init
This commit is contained in:
commit
bf1634f44f
SSH Key Fingerprint:
SHA256:BezbKv3jZaqu7SdNrZM0e42b8nlNwh63zaVj/pUxc7U
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
caddy.container
|
||||
config/*.caddy
|
||||
18
README.md
Normal file
18
README.md
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
# Caddy
|
||||
Webserver and reverse proxy for installed services.
|
||||
Detects installed services and proxies them based on given configuration.
|
||||
|
||||
## Configuration
|
||||
Other services can use caddy as proxy.
|
||||
To do so, they need to provide caddy configuration files and give caddy access to their network.
|
||||
The `./configure.sh` script will find the configuration files/networks and add them to the caddy configuration.
|
||||
|
||||
To configure a service to be proxied by caddy:
|
||||
1. Add `*.caddy` file(s) to your service with caddy configuration
|
||||
2. Add the `caddy=true` label to your network(s) that should be accessible by caddy
|
||||
3. Call `./configure.sh` on the server to refresh the caddy configuration
|
||||
|
||||
## Installation
|
||||
1. Clone repository to service directory
|
||||
2. Configure the service by calling `./configure.sh`
|
||||
3. Start the service by calling `systemctl --user start caddy-* caddy`
|
||||
0
caddy-logs.volume
Normal file
0
caddy-logs.volume
Normal file
2
caddy.network
Normal file
2
caddy.network
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[Network]
|
||||
IPv6=true
|
||||
2
caddy.volume
Normal file
2
caddy.volume
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[Volume]
|
||||
Label="backup=true"
|
||||
26
config/Caddyfile
Normal file
26
config/Caddyfile
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
{
|
||||
log {
|
||||
exclude http.log.access
|
||||
}
|
||||
|
||||
log access {
|
||||
format json
|
||||
output file /data/logs/access.log {
|
||||
roll_size 1gb
|
||||
roll_keep 5
|
||||
roll_keep_for 720h
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
(default-headers) {
|
||||
header {
|
||||
?Cache-Control max-age=3600
|
||||
Strict-Transport-Security max-age=63072000; preload
|
||||
X-Content-Type-Options nosniff
|
||||
X-Frame-Options SAMEORIGIN
|
||||
-Server
|
||||
}
|
||||
}
|
||||
|
||||
import *.caddy
|
||||
84
configure.sh
Executable file
84
configure.sh
Executable file
|
|
@ -0,0 +1,84 @@
|
|||
#!/bin/sh
|
||||
# ======================================
|
||||
# configure.sh v1.0; job79
|
||||
# Generate caddy configuration based on
|
||||
# the installed services.
|
||||
# ======================================
|
||||
|
||||
set -eu
|
||||
log() { printf '\e[%sm%s\e[0m %s\n' "${3:-36}" "${2:-○}" "$1"; }
|
||||
ask() { printf '\e[33m?\e[0m %s ' "$1"; read a; [ "${a,,}" = 'y' ]; }
|
||||
|
||||
# gen_quadlet_file generates the caddy container quadlet file
|
||||
gen_quadlet_file() {
|
||||
log 'start generating quadlet file'
|
||||
cat > "$CADDY_QUADLET_FILE" <<- EOF
|
||||
# ============================================================================
|
||||
# This file is generated by caddy/configure.sh, do not edit this file manually
|
||||
# ============================================================================
|
||||
[Container]
|
||||
Image=docker.io/caddy:2.7
|
||||
AutoUpdate=registry
|
||||
|
||||
# storage
|
||||
Volume=caddy.volume:/data/caddy
|
||||
Volume=caddy-logs.volume:/data/logs
|
||||
Volume=%h/services/caddy/config:/etc/caddy:Z,ro
|
||||
|
||||
# networking
|
||||
Network=caddy.network
|
||||
PublishPort=0.0.0.0:80:80
|
||||
PublishPort=0.0.0.0:443:443
|
||||
PublishPort=0.0.0.0:443:443/udp
|
||||
EOF
|
||||
|
||||
log 'search for networks with caddy=true label'
|
||||
podman network ls -f label=caddy=true --format "{{.Name}}" | while read -r network; do
|
||||
log "found $network" '↖' 35
|
||||
echo "Network=$network" >> "$CADDY_QUADLET_FILE"
|
||||
done
|
||||
|
||||
cat >> "$CADDY_QUADLET_FILE" <<- EOF
|
||||
# security
|
||||
ReadOnly=true
|
||||
NoNewPrivileges=true
|
||||
DropCapability=ALL
|
||||
AddCapability=NET_BIND_SERVICE
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
EOF
|
||||
log 'finished generating quadlet file' '✓' 32
|
||||
}
|
||||
|
||||
# gen_config_dir generates the caddy config directory
|
||||
gen_config_dir() {
|
||||
log 'generate caddy config directory with *.caddy files from services'
|
||||
find "$CADDY_CONFIG_DIR" -name '*.caddy' -exec rm {} \;
|
||||
find "$SERVICES_DIR" -name '*.caddy' -not -path "$CADDY_CONFIG_DIR/*" | while read -r in; do
|
||||
log "found $in" '↖' 35
|
||||
cp "$in" "$CADDY_CONFIG_DIR"
|
||||
done
|
||||
log 'finished generating caddy config directory' '✓' 32
|
||||
}
|
||||
|
||||
## MAIN ##
|
||||
SERVICES_DIR="$(dirname "$(dirname "$(realpath "$0")")")"
|
||||
CADDY_QUADLET_FILE="$SERVICES_DIR/caddy/caddy.container"
|
||||
CADDY_CONFIG_DIR="$SERVICES_DIR/caddy/config"
|
||||
|
||||
gen_quadlet_file
|
||||
gen_config_dir
|
||||
|
||||
ask "apply config changes by reloading config (y/N)?" && \
|
||||
podman exec -w /etc/caddy systemd-caddy caddy reload && \
|
||||
log 'successfully applied config changes' '✓' 32
|
||||
|
||||
ask "restart caddy? required to join new networks (y/N)?" && \
|
||||
systemctl --user daemon-reload && \
|
||||
systemctl --user restart caddy && \
|
||||
log 'successfully restarted caddy' '✓' 32
|
||||
Loading…
Reference in New Issue
Block a user