My caddy.services
[Unit]
Description=Caddy HTTP/2 web server
;Documentation=Welcome — Caddy Documentation
After=rpc-statd.service
Wants=rpc-statd.service[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5; User and group the process will run as.
User=caddy
Group=caddy; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy; Always set “-root” to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/bin/caddy -log stdout -agree=true -log=/var/log/caddy/caddy.log -conf=/etc/caddy/caddy.conf -root=/var/tmp
;ExecStart=/usr/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID; Limit the number of file descriptors; see
man systemd.execfor more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=64; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWriteDirectories=/etc/ssl/caddy; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=trueSyslogIdentifier=caddy
StandardOutput=syslog[Install]
WantedBy=multi-user.target
My /etc/caddy/caddy.conf
:80 {
tls off
timeouts 5m#--------------------------------------------- #[LIST OF PORTS] #--------------------------------------------- # # #"ReserveListOfPorts":"50001->50099", #"LOCALHOST": "50001", #"MAO-MD-CHI": "50002", #"MAO-TN-JEN": "50003", #"MAO-BG-KAR": "50004", #"MAO-BG-MEZ": "50005", #"MAO-MA-TAN": "50006", #"MAO-RO-TGJ": "50007", #"MAO-RO-CAR": "50008", #"MAO-SK-NIT": "50009", #"MAO-UA-TER": "50010", #"MAO-UA-CHE": "50011", #"MAO-UA-KHM": "50012", #"MAO-UA-CHO": "50013" # #--------------------------------------------- #[API CONTROLLER] #--------------------------------------------- proxy /CHE localhost:50011 { without /CHE } proxy /CHE-TEST localhost:60011 { without /CHE-TEST } proxy /KHM localhost:50012 { without /KHM } proxy /CHO localhost:50013 { without /CHO } proxy /CHO-TEST localhost:60013 { without /CHO-TEST } #--------------------------------------------- #[API SWAGGER] #--------------------------------------------- redir /swaggerCHE http://{host}:50011/swagger redir /swaggerCHE-TEST http://{host}:60011/swagger redir /swaggerKHM http://{host}:50012/swagger redir /swaggerCHO http://{host}:50013/swagger redir /swaggerCHO-TEST http://{host}:60013/swagger #--------------------------------------------- #[API KPI] #--------------------------------------------- #//Measurement API proxy /PERFORMANCE localhost:2090 { without /PERFORMANCE } ##proxy /performance 10.130.30.187:2090 { ## without /performance ##} #--------------------------------------------- #[CADDY LOG DEBUG] #--------------------------------------------- log /var/log/caddy/default.log { rotate_size 50 # Rotate after 50 MB rotate_age 3 # Keep rotated files for 3 days rotate_keep 20 # Keep at most 20 log files rotate_compress # Compress rotated log files in gzip format }}
:80/releases/ {
root /data/apps/mao-softvare-release/
browse
}#:80/acpw/ {
root /data/apps/acpw/
browse
#}
:80/maolog/ {
root /var/ftp/mao/
browse
}