Caddyfile Feedback and Questions

I am still very new to Caddy. I have my new server all setup and working with a simple sample site. While everything is working, I was hoping to get some feedback on my Caddyfile setup. I am sure that you all are much more proficient at this than I am.

I created a bunch of reusable snippets that I could use with any domain hosted on the server. I also externalized that configs for each domain so that its easy to manage each website config.

Here is my Caddyfile:

{
	email {env.EMAIL}
	acme_dns cloudflare {env.CLOUDFLARE_CHALLENGE}
	order git before respond
	git {
		repo aspecthq.com {
			base_dir /var/www/aspecthq.com
			url git@github.com:joeworkman/aspecthq.com.git
			branch master
 			auth key /var/www/ssh/id_ed25519 no_strict_host_key_check
		}
	}
}
#----------------
# Snippets
#----------------
(logroll) {
        roll_size 3MiB
        roll_keep 5
        roll_keep_for 48h
}
(errors-rewrite) {
        rewrite * /404.html
        file_server
}
(errors-basic) {
        handle_errors {
                respond "{http.error.status_code} {http.error.status_text}"
                header {
                        Content-Type "text/plain; charset=utf-8"
                }
        }
}
(webhook) {
        @webhook {
                method POST
                path /update
        }
}
(php81) {
        @php {
                path *.php
        }
        route @php {
                php_fastcgi unix//run/php/php8.1-fpm.sock
        }
        encode gzip zstd
        file_server
        push
}
(www-redirect) {
        redir https://www.{host}{uri}
}
#----------------
# Import Sites
#----------------
import /etc/caddy/aspecthq.com.caddy

Caddy file for site config (aspecthq.com.caddy imported above)

aspecthq.com {
        import www-redirect
}
www.aspecthq.com {
        import errors-basic
        log {
                output file /var/log/caddy/aspecthq.com.access.log {
                        import logroll
                }
        }
        import webhook
        route @webhook {
                git update repo aspecthq.com
        }
	root * /var/www/aspecthq.com/aspecthq.com
        import php81
}

I would love it if there was some way to get the git repo configs into my site specific config file. I could not think of a way to do this though.

I added a route specifically for php files so that only they get sent to php_fastcgi. Does this makes sense to do this? My thinking was why send everything when I know only php requests should go there.

One possible way is to make a separate file for the git repo for each site. Maybe something like this:

{
	git {
		import /etc/caddy/*.caddy.git
	}
}

And then in aspecthq.com.caddy.git file, put this:

		repo aspecthq.com {
			base_dir /var/www/aspecthq.com
			url git@github.com:joeworkman/aspecthq.com.git
			branch master
			auth key /var/www/ssh/id_ed25519 no_strict_host_key_check
		}

No way to put it both in the same file though.

Well, most modern PHP apps (including frameworks like Laravel, Symfony, etc) want all requests to unknown files (files not found in the filesystem) to go to the index.php so it has a chance to route the request. Like for a path like /api/foobar, the request would get rewritten to index.php and then use its own routing rules, say to map to the ApiController's foobar method. Or whatever.

If that’s not how you do things, then that’s fine I guess. But you can simplify the config:

	@php path *.php
	php_fastcgi @php unix//run/php/php8.1-fpm.sock

Also you don’t need to wrap git in a route because you already gave it an order with the global option:

	git @webhook update repo aspecthq.com
2 Likes

Thank you. I was thinking about creating files for each git config. I love that you import them all with an asterisk though. That is awesome!

Good points on the PHP frameworks. I will keep that in mind for those style of apps that you have. I do have many websites that just use straight PHP pages though.

The caddy-git plugin does not yet support the inline matcher. I have filed a feature request for @greenpau for that.

This topic was automatically closed after 30 days. New replies are no longer allowed.