-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #545 from threefoldtech/development_https
https caddy guide added
- Loading branch information
Showing
5 changed files
with
96 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
88 changes: 88 additions & 0 deletions
88
src/documentation/system_administrators/advanced/https_caddy.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
<h1>HTTPS with Caddy</h1> | ||
|
||
<h2>Table of Contents</h2> | ||
|
||
- [Introduction](#introduction) | ||
- [Prerequisites](#prerequisites) | ||
- [Set HTTPS](#set-https) | ||
- [Adjust the Firewall](#adjust-the-firewall) | ||
- [Manage with zinit](#manage-with-zinit) | ||
- [Questions and Feedback](#questions-and-feedback) | ||
--- | ||
|
||
## Introduction | ||
|
||
We show how to set HTTPS with Caddy for any deployment on the grid. | ||
|
||
## Prerequisites | ||
|
||
- A deployment on the TFGrid and SSH access | ||
|
||
## Set HTTPS | ||
|
||
We set HTTPS with Caddy. | ||
|
||
- Install Caddy | ||
``` | ||
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl | ||
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg | ||
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' > /etc/apt/sources.list.d/caddy-stable.list | ||
apt update | ||
apt install caddy | ||
``` | ||
- Set a reverse proxy on port 80 with your own domain | ||
``` | ||
caddy reverse-proxy -r --from example.com --to :80 | ||
``` | ||
|
||
You should see in the logs that it successfully obtains an SSL certificate, and after that you can try navigating to your site's domain again to verify it's working. Using a private window or adding `https://` specifically might be necessary until your browser drops its cache. | ||
|
||
When you're satisfied that everything looks good, hit `ctl-c` to exit Caddy and we'll proceed to making this persistent. | ||
|
||
### Adjust the Firewall | ||
|
||
To use Caddy and set HTTPS, we want to allow port 443. If you are using `ufw`, add the permission for HTTPS: | ||
|
||
* Add the permissions | ||
* ``` | ||
ufw allow 443 | ||
``` | ||
|
||
### Manage with zinit | ||
|
||
We manage Caddy with zinit. | ||
|
||
- Open the file for editing | ||
```bash | ||
nano /etc/zinit/caddy.yaml | ||
``` | ||
- Insert the following line with your own domain and save the file | ||
``` | ||
exec: caddy reverse-proxy -r --from example.com --to :80 | ||
``` | ||
- Add the new Caddy file to zinit | ||
```bash | ||
zinit monitor caddy | ||
``` | ||
|
||
Zinit will start up Caddy immediately, restart it if it ever crashes, and start it up automatically after any reboots. Assuming you tested the Caddy invocation above and used the same form here, that should be all there is to it. | ||
|
||
Here are some other Zinit commands that could be helpful to troubleshoot issues: | ||
|
||
- See status of all services (same as "zinit list") | ||
``` | ||
zinit | ||
``` | ||
- Get logs for a service | ||
``` | ||
zinit log caddy | ||
``` | ||
- Restart a service (to test configuration changes, for example) | ||
``` | ||
zinit stop caddy | ||
zinit start caddy | ||
``` | ||
|
||
## Questions and Feedback | ||
|
||
If you have any questions or feedback, please let us know by either writing a post on the [ThreeFold Forum](https://forum.threefold.io/), or by chatting with us on the [TF Grid Tester Community](https://t.me/threefoldtesting) Telegram channel. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters