1. Caddy version (caddy version
):
v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=
2. How I run Caddy:
- On a Digital Ocean droplet
- Caddy is built with cloudflare_dns and certmagic using xcaddy
- I use the Admin API for config and not a manual Caddyfile
a. System environment:
Ubuntu 18.04.4
b. Command:
caddy start
c. Service/unit/compose file:
paste full file contents here
d. My complete Caddyfile or JSON config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"https://velosity.site{http.request.uri}"
]
},
"status_code": 302
}
]
}
]
}
],
"match": [
{
"host": []
}
],
"terminal": true
},
{
"match": [
{
"host": [
"root",
"*"
]
},
{
"path": [
"/var/www/html"
]
}
],
"terminal": true
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "vars",
"root": "/var/www/html"
}
]
},
{
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"{http.request.uri.path}/"
]
},
"status_code": 308
}
],
"match": [
{
"file": {
"try_files": [
"{http.request.uri.path}/index.php"
]
},
"not": [
{
"path": [
"*/"
]
}
]
}
]
},
{
"handle": [
{
"handler": "rewrite",
"uri": "{http.matchers.file.relative}"
}
],
"match": [
{
"file": {
"split_path": [
".php"
],
"try_files": [
"{http.request.uri.path}",
"{http.request.uri.path}/index.php",
"index.php"
]
}
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "fastcgi",
"split_path": [
".php"
]
},
"upstreams": [
{
"dial": "unix//run/php/php7.2-fpm.sock"
}
]
}
],
"match": [
{
"path": [
"*.php"
]
}
]
},
{
"handle": [
{
"handler": "file_server",
"hide": [
"/etc/caddy/Caddyfile"
]
}
]
}
]
}
],
"match": [
{
"host": [
"rasmuslian.website",
"velosity.site",
"*.velosity.site"
]
}
],
"terminal": true
}
],
"tls_connection_policies": [
{}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"issuer": {
"challenges": {
"dns": {
"provider": {
"api_token": <token>
"name": "cloudflare"
}
}
},
"module": "acme"
},
"subjects": [
"velosity.site",
"*.velosity.site"
]
},
{
"issuer": {
"module": "internal"
},
"subjects": [
"*"
]
}
]
},
"certificates": {
"automate": [
"root",
"*"
]
}
}
}
}
3. The problem I’m having:
Hi, I recently started using Caddy for my server because I’m trying to create a web app that can (among many things) have the ability to add hosts to my config file. In other words, I want the users of my web app to be able to add their domain to my host config.
I have got the Admin API to work in the CLI for my server, but now I want to make it work remotely. My idea was to call the Admin API from a Firebase Cloud Function. The problem is I have a really hard time figuring out how I can do this, and also making the Admin API endpoint protected somehow.
In short my goal is to:
- Make Admin API available remotely
- Protect Admin API from unauthorized access (token, user&pass, etc)
4. Error messages and/or full log output:
No errors, haven’t gotten a working solution
5. What I already tried:
I was about to try this solution ( Access Caddy server API from remote http ), but was very unsure of how I could “have some kind of authentication or firewall limiting access to only you” and still let users via my web app add their domain to my host in Caddy.