ctsrc/Caddyfile

## README.md

      
    Raw
  

              README.md
            
          
    FreeBSD 12.0 web server setup

Install tools and dependencies

Assuming your user is in the wheel group already.
su - root -c "pkg install doas"
su - root -c "echo permit nopass :wheel > /usr/local/etc/doas.conf"
doas pkg install go dsbwrtsysctl
Build

Execute the following commands in the directory where you downloaded the caddy_custom.go file from this gist to.
export GO111MODULE=on
go mod init caddy
go get github.com/mholt/caddy@v1.0.0
go get github.com/caddyserver/dnsproviders@v0.1.4
go get github.com/epicagency/caddy-expires@v1.1.0
go build
Install

doas cp caddy /usr/local/bin/

doas mkdir /.caddy
doas chown www-data:www /.caddy/

doas mkdir /var/www
doas chown $( id -un ):$( id -g -nr ) /var/www

doas cp Caddyfile /var/www

doas sysrc caddy_cert_email=replace_me@example.com
doas sysrc caddy_env="CLOUDFLARE_EMAIL=replace_me@example.com CLOUDFLARE_API_KEY=xxx"

doas sysrc kld_list+="mac_portacl"
doas kldload mac_portacl

doas dsbwrtsysctl security.mac.portacl.rules=uid:80:tcp:80,uid:80:tcp:443
doas dsbwrtsysctl net.inet.ip.portrange.reservedhigh=0
doas service sysctl restart

doas cp caddy_init /usr/local/etc/rc.d/caddy
doas chmod 555 /usr/local/etc./rc.d/caddy
doas sysrc caddy_enable=YES
Start

doas service caddy start
Check status

doas service caddy status

  
## caddy_custom.go
package main

import
(
  "github.com/mholt/caddy/caddy/caddymain"

  _ "github.com/caddyserver/dnsproviders/cloudflare"
  _ "github.com/epicagency/caddy-expires"
)

func main () {
  caddymain.EnableTelemetry = false
  caddymain.Run()
}

## caddy_init
#!/bin/sh
#
# PROVIDE: caddy
# REQUIRE: networking
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable caddy:
# caddy_enable (bool):        Set to "NO" by default.
#                             Set it to "YES" to enable caddy
#
# caddy_cert_email (str):     Set to "" by default.
#                             Defines the SSL certificate issuer email. By providing an
#                             email address you automatically agree to letsencrypt.org's
#                             general terms and conditions
#
# caddy_bin_path (str):       Set to "/usr/local/bin/caddy" by default.
#                             Provides the path to the caddy server executable
#
# caddy_cpu (str):            Set to "99%" by default.
#                             Configures, how much CPU capacity caddy may gain
#
# caddy_config_path (str):    Set to "/var/www/Caddyfile" by default.
#                             Defines the path for the configuration file caddy will load on boot
#
# caddy_user (str):           Set to "www" by default.
#                             Defines the user that caddy will run on
#
# caddy_group (str):  	      Set to "www" by default.
#                             Defines the group that caddy files will be attached to
#
# caddy_logfile (str)	      Set to "/var/log/caddy.log" by default.
#			      Defines where the process log file is written, this is not a web access log
#
# caddy_env (str)	      Set to "" by default.
#			      This allows environment variable to be set that may be required, for example when using "DNS Challenge" account credentials are required.
#			      e.g. (in your rc.conf)   caddy_env="CLOUDFLARE_EMAIL=me@domain.com CLOUDFLARE_API_KEY=my_api_key"
#

. /etc/rc.subr

name="caddy"
rcvar="${name}_enable"

load_rc_config ${name}

: ${caddy_enable:="NO"}
: ${caddy_cert_email=""}
: ${caddy_bin_path="/usr/local/bin/caddy"}
: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
: ${caddy_config_path="/var/www/Caddyfile"}
: ${caddy_logfile="/var/log/caddy.log"}
: ${caddy_user="www-data"}
: ${caddy_group="www"}

if [ "$caddy_cert_email" = "" ]
then
    echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
    exit 1
fi

pidfile="/var/run/${name}.pid"
procname="${caddy_bin_path}" #enabled builtin pid checking for start / stop
command="/usr/sbin/daemon"
command_args="-p ${pidfile} /usr/bin/env ${caddy_env} ${procname} -cpu ${caddy_cpu} -log stdout -conf ${caddy_config_path} -agree -email ${caddy_cert_email} < /dev/null >> ${caddy_logfile} 2>&1"

start_precmd="caddy_startprecmd"

caddy_startprecmd()
{
	if [ ! -e "${pidfile}" ]; then
		install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${pidfile}"
	fi

	if [ ! -e "${caddy_logfile}" ]; then
		install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${caddy_logfile}"
	fi
}

required_files="${caddy_config_path}"

run_rc_command "$1"


## Caddyfile
git.example.com {
    proxy / localhost:3000

    tls {
        dns cloudflare
    }
}

www.example.com {
    root /var/www/com.example/frontend/

    tls {
        dns cloudflare
    }
}

example.com {
    redir https://www.example.com{uri}

    tls {
        dns cloudflare
    }
}

docs.example.com {
    root /var/www/com.example.docs/

    expires {
        match .htm$ 4h
        match /assets/.* 1y
    }

    tls {
        dns cloudflare
    }
}
	package main

	import
	(
	"github.com/mholt/caddy/caddy/caddymain"

	_ "github.com/caddyserver/dnsproviders/cloudflare"
	_ "github.com/epicagency/caddy-expires"
	)

	func main () {
	caddymain.EnableTelemetry = false
	caddymain.Run()
	}
	#!/bin/sh
	#
	# PROVIDE: caddy
	# REQUIRE: networking
	# KEYWORD: shutdown

	#
	# Add the following lines to /etc/rc.conf to enable caddy:
	# caddy_enable (bool): Set to "NO" by default.
	# Set it to "YES" to enable caddy
	#
	# caddy_cert_email (str): Set to "" by default.
	# Defines the SSL certificate issuer email. By providing an
	# email address you automatically agree to letsencrypt.org's
	# general terms and conditions
	#
	# caddy_bin_path (str): Set to "/usr/local/bin/caddy" by default.
	# Provides the path to the caddy server executable
	#
	# caddy_cpu (str): Set to "99%" by default.
	# Configures, how much CPU capacity caddy may gain
	#
	# caddy_config_path (str): Set to "/var/www/Caddyfile" by default.
	# Defines the path for the configuration file caddy will load on boot
	#
	# caddy_user (str): Set to "www" by default.
	# Defines the user that caddy will run on
	#
	# caddy_group (str): Set to "www" by default.
	# Defines the group that caddy files will be attached to
	#
	# caddy_logfile (str) Set to "/var/log/caddy.log" by default.
	# Defines where the process log file is written, this is not a web access log
	#
	# caddy_env (str) Set to "" by default.
	# This allows environment variable to be set that may be required, for example when using "DNS Challenge" account credentials are required.
	# e.g. (in your rc.conf) caddy_env="CLOUDFLARE_EMAIL=me@domain.com CLOUDFLARE_API_KEY=my_api_key"
	#

	. /etc/rc.subr

	name="caddy"
	rcvar="${name}_enable"

	load_rc_config ${name}

	: ${caddy_enable:="NO"}
	: ${caddy_cert_email=""}
	: ${caddy_bin_path="/usr/local/bin/caddy"}
	: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
	: ${caddy_config_path="/var/www/Caddyfile"}
	: ${caddy_logfile="/var/log/caddy.log"}
	: ${caddy_user="www-data"}
	: ${caddy_group="www"}

	if [ "$caddy_cert_email" = "" ]
	then
	echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
	exit 1
	fi

	pidfile="/var/run/${name}.pid"
	procname="${caddy_bin_path}" #enabled builtin pid checking for start / stop
	command="/usr/sbin/daemon"
	command_args="-p ${pidfile} /usr/bin/env ${caddy_env} ${procname} -cpu ${caddy_cpu} -log stdout -conf ${caddy_config_path} -agree -email ${caddy_cert_email} < /dev/null >> ${caddy_logfile} 2>&1"

	start_precmd="caddy_startprecmd"

	caddy_startprecmd()
	{
	if [ ! -e "${pidfile}" ]; then
	install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${pidfile}"
	fi

	if [ ! -e "${caddy_logfile}" ]; then
	install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${caddy_logfile}"
	fi
	}

	required_files="${caddy_config_path}"

	run_rc_command "$1"
	git.example.com {
	proxy / localhost:3000

	tls {
	dns cloudflare
	}
	}

	www.example.com {
	root /var/www/com.example/frontend/

	tls {
	dns cloudflare
	}
	}

	example.com {
	redir https://www.example.com{uri}

	tls {
	dns cloudflare
	}
	}

	docs.example.com {
	root /var/www/com.example.docs/

	expires {
	match .htm$ 4h
	match /assets/.* 1y
	}

	tls {
	dns cloudflare
	}
	}