bendo01 · December 6, 2024 10:54 · Apr 20, 2017 · Apr 20, 2017 · Feb 7, 2017 · Oct 23, 2016
diff --git a/command.txt b/command.txt
@@ -7,4 +7,5 @@
 #https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
 https://briansnelson.com/How_to_install_gifsicle_for_CentOS
 https://briansnelson.com/How_to_install_jpegoptim_for_CentOS
-http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
+http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
+https://blog.harrier.us/running-caddy-as-a-reverse-proxy-on-centos-7/
diff --git a/Caddyfile b/Caddyfile
@@ -1,3 +1,4 @@
+#cd /etc/caddy/Caddyfile
 example.com {
     root /usr/share/nginx/html
     gzip

diff --git a/caddy.service b/caddy.service
@@ -1,3 +1,4 @@
+#sudo nano /etc/systemd/system/caddy.service
 [Unit]
 Description=Caddy HTTP/2 web server
 Documentation=https://caddyserver.com/docs

diff --git a/command.txt b/command.txt
@@ -4,4 +4,7 @@
 #http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
 #http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
 #https://binaryfigments.com/news/limit-requests-on-caddy-with-fail2ban/
-#https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
+#https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
+https://briansnelson.com/How_to_install_gifsicle_for_CentOS
+https://briansnelson.com/How_to_install_jpegoptim_for_CentOS
+http://linuxcommando.blogspot.co.id/2014/09/how-to-optimize-png-images.html
diff --git a/command.txt b/command.txt
@@ -2,4 +2,6 @@
 #download caddy web server and put file on /usr/local/bin
 #create caddy config file aka Caddyfile on /etc/caddy
 #http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
-#http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
+#http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
+#https://binaryfigments.com/news/limit-requests-on-caddy-with-fail2ban/
+#https://lecturesnippets.com/lesson/protecting-centos-7-minimal-with-fail2ban/
diff --git a/command.txt b/command.txt
@@ -1,5 +1,5 @@
 #login as root
 #download caddy web server and put file on /usr/local/bin
-#create caddy config file aka Caddyfile on /etc/
+#create caddy config file aka Caddyfile on /etc/caddy
 #http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
 #http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
diff --git a/command.txt b/command.txt
@@ -1,16 +1,5 @@
 #login as root
 #download caddy web server and put file on /usr/local/bin
-#create caddy config file aka Caddyfile on /etc/caddy
-#create non login user
-sudo adduser caddy -s /sbin/nologin
-#create dir /var/log/caddy
-mkdir /var/log/caddy
-#create file caddy.servce on /etc/systemd/system
-
-#resource
-https://scottlinux.com/2014/12/08/how-to-create-a-systemd-service-in-linux-centos-7/
-https://github.com/mholt/caddy/issues/1104
-https://novelist.xyz/tech/caddy-webserver/
-
-#To allow non-root user to bind to port 80 and 443, run the following command in your terminal
-sudo setcap cap_net_bind_service=+ep /path-to/caddy
+#create caddy config file aka Caddyfile on /etc/
+#http://vicendominguez.blogspot.co.id/2015/02/supervisord-in-centos-7-systemd-version.html
+#http://stackoverflow.com/questions/31157928/supervisord-on-linux-centos-7-only-works-when-run-with-root
diff --git a/command.txt b/command.txt
@@ -9,4 +9,8 @@ mkdir /var/log/caddy
 
 #resource
 https://scottlinux.com/2014/12/08/how-to-create-a-systemd-service-in-linux-centos-7/
-https://github.com/mholt/caddy/issues/1104
+https://github.com/mholt/caddy/issues/1104
+https://novelist.xyz/tech/caddy-webserver/
+
+#To allow non-root user to bind to port 80 and 443, run the following command in your terminal
+sudo setcap cap_net_bind_service=+ep /path-to/caddy
diff --git a/Caddyfile b/Caddyfile
@@ -2,6 +2,14 @@ example.com {
     root /usr/share/nginx/html
     gzip
     log /var/log/caddy/access.log
-    fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
+    #fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
     #fastcgi / fastcgi / 127.0.0.1:9000 php # Fast CGI php interpreter
+    #using with laravel
+    fastcgi / unix:/var/run/php-fpm/php-fpm.sock php {
+        index index.php
+    }
+
+    rewrite {
+        to {path} {path}/ /index.php?{query}
+    }
 }
diff --git a/Caddyfile b/Caddyfile
@@ -0,0 +1,7 @@
+example.com {
+    root /usr/share/nginx/html
+    gzip
+    log /var/log/caddy/access.log
+    fastcgi / unix:/var/run/php-fpm/php-fpm.sock php # Fast CGI php interpreter
+    #fastcgi / fastcgi / 127.0.0.1:9000 php # Fast CGI php interpreter
+}
diff --git a/caddy.service b/caddy.service
@@ -0,0 +1,50 @@
+[Unit]
+Description=Caddy HTTP/2 web server
+Documentation=https://caddyserver.com/docs
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+Restart=on-failure
+
+; User and group the process will run as.
+User=root
+Group=root
+
+; Letsencrypt-issued certificates will be written to this directory.
+;Environment=HOME=/etc/ssl/caddy
+
+; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
+ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
+ExecReload=/bin/kill -USR1 $MAINPID
+
+; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
+LimitNOFILE=1048576
+; Unmodified caddy is not expected to use more than that.
+LimitNPROC=64
+
+; Use private /tmp and /var/tmp, which are discarded after caddy stops.
+PrivateTmp=true
+; Use a minimal /dev
+;PrivateDevices=true
+; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
+;ProtectHome=true
+; Make /usr, /boot, /etc and possibly some more folders read-only.
+;ProtectSystem=full
+; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
+;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
+;ReadWriteDirectories=/etc/ssl/caddy
+
+; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
+;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+; … but permit caddy to open ports reserved for system services.
+;   This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
+;AmbientCapabilities=CAP_NET_BIND_SERVICE
+; … and prevent gaining any new privileges.
+;NoNewPrivileges=true
+
+; Caveat: Some plugins need additional capabilities. Add them to both above lines.
+; - plugin "upload" needs: CAP_LEASE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/command.txt b/command.txt
@@ -0,0 +1,12 @@
+#login as root
+#download caddy web server and put file on /usr/local/bin
+#create caddy config file aka Caddyfile on /etc/caddy
+#create non login user
+sudo adduser caddy -s /sbin/nologin
+#create dir /var/log/caddy
+mkdir /var/log/caddy
+#create file caddy.servce on /etc/systemd/system
+
+#resource
+https://scottlinux.com/2014/12/08/how-to-create-a-systemd-service-in-linux-centos-7/
+https://github.com/mholt/caddy/issues/1104