From d6abe105b3aeb0dd35442f913df5082db9983aae Mon Sep 17 00:00:00 2001 From: Martijn de Boer Date: Mon, 23 May 2022 11:45:55 +0200 Subject: [PATCH] [docs] Add Caddy instructions to the documentation (#594) * Add instructions for working with Caddy 2 Add instructions for working with Caddy 2. Some texts are duplicated from the NGINX part (mainly the configuration part, about systemctl). * Add new Caddy docs to mkdocs.yml Adds the new Caddy document to the document tree * Remove up and downstream headers from configuration Removed the header statements for the proxy, as proxying those are transparant. Kept the flush_interval directive, disabling the response buffer completely so we can write without delays. * Update caddy.md Corrects the opening link * Apply comments mentioned in PR @igalic mentioned a few comments to improve these docs. I've processed those in this PR. --- docs/installation_guide/caddy.md | 110 +++++++++++++++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 111 insertions(+) create mode 100644 docs/installation_guide/caddy.md diff --git a/docs/installation_guide/caddy.md b/docs/installation_guide/caddy.md new file mode 100644 index 000000000..c1dd13977 --- /dev/null +++ b/docs/installation_guide/caddy.md @@ -0,0 +1,110 @@ +# Reverse proxy with Caddy 2 + +## Requirements + +For this guide you will need [Caddy 2](https://caddyserver.com/), there are no other dependencies. Caddy manages Lets Encrypt certificates and renewal for them. + +Caddy is in the most popular package managers, or you can get a static binary. For all latest installation guides, refer to [their manual](https://caddyserver.com/docs/install). + +### Debian, Ubuntu, Raspbian + +```bash +# Add the keyring for their custom repository. +sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https +curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg +curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list + +# Update packages and install it +sudo apt update +sudo apt install caddy +``` + +### Fedora, Redhat, Centos + +```bash +dnf install 'dnf-command(copr)' +dnf copr enable @caddy/caddy +dnf install caddy +``` + +### Arch + +```bash +pacman -Syu caddy +``` + +### FreeBSD +```bash +sudo pkg install caddy +``` + +## Configure GoToSocial + +If GoToSocial is already running, stop it. + +```bash +sudo systemctl stop gotosocial +``` +In your GoToSocial config turn off Lets Encrypt by setting `letsencrypt-enabled` to `false`. + +If you we running GoToSocial on port 443, change the `port` value back to the default `8080`. + +## Set up Caddy + +We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once. + +In most simple use cases Caddy defaults to a file called Caddyfile. It can reload on changes, or can be configured through an HTTP API for zero downtime, but this is out of our current scope. + +```bash +sudo mkdir -p /etc/caddy +sudo vim /etc/caddy/Caddyfile +``` + +While editing the file above, you should replace 'example.org' with your domain. Your domain should occur twice in the current configuration. If you have chosen another port number for GoToSocial other than port 8080, change the port number on the reverse proxy line to match that. + +The file you're about to create should look like this: + +```Caddyfile +# Because we use a reverse proxy, Caddy won't redirect port 80 to 443 by default unless we tell it to. +example.org:80 { + redir https://example.org/{uri} +} + +# The actual host configuration +example.org:443 { + # Optional, but recommended, compress the traffic using proper protocols + encode zstd gzip + + # The actual proxy configuration to port 8080 (unless you've chosen another port number) + reverse_proxy * http://127.0.0.1:8080 { + # Flush immediatly, to prevent buffered response to the client + flush_interval -1 + } +} +``` + +For advanced configuration check the [reverse_proxy directive](https://caddyserver.com/docs/caddyfile/directives/reverse_proxy) at the Caddy documentation. + +Now check for configuration errors. + +```bash +sudo caddy validate +``` + +If everything is fine, you should get some info lines as output. Unless there are lines marked with *[err]* in front of them, you are all set. + +Everything working? Great! Then restart caddy to load your new config file. + +```bash +sudo systemctl restart caddy +``` + +If everything went right, you're now all set to enjoy your GoToSocial instance, so we are going to start it again. + +```bash +sudo systemctl start gotosocial +``` + +## Results + +You should now be able to open the splash page for your instance in your web browser, and will see that it runs under HTTPS! diff --git a/mkdocs.yml b/mkdocs.yml index c721cd1f3..2f5243333 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -19,6 +19,7 @@ nav: - "installation_guide/docker.md" - "installation_guide/nginx.md" - "installation_guide/apache-httpd.md" + - "installation_guide/caddy.md" - "installation_guide/third_party.md" - "installation_guide/websocket.md" - "Configuration":