Merge pull request #545 from threefoldtech/development_https

https caddy guide added
threefoldtech · May 30, 2024 · 2b3c28f · 2b3c28f
2 parents f84d760 + 95d8538
commit 2b3c28f
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 3 deletions.
diff --git a/src/SUMMARY.md b/src/SUMMARY.md
@@ -270,6 +270,7 @@
       - [Ecommerce](documentation/system_administrators/advanced/ecommerce/ecommerce.md)
         - [WooCommerce](documentation/system_administrators/advanced/ecommerce/woocommerce.md)
         - [nopCommerce](documentation/system_administrators/advanced/ecommerce/nopcommerce.md)
+      - [HTTPS with Caddy](documentation/system_administrators/advanced/https_caddy.md)
       - [Node Status Bot](documentation/system_administrators/advanced/node_status_bot.md)
   - [ThreeFold Token](documentation/threefold_token/threefold_token.md)
     - [TFT Bridges](documentation/threefold_token/tft_bridges/tft_bridges.md)

diff --git a/src/documentation/system_administrators/advanced/advanced.md b/src/documentation/system_administrators/advanced/advanced.md
@@ -18,4 +18,6 @@ In this section, we delve into sophisticated topics and powerful functionalities
 - [Ecommerce](./ecommerce/ecommerce.md)
   - [WooCommerce](./ecommerce/woocommerce.md)
   - [nopCommerce](./ecommerce/nopcommerce.md)
-- [Node Status Bot](./node_status_bot.md)
+- [Hummingbot](./hummingbot.md)
+- [HTTPS with Caddy](./https_caddy.md)
+- [Node Status Bot](./node_status_bot.md)
diff --git a/src/documentation/system_administrators/advanced/https_caddy.md b/src/documentation/system_administrators/advanced/https_caddy.md
@@ -0,0 +1,88 @@
+<h1>HTTPS with Caddy</h1>
+
+<h2>Table of Contents</h2>
+
+- [Introduction](#introduction)
+- [Prerequisites](#prerequisites)
+- [Set HTTPS](#set-https)
+  - [Adjust the Firewall](#adjust-the-firewall)
+  - [Manage with zinit](#manage-with-zinit)
+- [Questions and Feedback](#questions-and-feedback)
+---
+
+## Introduction
+
+We show how to set HTTPS with Caddy for any deployment on the grid.
+
+## Prerequisites
+
+- A deployment on the TFGrid and SSH access
+
+## Set HTTPS
+
+We set HTTPS with Caddy.
+
+- Install Caddy
+    ```
+    apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
+    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' > /etc/apt/sources.list.d/caddy-stable.list
+    apt update
+    apt install caddy
+    ```
+- Set a reverse proxy on port 80 with your own domain
+    ```
+    caddy reverse-proxy -r --from example.com --to :80
+    ```
+
+You should see in the logs that it successfully obtains an SSL certificate, and after that you can try navigating to your site's domain again to verify it's working. Using a private window or adding `https://` specifically might be necessary until your browser drops its cache.
+
+When you're satisfied that everything looks good, hit `ctl-c` to exit Caddy and we'll proceed to making this persistent.
+
+### Adjust the Firewall
+
+To use Caddy and set HTTPS, we want to allow port 443. If you are using `ufw`, add the permission for HTTPS:
+
+* Add the permissions
+  * ```
+    ufw allow 443
+    ```
+
+### Manage with zinit
+
+We manage Caddy with zinit.
+
+- Open the file for editing
+    ```bash
+    nano /etc/zinit/caddy.yaml
+    ```
+- Insert the following line with your own domain and save the file
+    ```
+    exec: caddy reverse-proxy -r --from example.com --to :80
+    ```
+- Add the new Caddy file to zinit
+    ```bash
+    zinit monitor caddy
+    ```
+
+Zinit will start up Caddy immediately, restart it if it ever crashes, and start it up automatically after any reboots. Assuming you tested the Caddy invocation above and used the same form here, that should be all there is to it. 
+
+Here are some other Zinit commands that could be helpful to troubleshoot issues:
+
+- See status of all services (same as "zinit list")
+    ```
+    zinit
+    ```
+- Get logs for a service
+    ```
+    zinit log caddy
+    ```
+- Restart a service (to test configuration changes, for example)
+    ```
+    zinit stop caddy
+    zinit start caddy
+    ```
+
+## Questions and Feedback
+
+If you have any questions or feedback, please let us know by either writing a post on the [ThreeFold Forum](https://forum.threefold.io/), or by chatting with us on the [TF Grid Tester Community](https://t.me/threefoldtesting) Telegram channel.
diff --git a/src/documentation/system_administrators/system_administrators.md b/src/documentation/system_administrators/system_administrators.md
@@ -89,4 +89,6 @@ For complementary information on ThreeFold grid and its cloud component, refer t
   - [Ecommerce](./advanced/ecommerce/ecommerce.md)
     - [WooCommerce](./advanced/ecommerce/woocommerce.md)
     - [nopCommerce](./advanced/ecommerce/nopcommerce.md)
-  - [Node Status Bot](./advanced/node_status_bot.md)
+  - [Hummingbot](./advanced/hummingbot.md)
+  - [HTTPS with Caddy](./advanced/https_caddy.md)
+  - [Node Status Bot](./advanced/node_status_bot.md)
diff --git a/src/documentation/tfconnect/tfconnect_authenticator.md b/src/documentation/tfconnect/tfconnect_authenticator.md
@@ -28,7 +28,7 @@ To connect with the authenticator:
 
 - Take note of the icon shown on your screen
 
-![](./img/tfconnect_authenticator_3.png>)
+![](./img/tfconnect_authenticator_3.png)
 
 - On your phone, open TFConnect and enter your password