home.social

#caddyserver — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #caddyserver, aggregated by home.social.

  1. v2.11.3

    This release improves several aspects of Caddy with minor features, bug fixes, and security patches. Thank you to everyone and their bots who contributed to help make this release the best one yet! Security patches: fastcgi: Carrying over a patch...

    github.com/caddyserver/caddy/r

    #caddyserver #caddy

  2. This is magic:

    *.*.u.jak2k.eu {
    root /home/{labels.3}/Public/{labels.4}
    file_server browse
    }
    *.u.jak2k.eu {
    root /home/{labels.3}/Public/{labels.3}
    file_server browse
    }

    #caddy #caddyserver

  3. Does anyone in my timeline have first-hand experience switching from #nginx to #caddyserver as proxy for a Django app (running in separate #Bastille jails under #FreeBSD)? If so, would you recommend switching?

  4. And I do have a blog beside the house construction one too. I do post there, seldom, but today I got something techie to write about even.

    Got one more server of mine protected by iocaine, good by AI crap bots.

    blog.ganneff.de/2026/01/ai-slo

    #caddy #caddyserver #iocaine #docker #aislop

  5. The #CaddyServer makes some baffling decisions:

    caddy.community/t/v2-reverse-p

    It's only OK to be Opinionated Software if your Opinions are Good.

  6. Du coup je suis preneur d'une solution (si elle existe) sans xcaddy pour remplacer ça

    ipfilter / {
    	rule allow
    	database /data/GeoLite.mmdb
    	country FR
    }

    #Caddy #CaddyServer

  7. So, I’ve just replaced #nginx with #caddyserver thanks to @theseer for the talk/workshop at #ipc #phpconference

    Added bonus: the config file is 10 lines long and is for two hosts, one acting as a reverse proxy. This is brilliant.

  8. Again and again and for years: Updating a small #mastodon instance that is hosted in docker (and behind #caddyserver) has been very very painless. If you consider setting up a small instance, consider to use #docker.

    #Mastoadmin
    mastodon.social/@MastodonEngin

  9. How to only allow loopback addresses to access the path /metrics, in Caddy.

    #Caddy #Caddy2 #CaddyServer

  10. I just added a custom caddy build with the cache handler in front of my `file_server`, which increased the response performance by 50%. Crazy!

    #caddy #CaddyServer

  11. Take back control: secure and private self-hosting on Debian with SSH keys, an ufw firewall and a robust fail2ban configuration. Use Docker and Caddy as a reverse proxy to securely provide your self-hosted services.

    Step-by-step, minimal, and practical.

    lukasrotermund.de/posts/simple

    #SelfHosting #Privacy #Linux #Debian #Docker #DockerCompose #CaddyServer #Caddy #ReverseProxy #Security #Webhosting #Server #Hosting

  12. @gewt move to #CaddyServer and there won't be a need for #certbot anymore, since it comes with built-in #ACME support and all tools and knobs one could wish for.

    It comes with many sane defaults and thereby allows to run quite complex setups - yet only requiring very minimal configs.

    caddyserver.com/

  13. I have again tried and failed to get my #Nextcloud server to be happy with #caddyserver. It seems others have gotten pretty URLs with a subdomain to work and I got it sort of half-working, in that it's showing a nextcloud page, but with no CSS and an otherwise page not found.

    My current ISP blocks port 80, so I have to use dns-01 with apache, which is one of those things that isn't great if I were to abruptly kick the bucket and my wife would eventually lose access to our server.

  14. Want to leverage (Model Context Protocol) without the hassle? Learn how to set up a powerful server on for with @tailscale and

    Save $200+ over 2 years with this method 🔧
    youtu.be/OmWJPJ1CR7M

  15. @simsus für den Fall finde ich ja den Webserver #Caddyserver genial, der automatisch verlängert und auch automatisch beantragt:

    caddyserver.com/

    @caddy

  16. Hi all. Hoping someone in the #SelfHosting community can help. I'm trying to set up #Linkwarden in #Docker behind #Caddy. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:

    register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113
    register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms)
    <input data-testid=​"password-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">
    register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms)
    <input data-testid=​"password-confirm-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">
    Error
    api/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()

    compose file:

    services:
    postgres:
    image: postgres:16-alpine
    container_name: linkwarden_postgres
    env_file: .env
    restart: always
    volumes:
    - ./pgdata:/var/lib/postgresql/data
    networks:
    - linkwarden_net
    linkwarden:
    env_file: .env
    environment:
    - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres
    restart: always
    # build: . # uncomment this line to build from source
    image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source
    container_name: linkwarden
    ports:
    - 3009:3000
    volumes:
    - ./data:/data/data
    networks:
    - linkwarden_net
    depends_on:
    - postgres

    networks:
    linkwarden_net:
    driver: bridge

    Relevant part of .env file:

    NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/auth
    NEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf

    # Manual installation database settings
    # Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwarden
    DATABASE_URL=

    # Docker installation database settings
    POSTGRES_PASSWORD=redacted

    # Additional Optional Settings
    PAGINATION_TAKE_COUNT=
    STORAGE_FOLDER=
    AUTOSCROLL_TIMEOUT=
    NEXT_PUBLIC_DISABLE_REGISTRATION=false
    NEXT_PUBLIC_CREDENTIALS_ENABLED=true

    Caddyfile snippet

    *.laniecarmelo.tech {
    tls redacted {
    dns cloudflare redacted
    }

    header {
    Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval';
    img-src https: data:;
    font-src 'self' https: data:;
    frame-src 'self' https:;
    object-src 'none'"
    Referrer-Policy "strict-origin-when-cross-origin"
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options "nosniff"
    X-Xss-Protection "1; mode=block"
    }

    encode br gzip

    # Bookmarks
    @bookmarks host bookmarks.laniecarmelo.tech
    handle @bookmarks {
    reverse_proxy 127.0.0.1:3009
    }
    }

    Can anyone help? I have no idea how to fix this.
    #SelfHosted #CaddyServer #Linux #Tech #Technology
    @selfhost @selfhosted @selfhosting

  17. Switching my Caddy server to use ZeroSSL for AMCE SSL certification, replacing LetsEncrypt, was as easy as adding this to my Caddyfile:

    {
        acme_ca https://acme.zerossl.com/v2/DV90
    }
    

    #CaddyServer #Caddy #SSL #ACME #LetsEncypt #ZeroSSL

  18. Hi everyone,

    I'm encountering an issue with my self-hosted setup using Caddy 2.9.1 and Authelia 4.38.19. All domains except auth.laniecarmelo.tech return a 401 Unauthorized error. Journald logs suggest issues with insecure schemes ('') instead of https or wss.

    Details:

    • Setup: Caddy as reverse proxy, Authelia for authentication
    • Domains: AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer
    • Logs:
      Authelia:
      Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"Caddy:
      Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}

    Configurations:

    Curl Output:

    HTTP Request:

    $ curl home.laniecarmelo.tech -v
    < HTTP/1.1 308 Permanent Redirect
    < Location: https://home.laniecarmelo.tech/

    HTTPS Request:

    $ curl https://home.laniecarmelo.tech -v
    < HTTP/2 401
    < content-type: text/plain; charset=utf-8
    < server: Caddy
    401 Unauthorized

    Does anyone know what might be causing this? I suspect it could be related to forward_auth or trusted proxies.

    Thanks in advance! 🙏

    #SelfHosting #CaddyServer #Authelia #ReverseProxy #TechHelp #Linux #HomeLab
    @selfhost @selfhosting @selfhosted

  19. 🚨 Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup 🚨

    Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:

    Setup

    • MiniFlux: Running in #Docker on a #RaspberryPi500 (#Stormux, based on #ArchLinuxARM).
    • Nextflux: Hosted on Cloudflare Pages.
    • Reverse Proxy: #Caddy (installed via AUR).
    • Cloudflare Access: Enabled for security and SSO.
    • Cloudflared: Also installed via AUR.
    • CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.

    What’s Working

    • MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.
    • Nextflux is properly deployed on Cloudflare Pages.

    The Problem

    Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:

    1. CORS Error:Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
    2. Cloudflare Access Redirection:

      Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.
    3. Failed to Fetch:

      Failed to fetch: TypeError: Failed to fetch.

    What I’ve Tried

    1. Service Token Authentication:

      • Generated a service token in Cloudflare Access for Nextflux.
      • Added CF-Access-Client-Id and CF-Access-Client-Secret headers in Caddy for rss.laniecarmelo.tech.
      • Updated Cloudflare Access policies to include a bypass rule for this service token.
    2. CORS Configuration:

      • Tried permissive settings (Access-Control-Allow-Origin: *) in both Caddy and MiniFlux.
      • Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.
    3. Policy Adjustments:

      • Created a bypass policy for my home IP range and public IP.
      • Added an "Allow" policy for authenticated users via email/login methods.
    4. Debugging Logs:

      • Checked Cloudflared logs, which show requests being blocked due to missing access tokens (AccessJWTValidator errors).

    Current State

    Despite these efforts:

    • Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.
    • The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.

    Goals

    1. Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).
    2. Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).

    My Environment

    • Raspberry Pi 500 running Arch Linux ARM.
    • Both Caddy and Cloudflared are installed via AUR packages.
    • MiniFlux is running in Docker with the following environment variables:CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>

    Relevant Logs

    From cloudflared:

    ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"

    From the browser console:

    Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.

    Questions

    1. Is there a better way to configure CORS for this setup?
    2. Should I be handling authentication differently between Nextflux and MiniFlux?
    3. How can I ensure that requests from Nextflux include valid access tokens?

    Any help or advice would be greatly appreciated! 🙏

    #SelfHosting #Cloudflare #CaddyServer #Docker #RSS #CORS #Linux #ArchLinuxARM #CloudflarePages #tech #technology

  20. Made my personal website get the maximum amount of points of Mozilla's HTTP Observatory. Now, my static site delivers content as securely as it possibly can. I highly recommend anyone with a personal website to tweak it along with their webserver so that it gets at least a hundred points on HTTP Observatory.
    developer.mozilla.org/en-US/ob
    The least you can do is add your site to the HSTS Preload list (hstspreload.org/).

    #blog #personalwebsite #mozilla #mdn #http #caddyserver #hsts #webdev

  21. Because the excellent (and beloved for a decade or so) #reeder by @rizzi does not support #TLSClientAuth for feeds* I spent a few hours on Yak-Shaving and on learning about #caddyserver #systemd-#resolved and - in the end - about #iCloudPrivateRelay.
    If a local request is handled like an external request it may be because ... it's coming in as an external request.
    ___
    * I’m sure I’m the only one left on the planet who has rss feeds with Client Certificates, so this is fine!

  22. Because the excellent (and beloved for a decade or so) #reeder by @rizzi does not support #TLSClientAuth for feeds* I spent a few hours on Yak-Shaving and on learning about #caddyserver #systemd-#resolved and - in the end - about #iCloudPrivateRelay.
    If a local request is handled like an external request it may be because ... it's coming in as an external request.
    ___
    * I’m sure I’m the only one left on the planet who has rss feeds with Client Certificates, so this is fine!

  23. Because the excellent (and beloved for a decade or so) #reeder by @rizzi does not support #TLSClientAuth for feeds* I spent a few hours on Yak-Shaving and on learning about #caddyserver #systemd-#resolved and - in the end - about #iCloudPrivateRelay.
    If a local request is handled like an external request it may be because ... it's coming in as an external request.
    ___
    * I’m sure I’m the only one left on the planet who has rss feeds with Client Certificates, so this is fine!

  24. Because the excellent (and beloved for a decade or so) #reeder by @rizzi does not support #TLSClientAuth for feeds* I spent a few hours on Yak-Shaving and on learning about #caddyserver #systemd-#resolved and - in the end - about #iCloudPrivateRelay.
    If a local request is handled like an external request it may be because ... it's coming in as an external request.
    ___
    * I’m sure I’m the only one left on the planet who has rss feeds with Client Certificates, so this is fine!

  25. Because the excellent (and beloved for a decade or so) #reeder by @rizzi does not support #TLSClientAuth for feeds* I spent a few hours on Yak-Shaving and on learning about #caddyserver #systemd-#resolved and - in the end - about #iCloudPrivateRelay.
    If a local request is handled like an external request it may be because ... it's coming in as an external request.
    ___
    * I’m sure I’m the only one left on the planet who has rss feeds with Client Certificates, so this is fine!

  26. After a lot of trial and error, I finally got object storage configured for this instance. I had originally planned to use Backblaze, but ended up going with Linode Object Storage. Unfortunately, the guides I found online didn't work for me, and I also had to make the switch from Caddy to Nginx. I'm thinking about writing a blog post to share my experience.

    #mastoadmin #fedimin #fediadmin #s3 #linode #backblaze #nginx #caddyserver #mastodon

  27. Wochenrückblick, Ausgabe 40 (2024-19).

    Diesmal zu spät, dafür aber mit:

    - 🗺️ dem anstehenden Umzug von Bikerouter auf eine neue Serverumgebung (diese wird komplett auf ARM-Architektur basieren, statt bisher auf Intel/AMD, außerdem wird nginx von Caddy abgelöst und die Routingdaten werden 5x statt 4x pro Tag aktualisiert werden)
    - 🛠️ dem defekten USB-Stick von Prusa am MINI+ und welchen Ersatz ich dafür bestellt habe (es ist kein USB-Stick geworden)
    - 🍎 den Blick in mein Applications-Directory, diesmal alle Apps mit „G“
    - 🎶 Roland50 - einer Website, auf der man mit Synthesizern (TB-303) und Drum Machines (TR-808, TR-909) von Roland herumspielen kann
    - 🖥️ wie mich ein Bug in WezTerm an den Rand des Wahnsinns getrieben hat und wie einfach der Fix war
    - 🐘 der spannend klingenden AutoMapper PHP-Library
    - 🔊 und wie immer Techno

    #BikeRouter #ARM #Caddyserver #Caddy #USB #Prusa #3DPrint #macOS #Roland #TB303 #TR808 #TR909 #WezTerm #PHP #AutoMapper #Techno

    marcusjaschen.de/blog/2024/202

  28. Wochenrückblick, Ausgabe 28 (2024-07).

    Diesmal mit

    - der Zukunft von BRouter-Web und Bikerouter
    - dem vielen Wasser, das hier überall auf Wiesen und Feldern steht
    - meiner Affinität zu Keyboards als primäres Interaktionselement mit Computern …
    - … und welchen Keyboard-Shortcut ich in Firefox schmerzlich vermisse
    - der macOS App Rectangle
    - dem Fork von nginx zu freenginx und wie ich am Wochenende nach 19 Jahren ausschließlich nginx-Nutzung mit Caddy erstmals einen anderen Webserver angeschaut habe und seit dem ziemlich begeistert bin
    - einer Anleitung wie man gute technische Dokumentation schreibt
    - mkcert und wie es xca als Management-Tool für meine lokale CA abgelöst hat
    - der Fernsehserie „Parlament“
    - und wie immer Techno.

    #Wochenrückblick #BRouter #BikeRouter #Regen #Wasser #Keyboard #Firefox #macOS #Rectangle #nginx #freenginx #Caddy #Caddyserver #Documentation #mkcert #xca #Parlament #Techno

    marcusjaschen.de/blog/2024/202

  29. Wochenrückblick, Ausgabe 28 (2024-07).

    Diesmal mit

    - der Zukunft von BRouter-Web und Bikerouter
    - dem vielen Wasser, das hier überall auf Wiesen und Feldern steht
    - meiner Affinität zu Keyboards als primäres Interaktionselement mit Computern …
    - … und welchen Keyboard-Shortcut ich in Firefox schmerzlich vermisse
    - der macOS App Rectangle
    - dem Fork von nginx zu freenginx und wie ich am Wochenende nach 19 Jahren ausschließlich nginx-Nutzung mit Caddy erstmals einen anderen Webserver angeschaut habe und seit dem ziemlich begeistert bin
    - einer Anleitung wie man gute technische Dokumentation schreibt
    - mkcert und wie es xca als Management-Tool für meine lokale CA abgelöst hat
    - der Fernsehserie „Parlament“
    - und wie immer Techno.

    #Wochenrückblick #BRouter #BikeRouter #Regen #Wasser #Keyboard #Firefox #macOS #Rectangle #nginx #freenginx #Caddy #Caddyserver #Documentation #mkcert #xca #Parlament #Techno

    marcusjaschen.de/blog/2024/202

  30. Wochenrückblick, Ausgabe 28 (2024-07).

    Diesmal mit

    - der Zukunft von BRouter-Web und Bikerouter
    - dem vielen Wasser, das hier überall auf Wiesen und Feldern steht
    - meiner Affinität zu Keyboards als primäres Interaktionselement mit Computern …
    - … und welchen Keyboard-Shortcut ich in Firefox schmerzlich vermisse
    - der macOS App Rectangle
    - dem Fork von nginx zu freenginx und wie ich am Wochenende nach 19 Jahren ausschließlich nginx-Nutzung mit Caddy erstmals einen anderen Webserver angeschaut habe und seit dem ziemlich begeistert bin
    - einer Anleitung wie man gute technische Dokumentation schreibt
    - mkcert und wie es xca als Management-Tool für meine lokale CA abgelöst hat
    - der Fernsehserie „Parlament“
    - und wie immer Techno.

    #Wochenrückblick #BRouter #BikeRouter #Regen #Wasser #Keyboard #Firefox #macOS #Rectangle #nginx #freenginx #Caddy #Caddyserver #Documentation #mkcert #xca #Parlament #Techno

    marcusjaschen.de/blog/2024/202

  31. Wochenrückblick, Ausgabe 28 (2024-07).

    Diesmal mit

    - der Zukunft von BRouter-Web und Bikerouter
    - dem vielen Wasser, das hier überall auf Wiesen und Feldern steht
    - meiner Affinität zu Keyboards als primäres Interaktionselement mit Computern …
    - … und welchen Keyboard-Shortcut ich in Firefox schmerzlich vermisse
    - der macOS App Rectangle
    - dem Fork von nginx zu freenginx und wie ich am Wochenende nach 19 Jahren ausschließlich nginx-Nutzung mit Caddy erstmals einen anderen Webserver angeschaut habe und seit dem ziemlich begeistert bin
    - einer Anleitung wie man gute technische Dokumentation schreibt
    - mkcert und wie es xca als Management-Tool für meine lokale CA abgelöst hat
    - der Fernsehserie „Parlament“
    - und wie immer Techno.

    #Wochenrückblick #BRouter #BikeRouter #Regen #Wasser #Keyboard #Firefox #macOS #Rectangle #nginx #freenginx #Caddy #Caddyserver #Documentation #mkcert #xca #Parlament #Techno

    marcusjaschen.de/blog/2024/202

  32. Wochenrückblick, Ausgabe 28 (2024-07).

    Diesmal mit

    - der Zukunft von BRouter-Web und Bikerouter
    - dem vielen Wasser, das hier überall auf Wiesen und Feldern steht
    - meiner Affinität zu Keyboards als primäres Interaktionselement mit Computern …
    - … und welchen Keyboard-Shortcut ich in Firefox schmerzlich vermisse
    - der macOS App Rectangle
    - dem Fork von nginx zu freenginx und wie ich am Wochenende nach 19 Jahren ausschließlich nginx-Nutzung mit Caddy erstmals einen anderen Webserver angeschaut habe und seit dem ziemlich begeistert bin
    - einer Anleitung wie man gute technische Dokumentation schreibt
    - mkcert und wie es xca als Management-Tool für meine lokale CA abgelöst hat
    - der Fernsehserie „Parlament“
    - und wie immer Techno.

    #Wochenrückblick #BRouter #BikeRouter #Regen #Wasser #Keyboard #Firefox #macOS #Rectangle #nginx #freenginx #Caddy #Caddyserver #Documentation #mkcert #xca #Parlament #Techno

    marcusjaschen.de/blog/2024/202

  33. When building #docker images for php application that uses
    #caddyserver , where do you store your SSL certificates so you don't regenerate a new SSL with every deployment?

    #docker #ssl #docker_swarm #isolation #cloud #php #developer #caddyserver #letsencrypt

  34. Here are the steps to enable #http3/#quic in #caddy:
    ....

    It takes 0, zero, nil lines to enable and configure #http3/#quic in #CaddyServer! You don't need to do anything special to keep up with the industry standard and progress. Caddy takes care of keeping your services up-to-date.

    #systemadministration #sysadmin #devops #sre #web #linux #unix #windows #sitereliability

  35. Here are the steps to enable #http3/#quic in #caddy:
    ....

    It takes 0, zero, nil lines to enable and configure #http3/#quic in #CaddyServer! You don't need to do anything special to keep up with the industry standard and progress. Caddy takes care of keeping your services up-to-date.

    #systemadministration #sysadmin #devops #sre #web #linux #unix #windows #sitereliability

  36. Here are the steps to enable /#quic in :
    ....

    It takes 0, zero, nil lines to enable and configure /#quic in ! You don't need to do anything special to keep up with the industry standard and progress. Caddy takes care of keeping your services up-to-date.