1. Output of caddy version:
v2.6.1
2. How I run Caddy:
I run caddy on an an Oracle Ampere instane under systemctl
a. System environment:
Ubunutu 22.04 ARM64
b. Command:
systemctl start caddy
c. Service/unit/compose file:
Not using docker
d. My complete Caddy config:
# Main WordPress Site
www.andy-milne.com {
root * /var/www/andymilne
php_fastcgi unix//run/php/php8.1-fpm.sock
file_server
encode zstd gzip
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
}
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
rewrite @disallowed '/index.php'
@denied_folders path /wp-admin/*
@denied not remote_ip my_static_IP
abort @denied
}
3. The problem I’m having:
I am trying to allow access to Log In ‹ Andy Milne — WordPress only from my static IP. I have tried various combinations of denied_folders and not remote_ip but I havn’t found a way to combine both. I can block all access to /wp-admin/ easily and alternately I can deny access to any IP that is not my static IP but not how to combine both. Putting both parameters on the same line produced a systemctl start error. I am guessing it is the formating and layout so any help would be great thanks assuming you can combine parameters.
4. Error messages and/or full log output:
No error message, just a way to combine both commands as 1 and 2.
5. What I already tried:
Various combinations but I am new to writing Caddy configs so I could flail around for days. I did read the documenation and did many earches but can’t find a way to combine these two parameters.
6. Links to relevant resources:
None.