I found a simple guide.
wget https://go.dev/dl/go1.21.0.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.21.0.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
go version
go version go1.21.0 linux/amd64
According to the previously sent instructions, I also created systemd scripts and run caddy as a systemd service. Everything seems to be working fine including the wildcard certificates.
However, I have a few questions.
For now, I’m testing caddy as a reverse proxy for one domain.
Question no. 1
My caddyfile looks like this
example.com {
redir https://www.example.com{uri}
}
www.example.com {
tls {
dns cloudflare ***************************************************
}
reverse_proxy 192.168.20.11:80
}
*.example.com {
tls {
dns cloudflare ***************************************************
}
reverse_proxy 192.168.20.11:80
}
I want to implement hhtp headers in the configuration as well, and I found out that I have to do it in every block.
example.com {
redir https://www.example.com{uri}
header /* {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Content-Security-Policy "upgrade-insecure-requests"
Referrer-Policy "strict-origin-when-cross-origin"
Cache-Control "public, max-age=15, must-revalidate"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geo>
Server "No."
}
}
www.example.com {
tls {
dns cloudflare ***************************************************
}
reverse_proxy 192.168.20.11:80
header /* {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Content-Security-Policy "upgrade-insecure-requests"
Referrer-Policy "strict-origin-when-cross-origin"
Cache-Control "public, max-age=15, must-revalidate"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geo>
Server "No."
}
}
*.example.com {
tls {
dns cloudflare ***************************************************
}
reverse_proxy 192.168.20.11:80
header /* {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Content-Security-Policy "upgrade-insecure-requests"
Referrer-Policy "strict-origin-when-cross-origin"
Cache-Control "public, max-age=15, must-revalidate"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geo>
Server "No."
}
}
Is it possible to do it globally?
Question no. 2
I will add more domains to caddyfile. Do I always have to use 1 caddyfile, or can I place domains in multiple config files?
In nginx, I had a separate configfile for each domain.
Question no. 3
If I want to update the caddy, is it enough to run this command?
xcaddy build --with github.com/caddy-dns/cloudflare
Question no. 4
How do I proceed if I want to build a caddy with more modules?
Edit: solved
Thank you very much