Without a fallback, an unset DOMAIN_SUFFIX expands to an empty string,
making Caddy parse the site block as a second global options block and
fail to start. Using {:localhost} defaults to localhost.
Caddy's email directive requires a non-empty argument. Since ACME_EMAIL
wasn't set, Caddy failed to parse the config. Email is optional for
Let's Encrypt — remove the directive entirely and document it as a
manual opt-in comment.
Caddy's built-in ACME support handles TLS automatically — no CF_API_TOKEN,
no Cloudflare account, no DNS plugin needed. Requires ports 80+443 forwarded
to the Pi and ACME_EMAIL set in infra/.env.
The Caddyfile created a server with an auto-generated name, not 'hiy',
so build.sh's PUT to /config/apps/http/servers/hiy/routes was creating
a parallel server that never received traffic.
- Replace Caddyfile with caddy.json that names the server 'hiy' with
the dashboard as a catch-all fallback route
- Insert app routes at index 0 so host-matched routes are evaluated
before the catch-all dashboard fallback
- Update docker-compose to mount caddy.json and pass --config flag
