1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
a. System environment:
Ubuntu 22.04 on OCI (Oracle Cloud) VM, systemd:
Linux ejectum-server 5.15.0-1025-oracle #31-Ubuntu SMP Fri Nov 25 17:03:15 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
b. Command:
Caddy runs through systemd, i may do a "sudo systemctl reload caddy" between edits but that's pretty much it.
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
## 1. Serve ejectum.net
ejectum.net {
# Set this path to your site's directory.
root * /var/www/ejectum.net/static-site/v1
#Fetch the Certbot-managed Certificates
tls {
dns cloudflare --Blah--Blah-Blah--
resolvers 1.1.1.1
client_auth {
mode require_and_verify
trusted_ca_cert_file /var/lib/caddy/.local/share/caddy/certificates/authenticated_origin_pull_ca.pem
}
}
# Enable the static file server.
file_server
log {
level DEBUG
output file /var/log/caddy/ejectum.net-static.log {
roll_size 100MiB
roll_keep 5
roll_keep_for 720h
}
}
}
3. The problem I’m having:
Caddy noob here, I’m just an artist trying to setup a website, please be patient
I would like to hear your thoughts on using caddy to serve a simple static site and at the same time use Cloudlfare’s proxy. Ideally, I would like to use the caddy-generated /managed Letsencrypt certificates (in case I move away from Cloudlfare at some point).
I’ve been following the info attached on the link below.
-
Caddy, is using my cloudflare API key just fine, generates a certificate and when I bypass the cloudlfare proxy I get a straight “A” score in ssl tests. All fine and dandy here
-
If I enable Cloudflare’s proxy and Cloudflare’s SSL/TLS encryption mode is Full, i get a B score ssl tests.
-
If I enable Cloudflare’s proxy and Cloudflare’s SSL/TLS encryption mode is Strict, nothing works .
This will be just a personal website, nothing critical. I would like to hear your thoughts on what’s the best way to go about this.
4. Error messages and/or full log output:
Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.
5. What I already tried:
I have tried switching through all of the available Cloudflare SSL settings: Full, Full (strict)