Skip to content

Instantly share code, notes, and snippets.

@samermassoud

samermassoud/Caddyfile

Last active November 15, 2022 07:23
Show Gist options
  • Save samermassoud/133e818b8014ad5c64d8e69a28628f72 to your computer and use it in GitHub Desktop.
Save samermassoud/133e818b8014ad5c64d8e69a28628f72 to your computer and use it in GitHub Desktop.
Download ZIP
wordpress deployment (using docker compose)
Raw
Caddyfile
#--------------------------------------------------------------
# snippet - logging
#--------------------------------------------------------------
#define logging
(logging) {
log {
level debug
output file /var/log/caddy/{args.0}.log {
roll_size 20mb
roll_keep 30
}
}
}
#-----------------------------------------------------------------
# snippet - headers up
#----------------------------------------------------------------
# Add forward headers to requests
(reqheaders) {
header_up X-Forwarded-Ssl on
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-For {header.X-Forwarded-For}
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme} # included by default in Caddy 2
header_up X-Url-Scheme {http.request.scheme}
header_up X-Forwarded-Host {http.request.host}
}
#-----------------------------------------------------------------
# snippet - headers down
#----------------------------------------------------------------
# add-modify response headers going to client
(responseheader) {
header {
-x-content-encoded-by
# Cache Control
#-Cache-Control
-Pragma
Cache-Control public, max-age=31536000
#defer
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
#-X-Freme-Options
#X-Frame-Options DENY
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
-Server
Server "frontliner 1"
-x-powered-by
}
}
#-----------------------------------------------------------------
# snippet - tls config
#----------------------------------------------------------------
(tlsconfig) {
tls admin@<example.com> {
key_type p384
curves secp384r1
protocols tls1.2 tls1.3
ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
ca https://acme-v02.api.letsencrypt.org/directory
#ca https://acme-staging-v02.api.letsencrypt.org/directory
}
}
#-----------------------------------------------------------------
# www.<example.com>
#----------------------------------------------------------------
www.<example.com> {
import tlsconfig
redir https://<example.com>
}
#-----------------------------------------------------------------
# <example.com>
#----------------------------------------------------------------
<example.com> {
import tlsconfig
import logging <example.com>
import responseheader
# www server
#reverse_proxy wordpress:8443
reverse_proxy {
to https://wordpress:8443
# to http://wordpress:8080
import reqheaders
transport http {
tls_insecure_skip_verify
}
}
}
Raw
docker-compose.yml
version: '3.8'
services:
mariadb:
image: docker.io/bitnami/mariadb:10.8-debian-11
restart: unless-stopped
ports:
- 3306:3306
volumes:
- /mnt/wordpress/mariadb:/bitnami/mariadb
- /mnt/wordpress/mariadb/my_custom.cnf:/opt/bitnami/mariadb/conf/my_custom.cnf:ro
environment:
- MARIADB_SKIP_TEST_DB=yes
- MARIADB_ROOT_USER=root
- MARIADB_ROOT_PASSWORD=<root password>
- MARIADB_DATABASE=<database name>
- MARIADB_USER=<user>
- MARIADB_PASSWORD=<password>
healthcheck:
test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh']
interval: 15s
timeout: 5s
retries: 6
wordpress:
image: docker.io/bitnami/wordpress:latest
restart: unless-stopped
ports:
- 8080:8080
- 8443:8443
volumes:
- /mnt/wordpress/wordpress:/bitnami/wordpress
depends_on:
mariadb:
condition: service_healthy
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- APACHE_HTTP_PORT_NUMBER=8080
- APACHE_HTTPS_PORT_NUMBER=8443
- PHP_UPLOAD_MAX_FILESIZE=512M
- PHP_POST_MAX_SIZE=512M
- WORDPRESS_SCHEME=https
- WORDPRESS_ENABLE_HTTPS=yes
- HTTP_HOST=<example.com>
- WORDPRESS_SKIP_BOOTSTRAP=no
- WORDPRESS_AUTO_UPDATE_LEVEL=minor
- WORDPRESS_PLUGINS=none
- WORDPRESS_TABLE_PREFIX=wp_
- WORDPRESS_DATABASE_HOST=mariadb
- WORDPRESS_DATABASE_PORT_NUMBER=3306
- WORDPRESS_DATABASE_USER=<user>
- WORDPRESS_DATABASE_NAME=<database>
- WORDPRESS_DATABASE_PASSWORD=<password>
- WORDPRESS_ENABLE_REVERSE_PROXY=yes
caddy:
image: caddy:alpine
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- /mnt/wordpress/caddy/Caddyfile:/etc/caddy/Caddyfile
- /mnt/wordpress/caddy/site:/srv
- /mnt/wordpress/caddy/data:/data
- /mnt/wordpress/caddy/config:/config
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment