Migrate to using a wildcard certificate

I’d just copy this line into your handle @udance as well.

Named matchers are ANDed together:

You can use the not matcher to essentially hack together a OR, kinda like this:

@phpmyadmin not {
    not expression `{phpmyadmin} == "yes"`
    not host udance.com.au

But that’s insane, don’t do it :joy:

Works like this basically:

>>> !(!true && !true)
=> true
>>> !(!true && !false)
=> true
>>> !(!false && !true)
=> true
>>> !(!false && !false)
=> false

Which as you can see is the same results as:

>>> true || true
=> true
>>> true || false
=> true
>>> false || true
=> true
>>> false || false
=> false

…and yet this appeared to be ORed (that’s what kinda threw me)?

Are you trying to do my head in? That’s like saying ‘Two wrongs don’t make a right, but three lefts do make a right’, which it does. Try it!

Unfortunately, that didn’t work. The map default switch takes precedence.

Unless I use map default to point to the domain udance.com.au, I realised, trying to implement the structure below can become quite complicated, resulting in a block that more difficult to follow and consequently more difficult to debug.

*.udance.com.au udance.com.au {

By keeping the domain+www and the subdomains in separate blocks, the complications and resulting issues can be avoided. If I accept that using map default to point to the domain is not best practice, the solution, for me, becomes:

udance.com.au www.udance.com.au {

  encode gzip
  import tlsdns
  import logging udance
  import authproxy /phpmyadmin*

  reverse_proxy /tautulli*
  reverse_proxy /transmission*

*.udance.com.au {

  encode gzip
  import tlsdns
  import logging udance-wild

  map {labels.3} {upstream} {phpmyadmin} {


    # Docker containers

    office       no       # OnlyOffice
    portainer     no       # Portainer
    truecommand     no       # TrueCommand
    tc123     no       # TrueCommand v1.2.3
    nc-fpm     no       # Nextcloud+Caddy
    wordpress     no       # WordPress
    nc-apache     no       # Nextcloud+Apache
    collabora     no       # Collabora

    # Jails

    rslsync     no       # Resilio Sync
    cloud       no       # Nextcloud
    heimdall       no       # Heimdall
    blog       yes      # blog.udance.com.au
    test       yes      # test.udance.com.au
    basil       yes      # basil.udance.com.au
    sachika       yes      # sachika.udance.com.au
    default      unknown            no       # subdomain does not exist

# Error handling

  @unknown expression `{upstream} == "unknown"`
  handle @unknown {
    respond "Denied" 403

# Authenticate phpMyAdmin on production WordPress sites

  @phpmyadmin expression `{phpmyadmin} == "yes"`
  handle @phpmyadmin {
    import authproxy /phpmyadmin*

# Using the Nextcloud+Apache Docker image with Caddy.

  @nc-apache host nc-apache.udance.com.au
  handle @nc-apache {
    redir /.well-known/carddav /remote.php/carddav 301
    redir /.well-known/caldav /remote.php/caldav 301

  reverse_proxy {upstream}
1 Like

Matchers of the same type are ORed together. The Caddyfile adapter merges them together if possible. But it’s complicated. The docs should be pretty clear about how each matcher behaves. In the named matcher section, it mentions:

Multiple matchers of the same type may be combined (e.g. multiple path matchers in the same set) using boolean algebra (AND/OR), as described in their respective sections below.

And the host matcher says:

Multiple host matchers will be OR’ed together.

I agree that’s much better :grin:

1 Like

A post was split to a new topic: Map for wildcard domain

This topic was automatically closed after 30 days. New replies are no longer allowed.