Mencoba Caddy Server

Halo, kalau kamu merasa tulisan saya ngebantu kamu, kamu bisa ucapkan terima kasih lewat saweria .

Hello, if you find this article helpful, you can express your gratitude through saweria .

Memulai Caddy Web Server

Install Caddy

Saya bakal coba native (non docker) installation biar lebih mudah dimengerti

Install caddy

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

Buka di browser, ketik IP public

Sampai sini, instalasi Caddy sudah berhasil

Reverse Proxy

Agar lebih mudah, silahkan pull dulu image trafex/php-nginx docker pull trafex/php-nginx
trafex/php-nginx defaultnya jalan di port :8080, jalankan image ini dengan

docker run -p 8080:8080 trafex/php-nginx

Ubah file /etc/caddy/Caddyfile

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

:80 {
        # Set this path to your site's directory.
        #root * /usr/share/caddy

        # Enable the static file server.
        #file_server

        # Another common task is to set up a reverse proxy:
        # enable this
        # trafex/php run at port :8080 
        reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

Multiple Caddyfile (Nginx Style)

Buat direktori baru, sudo mkdir -p /etc/caddy/{sites-available,sites-enabled}
Ubah file /etc/caddy/Caddyfile

import sites-enabled/*

Buat file baru di /etc/caddy/sites-available/Caddyfile


:80 {
        # trafex/php run at port :8080 
        reverse_proxy localhost:8080
}

Buat symlink

sudo ln -s /etc/caddy/sites-available/Caddyfile /etc/caddy/sites-enabled/

Reload service Caddy sudo systemctl reload caddy.service

Menambahkan Domain

Ubah file /etc/caddy/sites-available/Caddyfile

#just add this 
caddy.mydomain.com {
        reverse_proxy localhost:8080
}

Reload service Caddy sudo systemctl reload caddy.service
Setup di atas akan

a. Redirect dari http ke https

b. Membuat https certificate menggunakan Let’s Encrypt (ga perlu Certbot)

Manipulasi Header

Caddy & Trafex Default Header (Redundant Server: Header)

Ubah file /etc/caddy/sites-available/Caddyfile

#just add this 
caddy.mydomain.com {
        reverse_proxy localhost:8080
        header {
                Strict-Transport-Security max-age=31536000
                Permissions-Policy interest-cohort=()
                X-Content-Type-Options nosniff
                X-Frame-Options SAMEORIGIN
                Referrer-Policy no-referrer
                X-XSS-Protection "1; mode=block"
                X-Permitted-Cross-Domain-Policies none
                #instruct search engine to to index this site
                X-Robots-Tag "noindex, nofollow"
                #remove powered by
                -X-Powered-By
                #remove server info
                -Server
        }

}

Test menggunakan curl -I https://caddy.mydomain.com

Menambahkan Log

Ubah file /etc/caddy/sites-available/Caddyfile

caddy.mydomain.com {
        log {
                output file /var/log/caddy/caddy.mydomain.com.log
                format console
        }
        reverse_proxy localhost:8080
        header {
                Strict-Transport-Security max-age=31536000
                Permissions-Policy interest-cohort=()
                X-Content-Type-Options nosniff
                X-Frame-Options SAMEORIGIN
                Referrer-Policy no-referrer
                X-XSS-Protection "1; mode=block"
                X-Permitted-Cross-Domain-Policies none
                #instruct search engine to to index this site
                X-Robots-Tag "noindex, nofollow"
                #remove powered by
                -X-Powered-By
                #remove server info
                -Server
        }

}

Block Access Hidden Files

Ubah file /etc/caddy/sites-available/Caddyfile

caddy.mydomain.com {
        log {
                output file /var/log/caddy/caddy.mydomain.com.log
                format console
        }
        reverse_proxy localhost:8080
        header {
                Strict-Transport-Security max-age=31536000
                Permissions-Policy interest-cohort=()
                X-Content-Type-Options nosniff
                X-Frame-Options SAMEORIGIN
                Referrer-Policy no-referrer
                X-XSS-Protection "1; mode=block"
                X-Permitted-Cross-Domain-Policies none
                #instruct search engine to to index this site
                X-Robots-Tag "noindex, nofollow"
                #remove powered by
                -X-Powered-By
                #remove server info
                -Server
        }
        @forbidden {
                not path /.well-known/*
                path /.*
                #it will return 403/forbidden
        }
        # to rediredt forbidden path to root
        # use this
        #redir @forbidden /


}

Test Caddyfile

Untuk menge-test caddyfile gunakan sudo caddy validate --config /etc/caddy/sites-available/Caddyfile
Untuk memperbaiki format (indentation) caddyfile, gunakan sudo caddy fmt --overwrite /etc/caddy/sites-available/Caddyfile

Caddy dengan Docker

Pastikan Caddy “native” tidak terinstall sudo apt remove caddy
Buat satu direktori baru mkdir ~/caddy & file config Caddyfile touch ~/caddy/Caddyfile
Buat network bridge baru dengan docker network create -d bridge caddy_net
Masuk ke direktori caddy cd ~/caddy, buat docker-compose.yml untuk Caddy

name: caddy

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - caddy_net

volumes:
  caddy_data:
  caddy_config:

networks:
  caddy_net:
    external: true

Buat file baru whoami.yml

name: whoami 

services:
  whoami:
    image: traefik/whoami
    command: 
      - --port=2001

    restart: unless-stopped
  
    networks:
      - caddy_net

networks:
  caddy_net:
    external: true

Jalankan docker compose up -d untuk running Caddy & docker compose -f whoami.yml untuk running whoami container
Buka file Caddyfile, isi dengan

:80 {
        reverse_proxy whoami:2001
}

Untuk reload Caddyfile gunakan docker compose exec -w /etc/caddy caddy caddy reload

References: