ducoterra
5184c84d50
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 33s
2.2 KiB
2.2 KiB
Caddy Reverse Proxy
Install Caddy
Ansible
You'll need a secrets/Caddyfile with your caddy config.
secrets/Caddyfile example:
https://something.reeseapps.com:443 {
reverse_proxy internal.reeselink.com:8000
}
https://something-else.reeseapps.com:443 {
reverse_proxy internal-other.reeselink.com:8080
}
The playbook limits the installer to hosts: caddy so make sure you have a caddy
host in your inventory.
Now you can install the Caddy service with something like:
ansible-playbook \
-i ansible/inventory.yaml \
active/podman_caddy/install_caddy.yaml
See ansible playbook install_caddy.yaml
Manual
As root
mkdir /etc/caddy
vim /etc/caddy/Caddyfile
Caddy will automatically provision certificates if the server DNS points to the correct IP
and is accessible on the ports specifified. All you need to do is put https in the caddy conf.
Example:
# Gitea
https://gitea.reeseapps.com:443 {
reverse_proxy podman.reeselink.com:3000
}
# Jellyfin
https://jellyfin.reeseapps.com:443 {
reverse_proxy podman.reeselink.com:8096
}
vim /etc/containers/systemd/caddy.container
[Unit]
Description=Caddy
[Container]
AddCapability=NET_ADMIN
ContainerName=caddy
Image=docker.io/caddy:2
Network=host
SecurityLabelDisable=true
Volume=/etc/caddy:/etc/caddy
Volume=caddy_data:/data
Volume=caddy_config:/config
[Service]
Restart=always
[Install]
WantedBy=default.target
systemctl daemon-reload
systemctl restart caddy
Adding a new Caddy Record
Before you can create a Caddyfile you need records that point to your server.
You can either create them manually in your DNS provider of choice or use the provided ddns service:
- Update the ddns caddy records
- (Optional) Update the Caddyfile at
active/podman_caddy/secrets/Caddyfile - Run the caddy ansible playbook