#caddy — Public Fediverse posts

Single binary php server built on top of #caddy, now i can try out apps written in php for self hosting. @itz_mr_evil will be excited by this

https://frankenphp.dev/

Enabled HSTS with includeSubDomains and preload.

The cost is real and one-way: every current and future subdomain must serve HTTPS or become unreachable. Removal from the preload list is in browser-release hands, not yours.

Accepted because the site is HTTPS-only by intent and Caddy provisions certs for every subdomain automatically via Let's Encrypt.

#HSTS #WebSecurity #Caddy #SelfHosting

Small #psa: #caddy has a #journald friendly log format now 🥳

https://github.com/caddyserver/caddy/pull/7623

#caddyserver

Matthew Holt released #Caddy version 2.11.3. https://caddyserver.com/

Skipped Permissions-Policy on the static site.

It disables browser APIs (camera, mic, geolocation) the site doesn't use. Disabling something you're not using doesn't protect you from anything.

Embedding YouTube with fullscreen would also mean carving exceptions back in. More config for zero gain.

The scanner score drops one notch. The site is no less safe.

#WebSecurity #Caddy #StaticSite

OK my StyloBot hours begin (after my two contracts).
Today is getting the new SideCar mode in shape for the draft article.
This is what lets Node, Caddy etc...work with it in high performance modes. So .NET service running over gRPC in 1-2ms for a bot decision.

SO also building a small SDK with Typescript (client and server) & Go (Caddy) implementations. And it has a neat 'template' mode which accepts liquid templates and renders HTML controls allowing a hybrid rendering mode.

Makes it really useful beyond .net (so the behavioural UX idea from ASp.NET works everywhere https://www.mostlylucid.net/blog/behaviour-aware-ux.

#stylobot #dotnet #caddy #frauddetection

OK my StyloBot hours begin (after my two contracts).
Today is getting the new SideCar mode in shape for the draft article.
This is what lets Node, Caddy etc...work with it in high performance modes. So .NET service running over gRPC in 1-2ms for a bot decision.

SO also building a small SDK with Typescript (client and server) & Go (Caddy) implementations. And it has a neat 'template' mode which accepts liquid templates and renders HTML controls allowing a hybrid rendering mode.

Makes it really useful beyond .net (so the behavioural UX idea from ASp.NET works everywhere https://www.mostlylucid.net/blog/behaviour-aware-ux.

#stylobot #dotnet #caddy #frauddetection

OK my StyloBot hours begin (after my two contracts).
Today is getting the new SideCar mode in shape for the draft article.
This is what lets Node, Caddy etc...work with it in high performance modes. So .NET service running over gRPC in 1-2ms for a bot decision.

SO also building a small SDK with Typescript (client and server) & Go (Caddy) implementations. And it has a neat 'template' mode which accepts liquid templates and renders HTML controls allowing a hybrid rendering mode.

Makes it really useful beyond .net (so the behavioural UX idea from ASp.NET works everywhere https://www.mostlylucid.net/blog/behaviour-aware-ux.

#stylobot #dotnet #caddy #frauddetection

OK my StyloBot hours begin (after my two contracts).
Today is getting the new SideCar mode in shape for the draft article.
This is what lets Node, Caddy etc...work with it in high performance modes. So .NET service running over gRPC in 1-2ms for a bot decision.

SO also building a small SDK with Typescript (client and server) & Go (Caddy) implementations. And it has a neat 'template' mode which accepts liquid templates and renders HTML controls allowing a hybrid rendering mode.

Makes it really useful beyond .net (so the behavioural UX idea from ASp.NET works everywhere https://www.mostlylucid.net/blog/behaviour-aware-ux.

#stylobot #dotnet #caddy #frauddetection

Most cache misconfiguration is not carelessness, it's a missing handshake.

Your build encodes assumptions: hashed filenames mean the URL changes whenever the content changes. The web server has to know that, or the assumption stays unused.

If the config doesn't reflect what the build produces, the framework's work gets quietly undone at the last layer of the chain.

#WebPerf #Caching #StaticSite #Astro #Caddy

I have a much better autocert.HostPolicy for #Henhouse coming in. We'll be able to check the DNS records of the custom domain to ensure it's resolving to the correct IP before signaling to Caddy to provision a cert from Let's Encrypt.

#Henhouse #TLS #StaticHosting #Caddy #LetsEncrypt #GoLang

Your site loads. From the outside it works. But: do returning visitors re-download everything on every click? Can the connection be downgraded from HTTPS to HTTP on public WiFi? Does your homepage count as one site in Google's eyes, or two?

For most static sites: no, yes, and yes. The web server config is the last layer most setups never touch.

#Astro #Caddy #WebPerf #SelfHosting #StaticSite

https://www.fogolf.com/1246714/th-caddy-putt-challenge-golf-golfswing-caddy-royalcreek-udonthani-thailand-issan-travel/ Th Caddy Putt Challenge! #golf #golfswing #caddy #royalcreek #udonthani #thailand #issan #travel #caddy #Challenge #Golf #GolfBellaVideos #GolfBellaVlog #GolfBellaYouTube #GolfBelle #golfswing #issan #putt #royalcreek #thailand #travel #udonthani

Lapor engkong @kongtol dan koh @semurjengkol ...

#GoToSocial :gotosocial: sama #misskey :misskey: gua lewatin #caddy biar bisa access log nya seragam di #loki. Tadinya sih mau sekalian biar bisa #http3 dari cf ke origin, tapi ternyata #cloudflared cuma support http3 dari browser ke edge doang, bukan dari edge ke origin. Tapi lumayan lah bisa http2 dari edge ke origin.

Caching juga dah gua atur di #cloudflare biar access media di #s3 full-caching.

Lapor engkong @kongtol dan koh @semurjengkol ...

#GoToSocial :gotosocial: sama #misskey :misskey: gua lewatin #caddy biar bisa access log nya seragam di #loki. Tadinya sih mau sekalian biar bisa #http3 dari cf ke origin, tapi ternyata #cloudflared cuma support http3 dari browser ke edge doang, bukan dari edge ke origin. Tapi lumayan lah bisa http2 dari edge ke origin.

Caching juga dah gua atur di #cloudflare biar access media di #s3 full-caching.

Lapor engkong @kongtol dan koh @semurjengkol ...

#GoToSocial :gotosocial: sama #misskey :misskey: gua lewatin #caddy biar bisa access log nya seragam di #loki. Tadinya sih mau sekalian biar bisa #http3 dari cf ke origin, tapi ternyata #cloudflared cuma support http3 dari browser ke edge doang, bukan dari edge ke origin. Tapi lumayan lah bisa http2 dari edge ke origin.

Caching juga dah gua atur di #cloudflare biar access media di #s3 full-caching.

Lapor engkong @kongtol dan koh @semurjengkol ...

#GoToSocial :gotosocial: sama #misskey :misskey: gua lewatin #caddy biar bisa access log nya seragam di #loki. Tadinya sih mau sekalian biar bisa #http3 dari cf ke origin, tapi ternyata #cloudflared cuma support http3 dari browser ke edge doang, bukan dari edge ke origin. Tapi lumayan lah bisa http2 dari edge ke origin.

Caching juga dah gua atur di #cloudflare biar access media di #s3 full-caching.

Красивые страницы ошибок HTTP сервера

Однажды я был маленьким и любил специально искать запрещенку то, что обычные юзвери не должны увидеть никогда - страницы ошибок, забытые файлики в проде, пасхалки в коде. Потом время как-то незаметно ускорилось, за забытыми файликами в прод билде приходится уже самому приглядывать, но уже с “той стороны” (а это уже совсем не то удовольствие), пасхалки в коде сам раскладываешь чаще чем находишь - ну, такое. Но вот тайная любовь к страницам ошибок не угасла со временем. Если у тебя тоже, %USERNAME%, что-то внутри начинает грустить, глядя на белый экран с текстом “Not Found.*Nginx”, то знай - ты не один. Сейчас мы разберём, как прикрутить к ним весёлые обои, от простого до Kubernetes.

https://habr.com/ru/articles/1031834/

#errorpages #404 #docker #nginx #caddy #психушка #приветшеповалову

A Caddy Cert Expired Because systemd-resolved Was Selectively Broken

https://rant.mvh.dev/a-caddy-cert-expired-because-systemd-resolved-was-selectively-broken/

#selfhosted #selfhosting #caddy #tls #matrix #dns

Resolved the OG card split.

Four platforms showed the card. X and Mastodon showed a bare link. Same HTML, same image.

Root cause: Caddy v2.10.2 bug. The `precompressed` directive returned HTTP 206 instead of 200. Mastodon's fetch service checks for exactly 200 (`res.code == 200 && res.mime_type == "text/html"`). X does the same. Most crawlers accept any 2xx.

Fix: upgrade to v2.11.2. No config changes.

#webdev #caddy #selfhosted

#BurgeonLab #WeekNotes 024 is out (late)!
2026: Week 16/52 (Apr 13 – Apr 19)

➡️ https://burgeonlab.com/weeknotes/2026/w16/

Huge personal win from a #homenetworking / #selfhosting newbie! 🥳 I got #Indiekit running on my Pi now with #Docker, #Caddy and #Tailscale. And some notes about general site updates and the usual link roundup!

This is post 32 of #100DaysToOffload
📈 https://burgeonlab.com/tags/100daystooffload/

#blogging #blogs #smallweb #indieweb #weeknote #personalBlog #weeklynote #linkdump #blog #homelab #raspberryPi

Heh, my personal infrastructure has grown yet again... Caddy as webserver (with HTTP/1.1, HTTP/2 and HTTP/3), this GoToSocial instance, VaultWarden, Stalwart for mail, calendar and contacts and now eJabberd for instant messaging. GoToSocial, Stalwart and eJabberd all are tied into Postgresql for their databases. All nicely running on a Hetzner CCX13 instance with room to spare. Maybe an NTFY server next? #SelfHosted #Caddy #GoToSocial #VaultWarden #Stalwart #eJabberd #Postgresql #DataPrivacy #DataSovereignty

Just how I wanted to spend my Saturday night.. Fighting fucking AI crawlers again that have taken down the instant messaging freedom code hosting yet again...

If anyone has any good defenses via #caddy config or whatever, please reach out!

Seriously #FuckAI

NaïveProxy в sing-box (альтернатива VLESS)

Читая статьи про прокси, можно подумать, что VLESS с XHTTP — это чуть ли не единственный рабочий протокол проксирования в условиях блокировок. На самом деле существуют не менее современные альтернативы. Сегодня я расскажу о протоколе Naive , его особенностях, а также о настройке клиента и сервера с использованием sing-box и Caddy .

https://habr.com/ru/articles/1024990/

#singbox #naive #caddy #прокси

A quick explanation of the protections I integrated into all my Caddy vhosts to prevent AI scraping:

https://divisionbyzero.net/notes/2026-04-17/

#fuck_ai #fuck_with_ai #caddy

(i’m replacing #traefik with #caddy for my public and internal reverse proxy)

There is a package for #Caddy reverse proxy for obtaining certificates using DNS challenge through #Hetzner's new Cloud API.

https://github.com/caddy-dns/hetzner

#homelab #reverseproxy #selfhosted #selfhosting #selfhost #ssl

Today I switched from #nginx to #caddy

I have a domain at simply.com with a few services running on a server at home.

Previously I used Caddy with subdomains registered with my hosting provider's DNS panel, and ports 80 and 443 opened to the public internet. Anybody could access my services from the outside.

I've now changed to using WireGuard and a custom build of Caddy with a wildcard certificate for my domain. Pi-hole handles DNS for subdomains, e.g. cloud.example.com for Nextcloud.

I'm using podman system quadlets for Pi-hole and Caddy (both use privileged ports), and podman secrets for sensitive data.

In /etc/containers/systemd/caddy, I have 3 files:

Containerfile
--------------------
FROM docker.io/caddy:builder AS builder

RUN xcaddy build --with github.com/caddy-dns/simplydotcom

FROM docker.io/caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy
--------------------

caddy.build
------------------
[Build]
ImageTag=localhost/caddy
SetWorkingDirectory=unit
------------------

caddy.container
-------------------------
[Unit]
Description=Caddy container
After=network-online.target

[Container]
AutoUpdate=registry
ContainerName=caddy
Image=caddy.build
Secret=simply_account_name,type=env,target=SIMPLY_ACCOUNT_NAME
Secret=simply_api_key,type=env,target=SIMPLY_API_KEY
Volume=/srv/containers/caddy/conf:/etc/caddy:Z
Volume=/srv/containers/caddy/data:/data:Z
PublishPort=443:443

[Install]
WantedBy=default.target
-------------------------

The Caddyfile is stored in /srv/containers/caddy/conf/:

Caddyfile
---------------
*.example.com {
tls {
dns simplydotcom {env.SIMPLY_ACCOUNT_NAME} {env.SIMPLY_API_KEY}
}

@caddy host caddy.example.com
handle @caddy {
respond "Hello World!"
}
}
---------------

See Caddy documentation for more on wildcard certificates.

https://caddyserver.com/docs/caddyfile/patterns#wildcard-certificates

EDIT: changed TOKEN to KEY in Caddyfile

#selfhosting #homelab #podman #caddy

Hey @homelab ,

has anyone managed to write a working config for running #Caddy with the caddy-security plugin and #OIDC?

I am struggling to make it work. Anyone mind sharing a working config?

(watch out to redact your secrets)

EDIT: I figured it out and wrote some example config: https://blog.sektor64.net/i/oidc-with-caddy-security/

Replace the values and you should be ready to go.

Heute bei mir eingetroffen:
#thinclient Dell OptiPlex 3000 TC mit #pentium Silver-Prozessor. 16 GByte RAM und 64 GByte eMMC, integriert. Steckplatz für weitere #ssd vorhanden. Preislich erschwinglich.
Leider mit unpassendem Netzteil geliefert (zu dicker Stecker), aber Ersatz ist auf dem Weg.
🔌⚡
Bin gespannt auf die Performance und den #stromverbrauch

Damit möchte ich weg vom prinzipiell teuer werdenden #vps bei #strato

Laufen sollen darauf #docker #container mit:
- #nextcloud
- #gitea
- #ntfy
- #readeck
- #dawarich
- #caddy

❓💾❓💾❓💾
Beim Speicherkonzept bin ich mir noch nicht sicher. Teure M2-SSD kaufen (500 GByte reichen mir) oder Daten auf dem vorhandenen #nas einbinden und per #nfs mounten?

Wie ist eure Meinung dazu? 💬

#selfhost #selfhosting
#PentiumSilver

Heute bei mir eingetroffen:
#thinclient Dell OptiPlex 3000 TC mit #pentium Silver-Prozessor. 16 GByte RAM und 64 GByte eMMC, integriert. Steckplatz für weitere #ssd vorhanden. Preislich erschwinglich.
Leider mit unpassendem Netzteil geliefert (zu dicker Stecker), aber Ersatz ist auf dem Weg.
🔌⚡
Bin gespannt auf die Performance und den #stromverbrauch

Damit möchte ich weg vom prinzipiell teuer werdenden #vps bei #strato

Laufen sollen darauf #docker #container mit:
- #nextcloud
- #gitea
- #ntfy
- #readeck
- #dawarich
- #caddy

❓💾❓💾❓💾
Beim Speicherkonzept bin ich mir noch nicht sicher. Teure M2-SSD kaufen (500 GByte reichen mir) oder Daten auf dem vorhandenen #nas einbinden und per #nfs mounten?

Wie ist eure Meinung dazu? 💬

#selfhost #selfhosting
#PentiumSilver

Heute bei mir eingetroffen:
#thinclient Dell OptiPlex 3000 TC mit #pentium Silver-Prozessor. 16 GByte RAM und 64 GByte eMMC, integriert. Steckplatz für weitere #ssd vorhanden. Preislich erschwinglich.
Leider mit unpassendem Netzteil geliefert (zu dicker Stecker), aber Ersatz ist auf dem Weg.
🔌⚡
Bin gespannt auf die Performance und den #stromverbrauch

Damit möchte ich weg vom prinzipiell teuer werdenden #vps bei #strato

Laufen sollen darauf #docker #container mit:
- #nextcloud
- #gitea
- #ntfy
- #readeck
- #dawarich
- #caddy

❓💾❓💾❓💾
Beim Speicherkonzept bin ich mir noch nicht sicher. Teure M2-SSD kaufen (500 GByte reichen mir) oder Daten auf dem vorhandenen #nas einbinden und per #nfs mounten?

Wie ist eure Meinung dazu? 💬

#selfhost #selfhosting
#PentiumSilver

Heute bei mir eingetroffen:
#thinclient Dell OptiPlex 3000 TC mit #pentium Silver-Prozessor. 16 GByte RAM und 64 GByte eMMC, integriert. Steckplatz für weitere #ssd vorhanden. Preislich erschwinglich.
Leider mit unpassendem Netzteil geliefert (zu dicker Stecker), aber Ersatz ist auf dem Weg.
🔌⚡
Bin gespannt auf die Performance und den #stromverbrauch

Damit möchte ich weg vom prinzipiell teuer werdenden #vps bei #strato

Laufen sollen darauf #docker #container mit:
- #nextcloud
- #gitea
- #ntfy
- #readeck
- #dawarich
- #caddy

❓💾❓💾❓💾
Beim Speicherkonzept bin ich mir noch nicht sicher. Teure M2-SSD kaufen (500 GByte reichen mir) oder Daten auf dem vorhandenen #nas einbinden und per #nfs mounten?

Wie ist eure Meinung dazu? 💬

#selfhost #selfhosting
#PentiumSilver

Heute bei mir eingetroffen:
#thinclient Dell OptiPlex 3000 TC mit #pentium Silver-Prozessor. 16 GByte RAM und 64 GByte eMMC, integriert. Steckplatz für weitere #ssd vorhanden. Preislich erschwinglich.
Leider mit unpassendem Netzteil geliefert (zu dicker Stecker), aber Ersatz ist auf dem Weg.
🔌⚡
Bin gespannt auf die Performance und den #stromverbrauch

Damit möchte ich weg vom prinzipiell teuer werdenden #vps bei #strato

Laufen sollen darauf #docker #container mit:
- #nextcloud
- #gitea
- #ntfy
- #readeck
- #dawarich
- #caddy

❓💾❓💾❓💾
Beim Speicherkonzept bin ich mir noch nicht sicher. Teure M2-SSD kaufen (500 GByte reichen mir) oder Daten auf dem vorhandenen #nas einbinden und per #nfs mounten?

Wie ist eure Meinung dazu? 💬

#selfhost #selfhosting
#PentiumSilver

I need to translate a piece of #config from #Nginx to #Caddy, send help :drgn_dizzy:

Ещё одно тестирование Angie, HAProxy, Envoy, Caddy и Traefik от Devhands

Devhands.io провели очередное нагрузочное тестирование балансировщиков, и надеюсь, сделали в этот раз всё правильно: не просто взяли готовый докер, но сравнили и поставили одинаковыми все наиболее критичные конфигурационные параметры. После проведения тестов мы сделали стрим, в котором поделились результатами. Видео этой часовой встречи можно посмотреть на Youtube, а ниже публикуем расшифровку со слайдами и всеми исходниками.

https://habr.com/ru/articles/946294/

#highload #хайлоад #нагрузочное_тестирование #angie #nginx #envoy #caddy #traefik

Проксирование из коробки: сравнительный анализ HAProxy, Envoy, Nginx, Caddy и Traefik

Всем привет, меня зовут Стас, я техлид в Mish Product Lab. Тема возникла не просто так: внутри команды у нас было немало споров и дискуссий о том, какой инструмент для проксирования и терминации SSL лучше использовать в различных ситуациях. Изначально все наши гипотезы были основаны больше на личных предпочтениях, чем на реальных данных. Мы долго спорили, надеясь, что истина будет где-то рядом с нашими любимыми решениями. Но в итоге пришли к выводу, что единственный способ получить действительно объективный ответ — это протестировать и сравнить различные варианты на практике. Именно так родилась идея провести сравнительный анализ производительности HAProxy, Envoy, Nginx, Caddy и Traefik с поддержкой SSL/TLS. Мы хотели понять, какой из инструментов «из коробки» предоставляет наилучшую производительность и минимальные накладные расходы, особенно при обработке SSL-трафика, который, как известно, требует дополнительных ресурсов из-за шифрования и дешифрования.

https://habr.com/ru/articles/900438/

#haproxy #envoy #nginx #caddy #traefik #k6 #go #golang

📬 Freiheit muss nichts kosten: Open Source Tools vorgestellt
#Empfehlungen #Softwareentwicklung #Caddy #exa #FairEmail #FreieSoftware #github #neosay #OpenSource #Screego #Thumbkey https://tarnkappe.info/artikel/empfehlungen/open-source-freiheit-muss-nichts-kosten-279923.html