52 lines
1.8 KiB
Caddyfile
52 lines
1.8 KiB
Caddyfile
# HIY — Caddyfile
|
|
#
|
|
# Caddy automatically obtains a Let's Encrypt certificate for every domain it
|
|
# serves (HTTP-01 challenge). No Cloudflare or DNS API token required.
|
|
#
|
|
# Requirements:
|
|
# - Ports 80 and 443 must be publicly reachable (router port-forward to Pi)
|
|
# - DNS A record for {$DOMAIN_SUFFIX} must point to your public IP
|
|
# - Set ACME_EMAIL in infra/.env (Let's Encrypt needs a contact address)
|
|
#
|
|
# Local dev: set DOMAIN_SUFFIX=localhost in infra/.env — Caddy will use a
|
|
# self-signed cert automatically for localhost.
|
|
{
|
|
# Admin API — used by hiy-server to add/remove app routes dynamically.
|
|
# Listens on all interfaces so the server container can reach it via Docker
|
|
# networking (http://caddy:2019). Port 2019 must NOT be port-forwarded on
|
|
# the host or router — see docker-compose.yml.
|
|
admin 0.0.0.0:2019
|
|
|
|
# Email for Let's Encrypt expiry notices (set ACME_EMAIL in .env).
|
|
email {$ACME_EMAIL:}
|
|
}
|
|
|
|
# Portfolio — root domain placeholder until portfolio site is built.
|
|
{$DOMAIN_SUFFIX:localhost} {
|
|
tls {$ACME_EMAIL:internal}
|
|
root * /srv/www
|
|
file_server
|
|
}
|
|
|
|
# HIY control plane — moved from root domain to console subdomain.
|
|
console.{$DOMAIN_SUFFIX:localhost} {
|
|
tls {$ACME_EMAIL:internal}
|
|
reverse_proxy server:3000
|
|
}
|
|
|
|
# ── Static services (not managed by HIY) ──────────────────────────────────────
|
|
|
|
# Set FORGEJO_DOMAIN in .env (e.g. git.yourdomain.com). Falls back to a
|
|
# non-routable placeholder so Caddy starts cleanly even if Forgejo isn't used.
|
|
{$FORGEJO_DOMAIN:forgejo.localhost} {
|
|
tls {$ACME_EMAIL:internal}
|
|
reverse_proxy forgejo:3000
|
|
}
|
|
|
|
# Deployed apps are added here dynamically by hiy-server via the Caddy API.
|
|
# Each entry looks like:
|
|
#
|
|
# myapp.{$DOMAIN_SUFFIX} {
|
|
# reverse_proxy <container-ip>:<port>
|
|
# }
|