| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by martinbaun 483 days ago
	I absolutely love Caddy. Used it for years. Very reliable and so easy to setup once you learn the basics. The documentation is a bit hard to get, but it saved me so much time and energy compared to trying to get letsencrypt working reliable ontop of NGINX.

3 comments

codetrotter 483 days ago

I used Caddy for a couple of years but eventually went back to Nginx.

For the Let's Encrypt certs I use certbot and have my Nginx configs set up to point to the appropriate directories for the challenges for each domain.

The only difficulty I sometimes have is the situation where I am setting up a new domain or subdomain, and Nginx refuses to start all together because I don’t have the cert yet.

It’s probably not too complicated to get the setup right so that Nginx starts listening on port 80 only, instead of refusing to start just because it doesn’t have the cert for TLS needed to start up the listener on port 443.

But for me it happens just rarely enough that I instead first make the config and outcomment the TLS/:443 parts and start it so that I can respond to the request from Let’s Encrypt for the /.well-known/blah blah stuff, and then I re-enable listening on with TLS and restart Nginx.

I also used DNS verification for a while as well, so I’m already aware that’s an option too. But I kind of like the response on :80 method. Even if I’ve managed to make it a bit inconvenient for myself to do so.

link

throwaway94244 483 days ago

I tried to setup Caddy last year as a reverse proxy for all paths matching "/backend", and serve the rest as static files from a directory. I had to give up, because the documentation was not good enough.

I tried the JSON config format that seems to be the recommended format, but most examples on Google use the old format. To make it even more complicated the official documentation mentions configuration options, without informing that it requires plugins that is not necessarily installed on Ubuntu. Apparently they just assume that you will compile it from scratch with all options included. Lots of time was wasted before I found a casual mention of it in some discussion forum (maybe stack overflow, don't remember). I just wanted the path to be rewritten to remove the "/backend" path before proxying it to the service. I guess that is uncommon for a reverse proxy, and have to be placed in a separate module

I may appear overly critical, but I really spent a lot of time and made an honest attempt

I'll go back to nginx. Setting up let's encrypt requires some additional steps, but at least it's well documented and can be found in Google searches if necessary

link

mholt 483 days ago

Huh, sorry that it was that difficult. Based on what you wrote, this should suffice:

    example.com
    
    root /etc/www
    reverse_proxy /backend/* 127.0.0.1:8080
    file_server

link

throwaway94244 483 days ago

It seems simple, but I used the JSON format which seems to add a lot of complexity (basically serialized version of objects)

I also had to install a separate module just to get a decent access log...

Could be my fault for going too far down a wrong path, but it could also be a sign of poor documentation

link

throwaway94244 483 days ago

I found my last attempt here (before I gave up). I also spent a lot of time getting the basic logs working, by installing modules that wasn't part of the standard distribution

    {
      "logging": {
        "logs": {
          "default": {
            "level": "INFO",
            "encoder": {
              "format": "transform",
              "template":"{common_log}"
            },
            "writer": {
              "output": "file",
              "filename": "/var/log/caddy/access.log",
              "roll": true,
              "roll_size_mb": 5,
              "roll_gzip": true,
              "roll_local_time": true,
              "roll_keep": 5,
              "roll_keep_days": 7
            }
          },
          "dev_access": {
            "level": "INFO",
            "encoder": {
              "format": "transform",
              "template":"{common_log}"
            },
            "writer": {
              "output": "file",
              "filename": "/var/log/caddy/dev_access.log",
              "roll": true,
              "roll_size_mb": 5,
              "roll_gzip": true,
              "roll_local_time": true,
              "roll_keep": 5,
              "roll_keep_days": 7
            }
          },
          "errors": {
            "level": "ERROR",
            "writer": {
              "output": "file",
              "filename": "/var/log/caddy/error.log"
            }
          }
        }
      },
      "apps": {
        "http": {
          "servers": {
            "srv0": {
              "listen": [":443"],
              "logs": {
                "default_logger_name": "dev_access"
              },
              "routes": [
                {
                  "match": [
                    {
                      "host": ["<redacted>"],
                      "path": ["/backend/*"]
                    }
                  ],
                  "handle": [
                    {
                      "handler": "subroute",
                      "routes": [
                        {
                          "handle": [
                            {
                              "handler": "rewrite",
                              "strip_path_prefix": "/backend"
                            }
                          ]
                        },
                        {
                          "handle": [
                            {
                              "handler": "reverse_proxy",
                              "upstreams": [
                                {
                                  "dial": "localhost:8080"
                                }
                              ]
                            }
                          ]
                        }
                      ]
                    }
                  ]
                },
                {
                  "match": [
                    {
                      "host": ["<redacted>"]
                    },
                    {
                      "file": {
                        "try_files": ["{path}", "/index.html"]
                      }
                    }
                  ],
                  "handle": [
                    {
                      "handler": "file_server",
                      "pass_thru": true,
                      "root": "/home/server/web/dist"
                    }
                  ]
                },
                {
                  "match": [
                    {
                      "host": ["<redacted>"]
                    }
                  ],
                  "handle": [
                    {
                      "handler": "rewrite",
                      "uri": "/index.html"
                    }
                  ]
                }
              ]
            }
          }
        }
      }
    }

link

zsoltkacsandi 483 days ago

> I had to give up, because the documentation was not good enough.

I had the same experience. And also somewhat bothered me that even a very basic and common functionality like rate limiting is not built-in.

link

e12e 483 days ago

Sounds like last example here?

https://caddyserver.com/docs/caddyfile/directives/handle_pat...

link

npodbielski 482 days ago

There are already full solution for things like that i.e. https://github.com/linuxserver/docker-swag

link