From 779a9c0e47795385d0d7b46d2e0c63e812b317f6 Mon Sep 17 00:00:00 2001
From: Akshat Jain <akshatjain9782@gmail.com>
Date: Mon, 26 Aug 2024 18:33:19 +0530
Subject: [PATCH] added caddy setup for with or without SSL

---
 .github/workflows/build-branch.yml |  4 ++--
 caddy/Caddyfile.template           | 32 ++++++++++++++++++++++++++++++
 caddy/Dockerfile                   |  9 +++++++++
 caddy/caddy.sh                     |  4 ++++
 deploy/selfhost/docker-compose.yml | 15 +++++++++++++-
 5 files changed, 61 insertions(+), 3 deletions(-)
 create mode 100644 caddy/Caddyfile.template
 create mode 100644 caddy/Dockerfile
 create mode 100644 caddy/caddy.sh

diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml
index 0ccccda5fd6..4d27af53f41 100644
--- a/.github/workflows/build-branch.yml
+++ b/.github/workflows/build-branch.yml
@@ -330,8 +330,8 @@ jobs:
       - name: Build and Push Plane-Proxy to Docker Hub
         uses: docker/build-push-action@v5.1.0
         with:
-          context: ./nginx
-          file: ./nginx/Dockerfile
+          context: ./caddy
+          file: ./caddy/Dockerfile
           platforms: ${{ env.BUILDX_PLATFORMS }}
           tags: ${{ env.PROXY_TAG }}
           push: true
diff --git a/caddy/Caddyfile.template b/caddy/Caddyfile.template
new file mode 100644
index 00000000000..632ba11f87e
--- /dev/null
+++ b/caddy/Caddyfile.template
@@ -0,0 +1,32 @@
+(plane_proxy) {
+	request_body {
+		max_size {$FILE_SIZE_LIMIT}
+	}
+
+	reverse_proxy /spaces/* space:3000
+
+	reverse_proxy /god-mode/* admin:3000
+
+	reverse_proxy /api/* api:8000
+
+	reverse_proxy /auth/* api:8000
+
+	reverse_proxy /{$BUCKET_NAME}/* plane-minio:9000
+
+	reverse_proxy /* web:3000
+}
+
+{
+	email {$CERT_EMAIL:admin@example.com}
+	acme_ca {$CERT_ACME_CA} 
+	{$CERT_ACME_DNS}
+	servers {
+		max_header_size 5MB
+		client_ip_headers X-Forwarded-For X-Real-IP
+		trusted_proxies static {$TRUSTED_PROXIES:0.0.0.0/0}
+	}
+}
+
+{$SITE_ADDRESS} {
+	import plane_proxy
+}
diff --git a/caddy/Dockerfile b/caddy/Dockerfile
new file mode 100644
index 00000000000..5dd666163f3
--- /dev/null
+++ b/caddy/Dockerfile
@@ -0,0 +1,9 @@
+FROM makeplane/caddy:latest
+
+COPY ./Caddyfile.template /etc/caddy/Caddyfile
+
+COPY ./caddy.sh /docker-entrypoint.sh
+
+RUN chmod +x /docker-entrypoint.sh
+
+CMD ["/docker-entrypoint.sh"]
diff --git a/caddy/caddy.sh b/caddy/caddy.sh
new file mode 100644
index 00000000000..792d5a5dc30
--- /dev/null
+++ b/caddy/caddy.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+export SITE_ADDRESS=$(if [ "$SSL" = "true" ]; then echo "${APP_DOMAIN}"; else echo "http://${APP_DOMAIN}"; fi)
+exec caddy run --config /etc/caddy/Caddyfile
diff --git a/deploy/selfhost/docker-compose.yml b/deploy/selfhost/docker-compose.yml
index ea600c86c54..e4931c80eb0 100644
--- a/deploy/selfhost/docker-compose.yml
+++ b/deploy/selfhost/docker-compose.yml
@@ -24,8 +24,14 @@ x-data-store-env: &data-store-env
   BUCKET_NAME: ${BUCKET_NAME:-uploads}
 
 x-proxy-env: &proxy-env
+  SSL: ${SSL:-false}
+  APP_DOMAIN: ${APP_DOMAIN:-localhost}
   NGINX_PORT: ${NGINX_PORT:-80}
   FILE_SIZE_LIMIT: ${FILE_SIZE_LIMIT:-5242880}
+  CERT_EMAIL: ${CERT_EMAIL:-akshatjain9782@gmail.com}
+  CERT_ACME_CA: ${CERT_ACME_CA:-}
+  LISTEN_HTTP_PORT: ${LISTEN_HTTP_PORT:-80}
+  LISTEN_HTTPS_PORT: ${LISTEN_HTTPS_PORT:-443}
 
 x-app-env: &app-env
   WEB_URL: ${WEB_URL:-http://localhost}
@@ -174,7 +180,11 @@ services:
     pull_policy: if_not_present
     restart: unless-stopped
     ports:
-      - ${NGINX_PORT}:80
+      - ${LISTEN_HTTP_PORT:-80}:${LISTEN_HTTP_PORT:-80}
+      - ${LISTEN_HTTPS_PORT:-443}:${LISTEN_HTTPS_PORT:-443}
+    volumes:
+      - caddy_config:/config
+      - caddy_data:/data
     environment:
       <<: *proxy-env
     depends_on:
@@ -190,3 +200,6 @@ volumes:
   logs_worker:
   logs_beat-worker:
   logs_migrator:
+  caddy_config:
+  caddy_data:
+  
\ No newline at end of file