dc59293c5e
Caddy's built-in ACME support handles TLS automatically — no CF_API_TOKEN, no Cloudflare account, no DNS plugin needed. Requires ports 80+443 forwarded to the Pi and ACME_EMAIL set in infra/.env.
32 lines
999 B
Caddyfile
32 lines
999 B
Caddyfile
# HIY — Caddyfile
|
|
#
|
|
# Caddy automatically obtains a Let's Encrypt certificate for every domain it
|
|
# serves (HTTP-01 challenge). No Cloudflare or DNS API token required.
|
|
#
|
|
# Requirements:
|
|
# - Ports 80 and 443 must be publicly reachable (router port-forward to Pi)
|
|
# - DNS A record for {$DOMAIN_SUFFIX} must point to your public IP
|
|
# - Set ACME_EMAIL in infra/.env (Let's Encrypt needs a contact address)
|
|
#
|
|
# Local dev: set DOMAIN_SUFFIX=localhost in infra/.env — Caddy will use a
|
|
# self-signed cert automatically for localhost.
|
|
{
|
|
# Admin API — used by hiy-server to add/remove app routes dynamically.
|
|
admin 0.0.0.0:2019
|
|
|
|
# Contact email for Let's Encrypt expiry notices.
|
|
email {$ACME_EMAIL}
|
|
}
|
|
|
|
# HIY dashboard — served at your root domain.
|
|
{$DOMAIN_SUFFIX} {
|
|
reverse_proxy server:3000
|
|
}
|
|
|
|
# Deployed apps are added here dynamically by hiy-server via the Caddy API.
|
|
# Each entry looks like:
|
|
#
|
|
# myapp.{$DOMAIN_SUFFIX} {
|
|
# reverse_proxy <container-ip>:<port>
|
|
# }
|