init
This commit is contained in:
commit
bf1634f44f
SSH Key Fingerprint:
SHA256:BezbKv3jZaqu7SdNrZM0e42b8nlNwh63zaVj/pUxc7U
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
caddy.container
|
||||||
|
config/*.caddy
|
||||||
18
README.md
Normal file
18
README.md
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# Caddy
|
||||||
|
Webserver and reverse proxy for installed services.
|
||||||
|
Detects installed services and proxies them based on given configuration.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
Other services can use caddy as proxy.
|
||||||
|
To do so, they need to provide caddy configuration files and give caddy access to their network.
|
||||||
|
The `./configure.sh` script will find the configuration files/networks and add them to the caddy configuration.
|
||||||
|
|
||||||
|
To configure a service to be proxied by caddy:
|
||||||
|
1. Add `*.caddy` file(s) to your service with caddy configuration
|
||||||
|
2. Add the `caddy=true` label to your network(s) that should be accessible by caddy
|
||||||
|
3. Call `./configure.sh` on the server to refresh the caddy configuration
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
1. Clone repository to service directory
|
||||||
|
2. Configure the service by calling `./configure.sh`
|
||||||
|
3. Start the service by calling `systemctl --user start caddy-* caddy`
|
||||||
0
caddy-logs.volume
Normal file
0
caddy-logs.volume
Normal file
2
caddy.network
Normal file
2
caddy.network
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
[Network]
|
||||||
|
IPv6=true
|
||||||
2
caddy.volume
Normal file
2
caddy.volume
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
[Volume]
|
||||||
|
Label="backup=true"
|
||||||
26
config/Caddyfile
Normal file
26
config/Caddyfile
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
{
|
||||||
|
log {
|
||||||
|
exclude http.log.access
|
||||||
|
}
|
||||||
|
|
||||||
|
log access {
|
||||||
|
format json
|
||||||
|
output file /data/logs/access.log {
|
||||||
|
roll_size 1gb
|
||||||
|
roll_keep 5
|
||||||
|
roll_keep_for 720h
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
(default-headers) {
|
||||||
|
header {
|
||||||
|
?Cache-Control max-age=3600
|
||||||
|
Strict-Transport-Security max-age=63072000; preload
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
X-Frame-Options SAMEORIGIN
|
||||||
|
-Server
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
import *.caddy
|
||||||
84
configure.sh
Executable file
84
configure.sh
Executable file
@ -0,0 +1,84 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# ======================================
|
||||||
|
# configure.sh v1.0; job79
|
||||||
|
# Generate caddy configuration based on
|
||||||
|
# the installed services.
|
||||||
|
# ======================================
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
log() { printf '\e[%sm%s\e[0m %s\n' "${3:-36}" "${2:-○}" "$1"; }
|
||||||
|
ask() { printf '\e[33m?\e[0m %s ' "$1"; read a; [ "${a,,}" = 'y' ]; }
|
||||||
|
|
||||||
|
# gen_quadlet_file generates the caddy container quadlet file
|
||||||
|
gen_quadlet_file() {
|
||||||
|
log 'start generating quadlet file'
|
||||||
|
cat > "$CADDY_QUADLET_FILE" <<- EOF
|
||||||
|
# ============================================================================
|
||||||
|
# This file is generated by caddy/configure.sh, do not edit this file manually
|
||||||
|
# ============================================================================
|
||||||
|
[Container]
|
||||||
|
Image=docker.io/caddy:2.7
|
||||||
|
AutoUpdate=registry
|
||||||
|
|
||||||
|
# storage
|
||||||
|
Volume=caddy.volume:/data/caddy
|
||||||
|
Volume=caddy-logs.volume:/data/logs
|
||||||
|
Volume=%h/services/caddy/config:/etc/caddy:Z,ro
|
||||||
|
|
||||||
|
# networking
|
||||||
|
Network=caddy.network
|
||||||
|
PublishPort=0.0.0.0:80:80
|
||||||
|
PublishPort=0.0.0.0:443:443
|
||||||
|
PublishPort=0.0.0.0:443:443/udp
|
||||||
|
EOF
|
||||||
|
|
||||||
|
log 'search for networks with caddy=true label'
|
||||||
|
podman network ls -f label=caddy=true --format "{{.Name}}" | while read -r network; do
|
||||||
|
log "found $network" '↖' 35
|
||||||
|
echo "Network=$network" >> "$CADDY_QUADLET_FILE"
|
||||||
|
done
|
||||||
|
|
||||||
|
cat >> "$CADDY_QUADLET_FILE" <<- EOF
|
||||||
|
# security
|
||||||
|
ReadOnly=true
|
||||||
|
NoNewPrivileges=true
|
||||||
|
DropCapability=ALL
|
||||||
|
AddCapability=NET_BIND_SERVICE
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
||||||
|
EOF
|
||||||
|
log 'finished generating quadlet file' '✓' 32
|
||||||
|
}
|
||||||
|
|
||||||
|
# gen_config_dir generates the caddy config directory
|
||||||
|
gen_config_dir() {
|
||||||
|
log 'generate caddy config directory with *.caddy files from services'
|
||||||
|
find "$CADDY_CONFIG_DIR" -name '*.caddy' -exec rm {} \;
|
||||||
|
find "$SERVICES_DIR" -name '*.caddy' -not -path "$CADDY_CONFIG_DIR/*" | while read -r in; do
|
||||||
|
log "found $in" '↖' 35
|
||||||
|
cp "$in" "$CADDY_CONFIG_DIR"
|
||||||
|
done
|
||||||
|
log 'finished generating caddy config directory' '✓' 32
|
||||||
|
}
|
||||||
|
|
||||||
|
## MAIN ##
|
||||||
|
SERVICES_DIR="$(dirname "$(dirname "$(realpath "$0")")")"
|
||||||
|
CADDY_QUADLET_FILE="$SERVICES_DIR/caddy/caddy.container"
|
||||||
|
CADDY_CONFIG_DIR="$SERVICES_DIR/caddy/config"
|
||||||
|
|
||||||
|
gen_quadlet_file
|
||||||
|
gen_config_dir
|
||||||
|
|
||||||
|
ask "apply config changes by reloading config (y/N)?" && \
|
||||||
|
podman exec -w /etc/caddy systemd-caddy caddy reload && \
|
||||||
|
log 'successfully applied config changes' '✓' 32
|
||||||
|
|
||||||
|
ask "restart caddy? required to join new networks (y/N)?" && \
|
||||||
|
systemctl --user daemon-reload && \
|
||||||
|
systemctl --user restart caddy && \
|
||||||
|
log 'successfully restarted caddy' '✓' 32
|
||||||
Loading…
Reference in New Issue
Block a user