_URL
-H "Content-Type: application/json"
-d "$NEW_CONFIG"
curl "http://localhost:2019/config/" | jq
curl -X DELETE "http://localhost:2019/config/apps/http/servers/srv0"
#!/bin/bash
CADDY_API_URL="http://localhost:2019/config/apps/http/servers/myserver"
NEW_CONFIG='{ "listen": [":8081", ":8082"], "routes": [ { "handle": [{ "handler": "file_server", "root": "/path/to/new/root" }], "match": [{ "path": ["/"], "method": ["GET"] }] } ] }'
curl -X PUT $CADDY_API_URL
-H "Content-Type: application/json"
-d "$NEW_CONFIG"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment