Created
December 4, 2024 23:16
-
-
Save jamesrr39/6bbbcc4139772d4f1caf9fdea401ff2f to your computer and use it in GitHub Desktop.
Revisions
-
jamesrr39 created this gist
Dec 4, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,28 @@ { # https://caddyserver.com/docs/caddyfile/options#email email [email protected] } (tls_config) { tls { dns digitalocean {env.DIGITAL_OCEAN_DNS_API_TOKEN} # If you are running a DNS server on your network, controlling this domain, Caddy will resolve your DNS server to that internal server, and place the TXT entry there. # Let's Encrypt will not be able to find the internal server, so will not issue a certificate. # So instead, specify the public Digital Ocean servers. resolvers ns3.digitalocean.com ns2.digitalocean.com ns1.digitalocean.com } } https://home-assistant.mydomain.com:443 { import tls_config reverse_proxy http://homeassistant:8123 } mydomain.com:443, *.mydomain.com:443 { import tls_config respond "{time.now}:{system.os}:{system.arch}" } This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,12 @@ FROM caddy:2.8.4-builder AS builder RUN xcaddy build \ --with github.com/caddy-dns/digitalocean FROM caddy:2.8.4 COPY --from=builder /usr/bin/caddy /usr/bin/caddy ADD start.sh /opt/start.sh CMD [ "/opt/start.sh" ] This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,12 @@ # How to set up TLS (the green padlock!) with Caddy 1. Buy a domain from a domain registrar. 2. In domain registrar settings, change the nameserver to the following entries: `ns3.digitalocean.com`, `ns2.digitalocean.com`, `ns1.digitalocean.com` 3. Wait for this change to propogate. You can search "DNS propogation tool", and then test your domain name there. You should check the `NS` (Name Server) record. 4. In the Digital Ocean console, create a personal access token with "Read" and "Write" permissions for Domains. (You will need "Write" as we will use it to create a TXT entry). 5. Build the container image: `docker build -t localhost/caddy . 6. Consider editing the Caddyfile - remove the `reverse_proxy` example if you do not have something to proxy to. 7. Create a "caddy_data" folder: `mkdir caddy_data`. This means we can persist the certificates between container removals and creations. 8. Run the image: `docker run -e DIGITAL_OCEAN_DNS_API_TOKEN=${ADD_TOKEN_HERE} -p 80:80 -p 443:433 -v "./Caddyfile:/etc/caddy/Caddyfile:ro" -v "./caddy_data:/data/caddy:rw" localhost/caddy` 9. If you do not already for DNS server set up, add a hosts in /etc/hosts: `127.0.0.1 mydomain.com` 10. Now visit `mydomain.com` and see the green padlock on the URL bar! This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,5 @@ #!/bin/sh set -e caddy run --config /etc/caddy/Caddyfile --adapter caddyfile