Good/bad practices with my Caddyfile

1. The problem I’m having:

I have the following Caddyfile and i’d like to know if it’s good/bad to use snippets like this and if there’s anything i can improve in terms of security :slight_smile:

It all generally works like i want it to, so i’ve removed most of the template.

d. My complete Caddy config:

{
        email mail@mail.mail
}

(public) {
        @{args[0]}-host host {args[0]}.mytotallyrealdomain.com
        handle @{args[0]}-host {
                reverse_proxy {args[1]}
        }
}

(private) {
        @{args[0]}-host host {args[0]}.mytotallyrealdomain.com
        handle @{args[0]}-host {
                reverse_proxy {args[1]}
                @{args[0]}-denied not remote_ip private_ranges
                abort @{args[0]}-denied
        }
}

*.mytotallyrealdomain.com, mytotallyrealdomain.com

tls {
        dns cloudflare token123
}

import public foo 192.168.0.2:1234
# ... many more of these lines

import private bar 192.168.0.2:5678
# ... many more of these lines too

@home host mytotallyrealdomain.com
handle @home {
        header Content-Type text/html
        respond <<HTML
        <html>
        <p>some custom html :)</p>
        </html>
        HTML 200
}

handle {
        abort
}

Looks fine to me.

If it were me, I’d always use braces around the entire site block, to make it easier if you want to add another (different) domain in there. It also just visually separates the domain from the handling more clearly. (IMO allowing no braces was a mistake because it causes some ambiguity, but whatever, we need to live with it for now).

Also, you don’t have to use quotes around your {args[0]} placeholders. It’s not like bash where quoting is important for variables, it makes no difference here unless you have spaces in the token you want to use.

1 Like

Yeah i also eventually tried without quotes and it works. So like the documentation says, only whitespaces need quotes.
Thank you for your feedback :slight_smile:

I’ve updated my original post with the quotes removed and the public/private snippet thing fixed.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.