Mirrors/bsd-apps
1
0
Fork 0
mirror of https://github.com/tschettervictor/bsd-apps.git synced 2025-12-11 09:30:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
241beef4429ea23dc8c0ad8002b56f9eed9fb8ad
bsd-apps/caddy
History
tschettervictor de449a6678 Update caddy-install.sh - add “Done” note
2024-09-28 18:43:35 -06:00
..
includes
Create caddy
2024-09-15 15:26:47 -06:00
caddy-install.sh
Update caddy-install.sh - add “Done” note
2024-09-28 18:43:35 -06:00
README.md
Create README.md
2024-09-15 15:22:47 -06:00

README.md

Caddy

https://caddyserver.com

Command to fetch script

fetch https://raw.githubusercontent.com/tschettervictor/bsd-apps/main/caddy/caddy-install.sh

Don't forget to

chmod +x caddy-install.sh

Install Notes

  • this script will build caddy and configure it using one of the certificate options below. It is a script that should be used as
    • a reverse proxy
    • a webserver instance to serve https
  • it will simply build and prepare caddy so users can put it in front of a web application
  • it can be run in the same jail as another web application and configured to serve the application via http/https (whichever option you enable below)

Variables

These are the variables that are available to change along with their defaults and a description of what they do.

HOST_NAME (sets the hostname to use for the webserver) - must be set to your FQDN ie: my.domain.com

Cerificate Configuration

Caddy is a webserver that can do automatic TLS and HTTPS for you. You should enable one AND ONLY ONE of the following 4 CERT confiurations to tell the script how you want Caddy to work. Unless you are going to put Vaultwarden behind a reverse proxy, you should not ever choose NO_CERT.

  • NO_CERT (no certificate will be created, http access)
  • STANDALONE_CERT (fully working cert, must own a domain, and have ports 80 and 443 forwarded to your jail)
  • SELFSIGNED_CERT (generates a self-signed cert for use with https)
  • DNS_CERT
    • must be used together with CERT_EMAIL DNS_TOKEN and DNS_PLUGIN
    • must own a domain that allows DNS validation
    • will generate a DNS validated cert
  • DNS_PLUGIN (set this to a supported DNS plugin, see caddy docs for details) -only used with DNS_CERT
  • DNS_TOKEN (must have "Zone / Zone / Read" and "Zone / DNS / Edit" permissions on the domain you are using with Caddy) - only used with DNS_CERT
  • CERT_EMAIL (your email to receive cert expiry) - used with DNS_CERT and STANDALONE_CERT
  • If you do use any type of certificate with a domain, Caddy will obtain a staging certificate to not excede rate limits. Once you have confirmed things are working, run the script at /root/remove-staging.sh to acquire a valid certificate.

All of the above variable should be changed to fit your environment.

Mount points (should be mounted outside the jail)

  • none

Jail Properties

  • none