I have a Caddyfile, that I convert to JSON and then use the JSON API end-point to make updates.
All I am need is for someone much more knowledgeable than me to quickly look over my Caddyfile and see if you can find anything that can be better. I would greatly appreciate it.
Two things I am missing, that I’d like are to be able to redirect HTTP to HTTPS, but without the Permanatly Moved (301) and to give Temporarily Moved (302). The second is setting up the on_demand_tls
end-point.
{
# This is pointing to Let's Encrypt Staging environment (for dev)
# https://letsencrypt.org/docs/staging-environment/
# This will allow you to get things right before issuing trusted
# certificates and reduce the chance of your running up against rate limits.
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
acme_ca https://acme-v02.api.letsencrypt.org/directory
# causes all certificates to be issued internally by default,
# rather than through a (public) ACME CA such as Let's Encrypt.
# This is useful in development environments.
# local_certs
# configure automatic HTTPS. It can either disable it entirely (off)
# or disable only HTTP-to-HTTPS redirects (disable_redirects).
# auto_https off
auto_https disable_redirects
email gal....64@gmail.com
debug
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
(SecurityHeaders) {
header_up Access-Control-Allow-Origin *
header_up Access-Control-Allow-Credentials true
header_up Access-Control-Allow-Headers Cache-Control,Content-Type
}
:80, :443 {
reverse_proxy jeff.xxxxxx.ca {
header_up Host {http.reverse_proxy.upstream.hostport}
}
tls {
on_demand
}
# serve photography folder
root /files/* /opt/ivt/photography
# Enable the static file server.
file_server
route /weather/* {
uri replace /weather /socket.io
reverse_proxy * localhost:3010 {
import SecurityHeaders
}
}
route /ptz/* {
uri replace /ptz /socket.io
reverse_proxy * localhost:3006 {
import SecurityHeaders
}
}
route /liveview/snapshotjson* {
uri replace /liveview/ /
reverse_proxy * localhost:3004 {
import SecurityHeaders
}
}
route /liveview/* {
uri replace /liveview /socket.io
reverse_proxy * localhost:3004 {
import SecurityHeaders
}
}
route /archive/* {
uri replace /archive /socket.io
reverse_proxy * localhost:3003 {
import SecurityHeaders
}
}
route /alarms/* {
uri replace /alarms /socket.io
reverse_proxy * localhost:3002 {
import SecurityHeaders
}
}
route /console_socket/* {
uri replace /console_socket /console/socket.io
reverse_proxy * localhost:3001 {
import SecurityHeaders
}
}
route /web_app_socket/* {
uri replace /web_app_socket /web/socket.io
reverse_proxy * localhost:3001 {
import SecurityHeaders
}
}
route /* {
reverse_proxy * localhost:3001 {
import SecurityHeaders
}
}
}