--- Alias: ["caddy"] Tag: ["Computer", "Server", "Reverse-Proxy"] Date: 2021-09-19 DocType: "Personal" Hierarchy: "NonRoot" TimeStamp: location: [51.514678599999996, -0.18378583926867909] CollapseMetaTable: Yes --- Parent:: [[Selfhosting]], [[Tools Server]] ---   ```button name Save type command action Save current file id Save ``` ^button-caddySave   # Configuring caddy   ```ad-abstract title: Summary collapse: open This note runs through [caddy](https://caddyserver.com), a free tool webserver allowing for reverse-proxy and automatic SSL certifications. ```   ```toc style: number ```   ---   ### Installation   #### Program installation 1. **Pull the software signature key & image** `echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list` 3. **Install caddy** `sudo apt update` `sudo apt install caddy` Installing caddy will create a default user 'caddy'. 4. **Test install** Go to the homepage to see the caddy default page.   #### Installing php PHP needs to be enabled for caddy to work. `sudo add-apt-repository ppa:ondrej/php` `sudo apt install php-cli php-fpm php-mysql` Check if php is installed correctly: `php --version`   ---   ### Configuration of caddy   Caddy will fetch a **SSL certificate** for all sub-domains and addresses present in the config file automatically, once the declaration is made properly.   #### Basic files & directories 1. Create a default website folder `sudo mkdir -p /var/www/html` 2. Create a default log folder `sudo mkdir /var/log/caddy` `sudo chown -R caddy:caddy /var/log/caddy`   #### Caddy configuration file Caddy's configuration file is inder: `/etc/caddy/Caddyfile` Default configuration is: >(localhost) { >root * /var/www/html >encode gzip zstd >php_fastcgi unix//run/php/php7.4-fpm.sock >tls (service email) { >protocols tls1.2 tls1.3 >} >}   #### PHP configuration file To update php, edit the following file: `sudo nano /etc/php/7.4/fpm/pool.d/www.conf` Change all 'www-data' user reference with 'caddy' including: ``` listen.owner = caddy listen.group = caddy ``` Once this is done, restart php: `sudo systemctl restart php7.4-fpm`   #### Configuration with the docker network Configuration of a service attached to the docker network is easy: > (hostname) { > encode zstd gzip > reverse_proxy xxx.yyy.zzz.aaa:port > }   #### Configuring login with a cookie ```ad-info title: Tutorial [Link](https://josheli.com/knob/2021/02/24/single-sign-on-in-caddy-server-using-only-the-caddyfile-and-basic-authentication/) ```   ##### Preliminary login code snippets 1. **Creat hashed passwords** `caddy hash-password` 2. **Define the array of users and hashed password** >(basic-auth) { > basicauth / { > user hashed-password > } >} 3. **Define the snippet to test whether the cookie is installed** >(proxy-auth) { >% if cookie not = some-token-nonsense > @no-auth { > not header_regexp mycookie Cookie myid=(regex-to-match-id) > } > > % store current time, page and redirect to auth route @no-auth { > header Set-Cookie "myreferer={scheme}://{host}{uri}; Domain=example.com; Path=/; Max-Age=30; HttpOnly; SameSite=Strict; Secure" > redir https://auth.example.com > } >}   ##### Intermediary authentication page After setting up a new subdomain/page and appropriate DNS records, define it as follows: >auth.example.com { route / { > % require authentication > import basic-auth > > % upon successful auth, set a client token > header Set-Cookie "myid=some-long-hopefully-random-string; Domain=example.com; Path=/; Max-Age=3600; HttpOnly; SameSite=Strict; Secure" > > % delete the referer cookie >header +Set-Cookie "myreferer=null; Domain=example.com; Path=/; Expires=Thu, 25 Sep 1971 12:00:00 GMT; HttpOnly; SameSite=Strict; Secure" > > % redirect back to the original site > redir {http.request.cookie.myreferer} } > > % fallback respond "Hi." }   ##### Adding authentication to a subdomain Simply add the following at the top of all declarations for sub-domain definitions: > import proxy-auth   ---   ### Basic commands A full repository of commands can be found [here](https://caddyserver.com/docs/)   #### Start/Stop/Restart `sudo systemctl start/stop/restart caddy`   #### Reload config Once config amended just run: `sudo systemctl reload caddy`