veken.io

Home

Switching to Caddy

When I started using the vps which hosts this blog and other services I chose nginx as the webserver combined with certbot for the free SSL certificates. After some initial confusion about where to put the configuration files (I went with `/etc/nginx/conf.d/, still don’t know if that was correct), it worked well. The sites were up. The trouble began when I tried to add subdomains that acted as reverse proxies for other services like firefly-iii , FoundryVTT , and grafana .

From what I have been able find out, nginx forwarded the requests for the well-known acme challenges to the proxied services. Which didn’t have the required response because that was in the root of the nginx configuration. At some point I got it to work but I don’t remember how.

When I wanted to add another service, syncthing , I didn’t want to retrace my steps. I had heard about Caddy before and its automatic ssl. After setting up syncthing I decided to replace nginx with Caddy to get the https working.

Replacing nginx with Caddy was easy to do, which was not surprising. I used nginx to serve static files and reverse proxy. I didn’t do any advanced configuration that Caddy ha dot support.

The configuration in the form of a Caddyfile were a joy to work with. I could replace all my nginx configuration with a version that takes three or four lines. Below is an example of the nginx configuration that I used and the Caddyfile that replaced it(minus compression now that I look at it).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

# Nginx config file
server {
	server_name	veken.io www.veken.io;
	root		/var/www/veken.io/public;
	index		index.html

	gzip		on;
	gzip_comp_level 3;
	gzip_types	text/plain text/css;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/issanholovibrant.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/issanholovibrant.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = www.veken.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = veken.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen		80 default_server;
	listen		[::]:80 default_server;
	server_name	veken.io www.veken.io;
    return 404; # managed by Certbot
}

1
2
3
4
5

# Caddyfile
veken.io {
	root * /var/www/veken.io/public/
	file_server
}