Skip to content

Instantly share code, notes, and snippets.

@codexss
Forked from bendo01/Caddyfile
Created October 18, 2017 13:01
Show Gist options
  • Save codexss/5e0b9a904ddcf10f0f26ec6654404976 to your computer and use it in GitHub Desktop.
Save codexss/5e0b9a904ddcf10f0f26ec6654404976 to your computer and use it in GitHub Desktop.
Caddy Web Server As Service on Centos 7
#sudo nano /etc/systemd/system/caddy.service
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-failure
; User and group the process will run as.
User=root
Group=root
; Letsencrypt-issued certificates will be written to this directory.
;Environment=HOME=/etc/ssl/caddy
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=64
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
;PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
;ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
;ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
;ReadWriteDirectories=/etc/ssl/caddy
; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
; … but permit caddy to open ports reserved for system services.
; This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
;AmbientCapabilities=CAP_NET_BIND_SERVICE
; … and prevent gaining any new privileges.
;NoNewPrivileges=true
; Caveat: Some plugins need additional capabilities. Add them to both above lines.
; - plugin "upload" needs: CAP_LEASE
[Install]
WantedBy=multi-user.target
#cd /etc/caddy/Caddyfile
example.com {
root /usr/share/nginx/html
gzip
log /var/log/caddy/access.log
#fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
#fastcgi / fastcgi / 127.0.0.1:9000 php # Fast CGI php interpreter
#using with laravel
fastcgi / unix:/var/run/php-fpm/php-fpm.sock php {
index index.php
}
rewrite {
to {path} {path}/ /index.php?{query}
}
}
#login as root
#download caddy web server and put file on /usr/local/bin
#create caddy config file aka Caddyfile on /etc/caddy
#http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
#http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
#https://binaryfigments.com/news/limit-requests-on-caddy-with-fail2ban/
#https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
https://briansnelson.com/How_to_install_gifsicle_for_CentOS
https://briansnelson.com/How_to_install_jpegoptim_for_CentOS
http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
https://blog.harrier.us/running-caddy-as-a-reverse-proxy-on-centos-7/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment