X-Git-Url: https://git.josue.xyz/?a=blobdiff_plain;f=caddy%2FREADME.md;h=d674bc3219471670be08bef825ff77a3d75f4a52;hb=91512157ab426c87e0a82b594620e90e324b23a3;hp=93324c248d0cc5fe51fc978a7824b040e23380b7;hpb=5008165a00538a7e3b393a2179786de3f6c9049c;p=webi-installers%2F.git diff --git a/caddy/README.md b/caddy/README.md index 93324c2..d674bc3 100644 --- a/caddy/README.md +++ b/caddy/README.md @@ -5,13 +5,8 @@ tagline: | Caddy is a fast, multi-platform web server with automatic HTTPS. --- -## Updating `caddy` - -```bash -webi caddy@stable -``` - -Use the `@beta` tag for pre-releases, or `@x.y.z` for a specific version. +To update or switch versions, run `webi caddy@stable` (or `@v2.4`, `@beta`, +etc). ## Cheat Sheet @@ -19,6 +14,15 @@ Use the `@beta` tag for pre-releases, or `@x.y.z` for a specific version. > reverse proxy APIs and WebSockets to other apps - such as those written node, > Go, python, ruby, and PHP. +Here's the things we find most useful: + +- Simple File & Directory Server +- Reverse Proxy with www (and HTTPS) redirects +- Running as a system service on + - Linux + - MacOS + - Windows 10 + ### How to serve a directory ```bash @@ -48,12 +52,18 @@ example.com { # reverse proxy /api to :3000 reverse_proxy /api/* localhost:3000 + # reverse proxy some "well known" APIs + reverse_proxy /.well-known/openid-configuration localhost:3000 + reverse_proxy /.well-known/jwks.json localhost:3000 + # serve static files from public folder, but not /api @notApi { file { try_files {path} {path}/ {path}/index.html } not path /api/* + not path /.well-known/openid-configuration + not path /.well-known/jwks.json } route { rewrite @notApi {http.matchers.file.relative} @@ -68,3 +78,119 @@ And here's how you run caddy with it: ```bash caddy run --config ./Caddyfile ``` + +### How to start Caddy as a Linux service + +Here are the 3 things you need to do to start Caddy as a system service: + +**a non-root user** + +If you don't have a non-root user, consider adding the `app` user with +[`ssh-adduser`](https://webinstall.dev/ssh-adduser). + +Using a user named `app` to run your services is common industry convention. + +**port-binding privileges** + +You can use `setcap` to allow Caddy to use privileged ports. + +```bash +sudo setcap cap_net_bind_service=+ep $(readlink -f $(command -v caddy)) +``` + +**systemd config** + +You can use [`serviceman`](https://webinstall.dev/serviceman) to create and +start the appropriate systemd launcher for Linux. + +Install Serviceman with Webi: + +```bash +webi serviceman +``` + +Use Serviceman to create a _systemd_ config file. + +```bash +sudo env PATH="$PATH" \ + serviceman add --system --username $(whoami) --name caddy -- \ + caddy run --config ./Caddyfile +``` + +This will create `/etc/systemd/system/caddy.service`, which can be managed with +`systemctl`. For example: + +```bash +sudo systemctl restart caddy +``` + +### How to start Caddy as a MacOS Service + +**Port-Binding Permission** + +Caddy must run as the `root` user in order to bind to ports 80 and 443. + +**launchd plist** + +You can use [`serviceman`](https://webinstall.dev/serviceman) to create and +start the appropriate service launcher file for MacOS. + +Install Serviceman with Webi: + +```bash +webi serviceman +``` + +Use Serviceman to create a _launchd_ plist file. + +```bash +serviceman add --username $(whoami) --name caddy -- \ + caddy run --config ./Caddyfile +``` + +This will create `~//Library/LaunchAgents/caddy.plist`, which can be managed +with `launchctl`. For example: + +```bash +launchctl unload -w "$HOME/Library/LaunchAgents/caddy.plist" +launchctl load -w "$HOME/Library/LaunchAgents/caddy.plist" +``` + +### How to start Caddy as a Windows Service + +You may need to update the Windows Firewall to allow traffic through to Caddy. +You'll also need to create a Startup entry in the registry, which can be done +with Serviceman. + +**Windows Firewall** + +You can use PowerShell to update the firewall, which looks something like this: + +```pwsh +powershell.exe -WindowStyle Hidden -Command $r = Get-NetFirewallRule -DisplayName 'Caddy Web Server' 2> $null; if ($r) {write-host 'found rule';} else {New-NetFirewallRule -DisplayName 'Go Web Server' -Direction Inbound C:\\Users\\YOUR_USER\\.local\\bin\\caddy.exe -Action Allow} +``` + +**Startup Registry** + +You can use [Serviceman](https://webinstall.dev/serviceman) to create and start +the appropriate service launcher for Windows 10. + +Install Serviceman with Webi: + +```bash +webi.bat serviceman +``` + +Use Serviceman to create a Startup entry in the Windows Registry: + +```bash +serviceman.exe add --name caddy -- \ + caddy run --config ./Caddyfile +``` + +You can manage the service directly with Serviceman. For example: + +```bash +serviceman stop caddy +serviceman start caddy +```