HelgeSverre/caddy-vapor-ssl.sh

## caddy-vapor-ssl.sh
# Stop and disable NGINX
sudo systemctl stop nginx
sudo systemctl disable nginx

# Install Go
wget https://go.dev/dl/go1.20.2.linux-amd64.tar.gz
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.20.2.linux-amd64.tar.gz
rm -f go1.20.2.linux-amd64.tar.gz

# Add go directories to path
export PATH=$PATH:/usr/local/go/bin:`go env GOPATH`/bin

# Install xcaddy
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest

# Build xcaddy with dynamodb module
xcaddy build --with github.com/silinternational/certmagic-storage-dynamodb/v3

# Move the binary to $PATH
sudo mv caddy /usr/bin/

# Make it executable
sudo chmod +x /usr/bin/caddy

# Create a group named caddy
sudo groupadd --system caddy

# Create a user named caddy, with a writeable home folder
sudo useradd --system \
    --gid caddy \
    --create-home \
    --home-dir /var/lib/caddy \
    --shell /usr/sbin/nologin \
    --comment "Caddy web server" \
    caddy

# Create the environment file
sudo echo '
AWS_ACCESS_KEY=REPLACE
AWS_SECRET_ACCESS_KEY=REPLACE
AWS_REGION=REPLACE' | sudo tee /etc/environment

# Create the caddy directory & Caddyfile
sudo mkdir /etc/caddy
sudo touch /etc/caddy/Caddyfile

# Write the config file
sudo echo '{
    on_demand_tls {
        ask https://your-website.com/caddy-check
    }

    storage dynamodb caddy_ssl_certificates
}

:80 {
    respond /health "Im healthy!" 200
}

:443 {
    tls your@email.com {
        on_demand
    }

    reverse_proxy https://your-website.com {
        header_up Host your-website.com
        header_up User-Custom-Domain {host}
        header_up X-Forwarded-Port {server_port}

        health_timeout 5s
    }
}' | sudo tee /etc/caddy/Caddyfile

sudo touch /etc/systemd/system/caddy.service

# Write the caddy service file
sudo echo '# caddy.service
#
# WARNING: This service does not use the -resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddys API to configure it, add the -resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
EnvironmentFile=/etc/environment

[Install]
WantedBy=multi-user.target' | sudo tee /etc/systemd/system/caddy.service

# Start the service
sudo systemctl daemon-reload
sudo systemctl enable caddy
sudo systemctl start caddy

# Remember, when making changes to the config file, you need to run
#sudo systemctl reload caddy
	# Stop and disable NGINX
	sudo systemctl stop nginx
	sudo systemctl disable nginx

	# Install Go
	wget https://go.dev/dl/go1.20.2.linux-amd64.tar.gz
	sudo rm -rf /usr/local/go
	sudo tar -C /usr/local -xzf go1.20.2.linux-amd64.tar.gz
	rm -f go1.20.2.linux-amd64.tar.gz

	# Add go directories to path
	export PATH=$PATH:/usr/local/go/bin:`go env GOPATH`/bin

	# Install xcaddy
	go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest

	# Build xcaddy with dynamodb module
	xcaddy build --with github.com/silinternational/certmagic-storage-dynamodb/v3

	# Move the binary to $PATH
	sudo mv caddy /usr/bin/

	# Make it executable
	sudo chmod +x /usr/bin/caddy

	# Create a group named caddy
	sudo groupadd --system caddy

	# Create a user named caddy, with a writeable home folder
	sudo useradd --system \
	--gid caddy \
	--create-home \
	--home-dir /var/lib/caddy \
	--shell /usr/sbin/nologin \
	--comment "Caddy web server" \
	caddy

	# Create the environment file
	sudo echo '
	AWS_ACCESS_KEY=REPLACE
	AWS_SECRET_ACCESS_KEY=REPLACE
	AWS_REGION=REPLACE' \| sudo tee /etc/environment

	# Create the caddy directory & Caddyfile
	sudo mkdir /etc/caddy
	sudo touch /etc/caddy/Caddyfile

	# Write the config file
	sudo echo '{
	on_demand_tls {
	ask https://your-website.com/caddy-check
	}

	storage dynamodb caddy_ssl_certificates
	}

	:80 {
	respond /health "Im healthy!" 200
	}

	:443 {
	tls your@email.com {
	on_demand
	}

	reverse_proxy https://your-website.com {
	header_up Host your-website.com
	header_up User-Custom-Domain {host}
	header_up X-Forwarded-Port {server_port}

	health_timeout 5s
	}
	}' \| sudo tee /etc/caddy/Caddyfile

	sudo touch /etc/systemd/system/caddy.service

	# Write the caddy service file
	sudo echo '# caddy.service
	#
	# WARNING: This service does not use the -resume flag, so if you
	# use the API to make changes, they will be overwritten by the
	# Caddyfile next time the service is restarted. If you intend to
	# use Caddys API to configure it, add the -resume flag to the
	# `caddy run` command or use the caddy-api.service file instead.

	[Unit]
	Description=Caddy
	Documentation=https://caddyserver.com/docs/
	After=network.target

	[Service]
	User=caddy
	Group=caddy
	ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
	ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
	TimeoutStopSec=5s
	LimitNOFILE=1048576
	LimitNPROC=512
	PrivateTmp=true
	ProtectSystem=full
	AmbientCapabilities=CAP_NET_BIND_SERVICE
	EnvironmentFile=/etc/environment

	[Install]
	WantedBy=multi-user.target' \| sudo tee /etc/systemd/system/caddy.service

	# Start the service
	sudo systemctl daemon-reload
	sudo systemctl enable caddy
	sudo systemctl start caddy

	# Remember, when making changes to the config file, you need to run
	#sudo systemctl reload caddy