From 45bbaa10410db629781ed7bc679de7ace96b9c6a Mon Sep 17 00:00:00 2001
From: Maurice <maurice.golverdingen@infosupport.com>
Date: Fri, 3 Oct 2025 16:23:09 +0200
Subject: [PATCH] Fix caddy

---
 services/caddy/Caddyfile     | 69 ++++++++++++++++--------------------
 services/caddy/install.sh    |  4 +++
 services/caddy/update.sh     |  3 --
 services/jellyfin/install.sh | 10 ++++++
 update.sh                    |  2 +-
 5 files changed, 45 insertions(+), 43 deletions(-)
 create mode 100644 services/caddy/install.sh
 create mode 100644 services/jellyfin/install.sh

diff --git a/services/caddy/Caddyfile b/services/caddy/Caddyfile
index c755c7c..bfacfa5 100644
--- a/services/caddy/Caddyfile
+++ b/services/caddy/Caddyfile
@@ -1,63 +1,54 @@
 # https://hackviser.com/tactics/hardening/caddy
 {
-	auto_https disable_redirects
+    auto_https disable_redirects
 
-	# Do not write access logs to journald.
-	log {
-		exclude http.log.access
-	}
+    # Do not write access logs to journald.
+    log {
+        exclude http.log.access
+    }
 
-	# Write access logs to the logs volume in json
-	# format. Only keep logs for the last 30 days.
-	log access {
-		format json
-		output file /data/logs/access.log {
-			roll_keep_for 720h
-		}
-	}
+    # Write access logs to the logs volume in JSON format. Only keep logs for the last 30 days.
+    log access {
+        format json
+        output file /data/logs/access.log {
+            roll_keep_for 720h
+        }
+    }
 }
 
-# Block with default http config that accepts requests on
-# fd/3 and redirects to https.
+# Block with default HTTP config that redirects to HTTPS
 (https-redir) {
-	bind fd/3 {
-		protocols h1
-	}
-	redir https://{host}{uri} 308
+    bind *:80  # Listen on port 80 (HTTP)
+	protocols h1 h2 # Enable HTTP/1 and HTTP/2
+    redir https://{host}{uri} 308
 }
 
-# Block with default https config that accepts requests on
-# fd/4 and fdgram/5.
+# Block with default HTTPS config that accepts requests on port 443 (HTTP/1, HTTP/2, and HTTP/3)
 (https) {
-	bind fd/4 {
-		protocols h1 h2
-	}
-	bind fdgram/5 {
-		protocols h3
-	}
+    bind *:443  # Listen on port 443 (HTTPS)
+    protocols h1 h2 h3  # Enable HTTP/1, HTTP/2, and HTTP/3 (QUIC)
 }
 
 # Block with compression configuration.
 (compression) {
-	encode zstd gzip
+    encode zstd gzip
 }
 
-# Block with headers that should be used by most
-# sites. Add HSTS and some other security headers.
+# Block with headers that should be used by most sites. Add HSTS and other security headers.
 # Remove the server header because without it caddy
 # leaks the backend server version.
 # https://scotthelme.co.uk/a-new-security-header-referrer-policy/
 # https://scotthelme.co.uk/content-security-policy-an-introduction/
 (default-headers) {
-	header {
-		Strict-Transport-Security max-age=31536000; includeSubDomains; preload
-		X-Content-Type-Options nosniff
-		X-Frame-Options sameorigin
-		Content-Security-Policy default-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline';
-		Referrer-Policy: same-origin
-		-Server
-		-X-Powered-By
-	}
+    header {
+        Strict-Transport-Security max-age=31536000; includeSubDomains; preload
+        X-Content-Type-Options nosniff
+        X-Frame-Options sameorigin
+        Content-Security-Policy default-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline';
+        Referrer-Policy: same-origin
+        -Server
+        -X-Powered-By
+    }
 }
 
 import *.caddy
diff --git a/services/caddy/install.sh b/services/caddy/install.sh
new file mode 100644
index 0000000..7a47186
--- /dev/null
+++ b/services/caddy/install.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+chmod +x /etc/init.d/caddy.service
+rc-update add caddy.service default
+rc-service caddy.service start
\ No newline at end of file
diff --git a/services/caddy/update.sh b/services/caddy/update.sh
index b8dd2a2..b4f52cb 100644
--- a/services/caddy/update.sh
+++ b/services/caddy/update.sh
@@ -2,9 +2,6 @@
 mkdir -p /var/containers/caddy
 cp -f ./Caddyfile /var/containers/caddy/Caddyfile
 chown -R podman:podman /var/containers/caddy
-chmod +x /etc/init.d/caddy.service
-rc-update add caddy.service default
-rc-service caddy.service start
 
 if [ "$1" = "reload" ]; then
   podman exec caddy caddy reload -c /etc/caddy/Caddyfile
diff --git a/services/jellyfin/install.sh b/services/jellyfin/install.sh
new file mode 100644
index 0000000..ffa6455
--- /dev/null
+++ b/services/jellyfin/install.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+chown -R podman:podman /mnt/ssd/jellyfin
+chmod -R 775 /mnt/ssd/jellyfin
+
+chmod +x /etc/init.d/jellyfin.service
+rc-update add jellyfin.service default
+rc-service jellyfin.service start
+
+# If you encounter the following error: Error: statfs /mnt/ssd/jellyfin: no such file or directory
+# Please run "podman system migrate"...
\ No newline at end of file
diff --git a/update.sh b/update.sh
index 08df60e..ae1eedd 100644
--- a/update.sh
+++ b/update.sh
@@ -24,7 +24,7 @@ for service in "./services"/*/; do
   for caddyfile in *.caddy; do
     [ -e "$caddyfile" ] || continue
     CADDY_NAME="${caddyfile%.caddy}"
-    cp -f "./$caddyfile" "/var/containers/caddy/$CADDY_NAME"
+    cp -f "./$caddyfile" "/var/containers/caddy/$CADDY_NAME.caddy"
   done
 
   cd "$base_dir"