I haven’t found any docs on this particular situation. At this time, i put a list of valid domain names on a file which is then read by the mentioned PHP script which all it does is check “Is the name on the parameters on the domain file?” and return 200 if so, then forwards it to an Apache install that actually handles things. This is a very handy setup which i love (no more issues with certificates ever! All just works!), but now i’ve run into the issue of wanting a particular domain or possibly two to be only accessible from a whitelist of IPs since it will only be for our internal use.
Is this possible? “If domain is whatever.example.com, only forward it if it comes from these IPs, for anything else just go ahead if the ask script judges it OK”? Or will i have to set up a different machine for this?
FYI, the fury package repo is deprecated, we may remove it at some point.
I strongly recommend uninstalling it and removing the apt source, then reinstalling with our cloudsmith repo. You can find the instructions here:
There’s a couple ways you could do it. You could use a host matcher inside of your https:// site block, or you could define a separate site block for that site.
Note in the second option, I omitted on_demand from the other site, because it’s fine to let Caddy manage a cert for that domain up-front instead of waiting for a request to come in that matches that domain.