bendo01/Caddyfile

## caddy.service
#sudo nano /etc/systemd/system/caddy.service
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=on-failure

; User and group the process will run as.
User=root
Group=root

; Letsencrypt-issued certificates will be written to this directory.
;Environment=HOME=/etc/ssl/caddy

; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID

; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=64

; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
;PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
;ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
;ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
;ReadWriteDirectories=/etc/ssl/caddy

; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
; … but permit caddy to open ports reserved for system services.
;   This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
;AmbientCapabilities=CAP_NET_BIND_SERVICE
; … and prevent gaining any new privileges.
;NoNewPrivileges=true

; Caveat: Some plugins need additional capabilities. Add them to both above lines.
; - plugin "upload" needs: CAP_LEASE

[Install]
WantedBy=multi-user.target

## Caddyfile
#cd /etc/caddy/Caddyfile
example.com {
    root /usr/share/nginx/html
    gzip
    log /var/log/caddy/access.log
    #fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
    #fastcgi / fastcgi / 127.0.0.1:9000 php # Fast CGI php interpreter
    #using with laravel
    fastcgi / unix:/var/run/php-fpm/php-fpm.sock php {
        index index.php
    }

    rewrite {
        to {path} {path}/ /index.php?{query}
    }
}

## command.txt
#login as root
#download caddy web server and put file on /usr/local/bin
#create caddy config file aka Caddyfile on /etc/caddy
#http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
#http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
#https://binaryfigments.com/news/limit-requests-on-caddy-with-fail2ban/
#https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
https://briansnelson.com/How_to_install_gifsicle_for_CentOS
https://briansnelson.com/How_to_install_jpegoptim_for_CentOS
http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
https://blog.harrier.us/running-caddy-as-a-reverse-proxy-on-centos-7/
	#sudo nano /etc/systemd/system/caddy.service
	[Unit]
	Description=Caddy HTTP/2 web server
	Documentation=https://caddyserver.com/docs
	After=network-online.target
	Wants=network-online.target systemd-networkd-wait-online.service

	[Service]
	Restart=on-failure

	; User and group the process will run as.
	User=root
	Group=root

	; Letsencrypt-issued certificates will be written to this directory.
	;Environment=HOME=/etc/ssl/caddy

	; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
	ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
	ExecReload=/bin/kill -USR1 $MAINPID

	; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
	LimitNOFILE=1048576
	; Unmodified caddy is not expected to use more than that.
	LimitNPROC=64

	; Use private /tmp and /var/tmp, which are discarded after caddy stops.
	PrivateTmp=true
	; Use a minimal /dev
	;PrivateDevices=true
	; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
	;ProtectHome=true
	; Make /usr, /boot, /etc and possibly some more folders read-only.
	;ProtectSystem=full
	; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
	; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
	;ReadWriteDirectories=/etc/ssl/caddy

	; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
	;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
	; … but permit caddy to open ports reserved for system services.
	; This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
	;AmbientCapabilities=CAP_NET_BIND_SERVICE
	; … and prevent gaining any new privileges.
	;NoNewPrivileges=true

	; Caveat: Some plugins need additional capabilities. Add them to both above lines.
	; - plugin "upload" needs: CAP_LEASE

	[Install]
	WantedBy=multi-user.target
	#cd /etc/caddy/Caddyfile
	example.com {
	root /usr/share/nginx/html
	gzip
	log /var/log/caddy/access.log
	#fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
	#fastcgi / fastcgi / 127.0.0.1:9000 php # Fast CGI php interpreter
	#using with laravel
	fastcgi / unix:/var/run/php-fpm/php-fpm.sock php {
	index index.php
	}

	rewrite {
	to {path} {path}/ /index.php?{query}
	}
	}
	#login as root
	#download caddy web server and put file on /usr/local/bin
	#create caddy config file aka Caddyfile on /etc/caddy
	#http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
	#http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
	#https://binaryfigments.com/news/limit-requests-on-caddy-with-fail2ban/
	#https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
	https://briansnelson.com/How_to_install_gifsicle_for_CentOS
	https://briansnelson.com/How_to_install_jpegoptim_for_CentOS
	http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
	https://blog.harrier.us/running-caddy-as-a-reverse-proxy-on-centos-7/