Beginner question: It sounds like, from this thread, that I can use Caddy to manage TLS certificates/handling for a MQTT server using the tls app. How do I specify which port handles this stuff? A reverse_proxy setup is pretty easy to understand, as the subdomain/port are right there in the JSON you stick in the Caddyfile. But for the MQTT over TLS example, I would need subdomain.server.com to map to port 8883 where MQTT is listening for TLS connections.
Again, I’m just starting with Caddy, so I may be misunderstanding something fundamental.
the idea proposed here is to only use Caddy to obtain certificates in the file system. Your other daemon, e.g. MQTT, would read the certificate (both public and private part) from the filesystem and use it to provide a TLS endpoint itself.
I think I spoke too soon with “too simple.” Where is the JSON config file? I know where the Caddy file is, but where do I add that JSON that matt has up top?
edit I think I figured it out. I change the service (/lib/systemd/system/caddy.service) to use any json file (for example, /etc/caddy/caddy.json) instead of Caddyfile. I copied the parsed JSON for my current Caddyfile (located at /var/lib/caddy/.config/caddy/autosave.json) into caddy.json and then added the bit that Matt posted up top.
Then “systemctl daemon-reload”
Then “systemctl restart caddy”
The TLS section is added to my caddy.json file.
Service is restarted.
When/How will the required certificates show up in ~/.local/share/caddy/certificates/ ?