I am wanting to make accessing all my web portals easier by not having to remember every different port for every different service. For example instead of remembering unifi.dom.tld:8443 I’d like to just go to unifi.dom.tld. Is Caddy the right service for this job?
Also, I have my own external wildcard cert so most of my services are already secured with that. Will this help or hinder me?
the wildcard cert is an externally signed card from COMODO I think. I might just try out the cert feature of Caddy and see, just sucks that I might have wasted that money on a wildcard cert.
Caddy can help with this, but you have to configure your network correctly first. Are you running this at home or on a publicly-facing server?
You can continue to use that if you want, but you have to keep it renewed (and reload Caddy each time you renew it) and set up HTTP->HTTPS redirects by yourself, etc. If you let Caddy manage it for you, then it’s all automatic.
You’ll need to make a file called Caddyfile and then put your sites in it, as shown by others above.
If you use your own certificate, you’ll use the tls directive in the Caddyfile (as shown you) to tell Caddy where to load it from. If you want Caddy to manage free wildcard certificates for you, you will have to use the tls directive a little differently to enable the DNS challenge. It’s easy though:
tls {
dns providername
}
replacing “providername” with your DNS provider name from the second column of this table. Then just set the necessary environment variables with your credentials and you’re good to go!
All of my webservices are internal only. The only public service I have is my Hassio server. Which is another reason I was wanting to use my external wildcard cert so I dont have to move ports in my firewall.
I have my Caddyfile set, but I’m honestly not sure it is working correctly. I am trying to use the docker image but am wondering if I should just spin up a dedicated Ubuntu VM until I know what I’m doing.
Hmm; well I’m not a Docker user so I can’t help you there, but let’s start back at square 1. What parts of the setup do you need help understanding? Go ahead and list out all the questions.
Unless you are pointing caddy at a local dns server or you have a host record setup for your domain youll have to specify the machine’s ip that your service is running on.
Same thing. ERR_EMPTY_RESPONSE
Should I see anything else when I run the ‘caddy’ command?
This is all I see
ADMIN@SRV-Caddy:~$ caddy
Activating privacy features... done.
http://:2015
WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with "ulimit -n 8192".
Try running Caddy with -log stderr to get a process log that writes to your terminal. You can also add the errors directive to your Caddyfile to get request-based errors written to a log.
This is all I get when running ‘caddy -log stderr’
Activating privacy features... done.
http://:2015
2018/06/21 15:50:32 http://:2015
WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with "ulimit -n 8192".
Probably unnecessary, Docker only has a few quirks to keep in mind. Mind sharing your Docker configuration for this project? I run Caddy in Docker and might be able to provide some pointers there.
Yes, ideally it should print http://test-hassio in the place where http://:2015 is currently showing. You’ll need to reference the Caddyfile you’ve written when you run Caddy - either by using the -conf /path/to/Caddyfile flag, or by having the Caddyfile present in the directory when you issue the caddy command.