1. Caddy version (caddy version
):
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
2. How I run Caddy:
a. System environment:
Ubuntu 18.04 LTS
b. Command:
nohup caddy run --resume > /dev/null 2>&1 &
d. My complete Caddyfile or JSON config:
beta1.tripkindle.com
root * /home/tripkindle
encode gzip zstd
try_files {uri} {uri}/ /index.html
file_server
3. The problem I’m having:
My use case for Caddy is that I will be serving an Angular Single Page Application which is white-labelled based on the domain that is pointing to the Caddy server. The white-labelling logic lives inside the Angular app.
There will be a signup form where I will be collecting custom domains that will be pointing to this Caddy Server which can grow with time. Currently, I have a Node.js API living on Heroku that SSHs into the Ubuntu machine running the Caddy server → gets the current caddy config with curl "http://localhost:2019/config/"
→ checks if new domains to be added aren’t already in the hosts array → performs the following command to update it’s config (where domainsToAdd is for example ["beta2.tripkindle.com", "beta3.tripkindle.com"]
):
curl -X POST -H "Content-Type: application/json" -d '${domainsToAdd}' "http://localhost:2019/config/apps/http/servers/srv0/routes/0/match/0/host/..."
This adds the domains known by Caddy and provisions an SSL for the new domains successfully.
Although it’s working fine, I want to confirm some points:
-
Is this solution scalable? How many domains can be added to the host array? (Possibly a maximum value?)
-
How can I be sure of certificate renewals?
-
Is the weekly certificate rate limit increased to 50 for Caddy as per Rate Limits - Let's Encrypt?
-
How can I make use of wildcard domain names for certificates? I tried using *.tripkindle.com at the first line of my Caddyfile but that does not work while specifying the complete domain name works.
-
I read that Automatic HTTPS — Caddy Documentation could be useful for my use case since I won’t need to specify domain names but based on the increased handshake time and probable future deprecation I am not keen on using it. Is there any other way to make my use case easier?
-
How can I revert to running the last JSON config. I am aware that
caddy run --resume
loads it when starting up Caddy but how can I rollback to the previous running config while it’s running? -
How can I utilise the log rolling for all access? I tried adding
logs: {}
to the JSON config after loading my initial Caddyfile but it only takes into account beta1.tripkindle.com mentioned in the Caddyfile for the logs and not the dynamically added domains. -
Are there any sane defaults for security and caching/performance when serving the SPA that are applied or if not what should I be reading about most?
-
I have also implemented an endpoint to delete a domain from the hosts array with
curl -X DELETE "http://localhost:2019/config/apps/http/servers/srv0/routes/0/match/0/host/${indexToDelete}"
. Is there a way to delete multiple hosts at once. I tried PATCH and it works but needs to replace the complete hosts array so I was seeking for an alternative. -
What happens if a domain is deleted from the hosts array? Is the certificate renewal stopped?
-
Is there a way to convert Caddy JSON config to Caddyfile?
I also wanted to add that it has been an absolute breeze working with Caddy 2 and given it’s young age, the documentation is wonderful!
Thank you Matt and everyone else involved!