veken.io

Home

Switching to Caddy

When I started using the vps which hosts this blog and other services I chose nginx as the webserver combined with certbot for the free SSL certificates. After some initial confusion about where to put the configuration files (I went with `/etc/nginx/conf.d/, still don't know if that was correct), it worked well. The sites were up. The trouble began when I tried to add subdomains that acted as reverse proxies for other services like firefly-iii, FoundryVTT, and grafana.

From what I have been able find out, nginx forwarded the requests for the well-known acme challenges to the proxied services. Which didn't have the required response because that was in the root of the nginx configuration. At some point I got it to work but I don't remember how.

When I wanted to add another service, syncthing, I didn't want to retrace my steps. I had heard about Caddy before and its automatic ssl. After setting up syncthing I decided to replace nginx with Caddy to get the https working.

Replacing nginx with Caddy was easy to do, which was not surprising. I used nginx to serve static files and reverse proxy. I didn't do any advanced configuration that Caddy ha dot support.

The configuration in the form of a Caddyfile were a joy to work with. I could replace all my nginx configuration with a version that takes three or four lines. Below is an example of the nginx configuration that I used and the Caddyfile that replaced it(minus compression now that I look at it).

# Nginx config file
server {
    server_name veken.io www.veken.io;
    root        /var/www/veken.io/public;
    index       index.html

    gzip        on;
    gzip_comp_level 3;
    gzip_types  text/plain text/css;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/issanholovibrant.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/issanholovibrant.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = www.veken.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = veken.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen      80 default_server;
    listen      [::]:80 default_server;
    server_name veken.io www.veken.io;
    return 404; # managed by Certbot
}
# Caddyfile
veken.io {
    root * /var/www/veken.io/public/
    file_server
}