Created Caddy 2.x with Cloudflare DNS (markdown)

2024-11-22 09:55:57 +01:00 · 2021-02-10 02:48:26 +01:00 · 2021-02-10 02:48:26 +01:00 · 1a5ac87049
commit 1a5ac87049
parent 2496b127d1
1 changed files with 99 additions and 0 deletions
--- a/Caddy-2.x-with-Cloudflare-DNS.md
+++ b/Caddy-2.x-with-Cloudflare-DNS.md
@ -0,0 +1,99 @@
 Dockerfile (Caddy Builder)
 ```nginx
 FROM caddy:builder AS builder
 RUN xcaddy build --with github.com/caddy-dns/cloudflare
 FROM caddy:latest
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 ```
 build command
 ```bash
 docker build -t [YOUR-NAME]/caddycfdns .
 ```
 Caddyfile (as reverse proxy)
 ```nginx
 https://[YOUR-DOMAIN]:443 {
  tls {
        dns cloudflare [API-KEY]
  }
  encode gzip
  header / {
       # Enable HTTP Strict Transport Security (HSTS)
       Strict-Transport-Security "max-age=31536000;"
       # Enable cross-site filter (XSS) and tell browser to block detected attacks
       X-XSS-Protection "1; mode=block"
       # Disallow the site to be rendered within a frame (clickjacking protection)
       X-Frame-Options "DENY"
       # Prevent search engines from indexing (optional)
       X-Robots-Tag "none"
       # Server name removing
       -Server
   }
  # The negotiation endpoint is also proxied to Rocket
  reverse_proxy /notifications/hub/negotiate bitwarden:80
  # Notifications redirected to the websockets server
  reverse_proxy /notifications/hub bitwarden:3012
  # Proxy the Root directory to Rocket
  reverse_proxy bitwarden:80 {
       # Send the true remote IP to Rocket, so that bitwarden_rs can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
  }
 }
 ```
 docker-compose.yml
 ```nginx
 version: '3'
 services:
  bitwarden:
    image: bitwardenrs/server
    restart: always
    volumes:
      - $PWD/bw-data:/data
    environment:
      WEBSOCKET_ENABLED: 'true' # Required to use websockets
      SIGNUPS_ALLOWED: 'false'   # set to false to disable signups
      DOMAIN: 'https://[DOMAIN]'
      SMTP_HOST: '[MAIL-SERVER]'
      SMTP_FROM: '[E-MAIL]'
      SMTP_PORT: '587'
      SMTP_SSL: 'true'
      SMTP_USERNAME: '[E-MAIL]'
      SMTP_PASSWORD: '[SMTP-PASS]'
 #      ADMIN_TOKEN: '[RAND. GENERATE]'
 #      YUBICO_CLIENT_ID: '[OPTIONAL]'
 #      YUBICO_SECRET_KEY: '[OPTIONAL]'
  caddy:
    image: [YOUR-NAME]/caddycfdns
    restart: always
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
      - caddy_log:/logs
    ports:
      - [PRIVATE-IP]:443:443
    environment:
      ACME_AGREE: 'true'
      CLOUDFLARE_EMAIL: '[YOUR-EMAIL]'
      CLOUDFLARE_API_TOKEN: '[YOUR-TOKEN]'
      DOMAIN: '[DOMAIN]'
 volumes:
  caddy_data:
  caddy_config:
  caddy_log:
 ```