Created Caddy 2.x with Cloudflare DNS (markdown)

mhupfauer 2021-02-10 02:48:26 +01:00
parent 2496b127d1
commit 1a5ac87049

@ -0,0 +1,99 @@
Dockerfile (Caddy Builder)
```nginx
FROM caddy:builder AS builder
RUN xcaddy build --with github.com/caddy-dns/cloudflare
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
```
build command
```bash
docker build -t [YOUR-NAME]/caddycfdns .
```
Caddyfile (as reverse proxy)
```nginx
https://[YOUR-DOMAIN]:443 {
tls {
dns cloudflare [API-KEY]
}
encode gzip
header / {
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# Prevent search engines from indexing (optional)
X-Robots-Tag "none"
# Server name removing
-Server
}
# The negotiation endpoint is also proxied to Rocket
reverse_proxy /notifications/hub/negotiate bitwarden:80
# Notifications redirected to the websockets server
reverse_proxy /notifications/hub bitwarden:3012
# Proxy the Root directory to Rocket
reverse_proxy bitwarden:80 {
# Send the true remote IP to Rocket, so that bitwarden_rs can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}
```
docker-compose.yml
```nginx
version: '3'
services:
bitwarden:
image: bitwardenrs/server
restart: always
volumes:
- $PWD/bw-data:/data
environment:
WEBSOCKET_ENABLED: 'true' # Required to use websockets
SIGNUPS_ALLOWED: 'false' # set to false to disable signups
DOMAIN: 'https://[DOMAIN]'
SMTP_HOST: '[MAIL-SERVER]'
SMTP_FROM: '[E-MAIL]'
SMTP_PORT: '587'
SMTP_SSL: 'true'
SMTP_USERNAME: '[E-MAIL]'
SMTP_PASSWORD: '[SMTP-PASS]'
# ADMIN_TOKEN: '[RAND. GENERATE]'
# YUBICO_CLIENT_ID: '[OPTIONAL]'
# YUBICO_SECRET_KEY: '[OPTIONAL]'
caddy:
image: [YOUR-NAME]/caddycfdns
restart: always
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
- caddy_log:/logs
ports:
- [PRIVATE-IP]:443:443
environment:
ACME_AGREE: 'true'
CLOUDFLARE_EMAIL: '[YOUR-EMAIL]'
CLOUDFLARE_API_TOKEN: '[YOUR-TOKEN]'
DOMAIN: '[DOMAIN]'
volumes:
caddy_data:
caddy_config:
caddy_log:
```