Lanie Molinar Carmelo<p>Hi all. Hoping someone in the <a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> community can help. I'm trying to set up <a href="https://allovertheplace.ca/tags/Linkwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linkwarden</span></a> in <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Docker</span></a> behind <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Caddy</span></a>. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:</p><pre><code>register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113<br>register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <br><input data-testid="password-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc"><br>register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <br><input data-testid="password-confirm-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc"><br>Error<br>api/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()<br></code></pre><p><strong>compose file:</strong></p><pre><code>services:<br> postgres:<br> image: postgres:16-alpine<br> container_name: linkwarden_postgres<br> env_file: .env<br> restart: always<br> volumes:<br> - ./pgdata:/var/lib/postgresql/data<br> networks:<br> - linkwarden_net<br> linkwarden:<br> env_file: .env<br> environment:<br> - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres<br> restart: always<br> # build: . # uncomment this line to build from source<br> image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source<br> container_name: linkwarden<br> ports:<br> - 3009:3000<br> volumes:<br> - ./data:/data/data<br> networks:<br> - linkwarden_net<br> depends_on:<br> - postgres<br><br>networks:<br> linkwarden_net:<br> driver: bridge<br></code></pre><p><strong>Relevant part of .env file:</strong></p><pre><code>NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/auth<br>NEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf<br><br># Manual installation database settings<br># Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwarden<br>DATABASE_URL=<br><br># Docker installation database settings<br>POSTGRES_PASSWORD=redacted<br><br># Additional Optional Settings<br>PAGINATION_TAKE_COUNT=<br>STORAGE_FOLDER=<br>AUTOSCROLL_TIMEOUT=<br>NEXT_PUBLIC_DISABLE_REGISTRATION=false<br>NEXT_PUBLIC_CREDENTIALS_ENABLED=true<br></code></pre><p><strong>Caddyfile snippet</strong></p><pre><code>*.laniecarmelo.tech {<br> tls redacted {<br> dns cloudflare redacted<br> }<br><br> header {<br> Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; <br> img-src https: data:; <br> font-src 'self' https: data:; <br> frame-src 'self' https:; <br> object-src 'none'"<br> Referrer-Policy "strict-origin-when-cross-origin"<br> Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"<br> X-Content-Type-Options "nosniff"<br> X-Xss-Protection "1; mode=block"<br> }<br><br> encode br gzip<br><br> # Bookmarks<br> @bookmarks host bookmarks.laniecarmelo.tech<br> handle @bookmarks {<br> reverse_proxy 127.0.0.1:3009<br> }<br>}<br></code></pre><p>Can anyone help? I have no idea how to fix this.<br><a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosted</span></a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://allovertheplace.ca/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a> <a href="https://allovertheplace.ca/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <br><span class="h-card" translate="no"><a href="https://lemmy.ml/c/selfhost" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>selfhost</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.world/c/selfhosted" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>selfhosted</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/selfhosting" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>selfhosting</span></a></span></p>
Recent searches
No recent searches
Search options
Only available when logged in.
flipboard.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Welcome to Flipboard on Mastodon. A place for our community of curators and enthusiasts to inform and inspire each other.
If you'd like to join please request an invitation via the sign-up page.
Administered by:
Server stats:
1.2Kactive users
flipboard.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#caddyserver
0 posts · 0 participants · 0 posts today
LavX News<p>Fortifying Your Self-Hosted Services: Mitigating Man-in-the-Middle Attacks with CAA Records</p><p>As cyber threats evolve, understanding how to protect your self-hosted services becomes crucial. This article explores a recent Man-in-the-Middle attack on jabber.ru and demonstrates how to leverage C...</p><p><a href="https://news.lavx.hu/article/fortifying-your-self-hosted-services-mitigating-man-in-the-middle-attacks-with-caa-records" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/fortifyin</span><span class="invisible">g-your-self-hosted-services-mitigating-man-in-the-middle-attacks-with-caa-records</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> <a href="https://mastodon.cloud/tags/LetEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetEncrypt</span></a> <a href="https://mastodon.cloud/tags/CAARecords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CAARecords</span></a></p>
Lanie Molinar Carmelo<p>Hi everyone,<br><br>I'm encountering an issue with my self-hosted setup using <strong>Caddy 2.9.1</strong> and <strong>Authelia 4.38.19</strong>. All domains except <code>auth.laniecarmelo.tech</code> return a <strong>401 Unauthorized</strong> error. Journald logs suggest issues with insecure schemes (<code>''</code>) instead of <code>https</code> or <code>wss</code>.</p><p><strong>Details:</strong></p><ul><li><strong>Setup:</strong> Caddy as reverse proxy, Authelia for authentication</li><li><strong>Domains:</strong> AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer</li><li><strong>Logs:</strong><br>Authelia:<br><code>Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"</code>Caddy:<br><code>Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}</code></li></ul><p><strong>Configurations:</strong> </p><ul><li>Full Caddyfile and Authelia config: <a href="https://gist.github.com/Lanie-Carmelo/fce9a7d6c984fc816475afee430f54a8" rel="nofollow noopener noreferrer" target="_blank">GitHub Gist</a></li></ul><p><strong>Curl Output:</strong><br><br>HTTP Request:</p><pre><code>$ curl home.laniecarmelo.tech -v<br>< HTTP/1.1 308 Permanent Redirect<br>< Location: https://home.laniecarmelo.tech/<br></code></pre><p>HTTPS Request:</p><pre><code>$ curl https://home.laniecarmelo.tech -v<br>< HTTP/2 401 <br>< content-type: text/plain; charset=utf-8<br>< server: Caddy<br>401 Unauthorized<br></code></pre><p>Does anyone know what might be causing this? I suspect it could be related to <code>forward_auth</code> or trusted proxies.</p><p>Thanks in advance! 🙏 </p><p><a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> <a href="https://allovertheplace.ca/tags/Authelia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authelia</span></a> <a href="https://allovertheplace.ca/tags/ReverseProxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReverseProxy</span></a> <a href="https://allovertheplace.ca/tags/TechHelp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechHelp</span></a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://allovertheplace.ca/tags/HomeLab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HomeLab</span></a><br><span class="h-card" translate="no"><a href="https://lemmy.ml/c/selfhost" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>selfhost</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/selfhosting" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>selfhosting</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.world/c/selfhosted" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>selfhosted</span></a></span></p>
alciregi :fedora:<p>So, in the last times I started to self host various services on some <a href="https://social.linux.pizza/tags/Fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedora</span></a> low end Virtual Private Servers around the world. For personal use.<br>In the next days I will post a list of services I've deployed. <br>I used rootless <a href="https://social.linux.pizza/tags/podman" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>podman</span></a> containers. <a href="https://social.linux.pizza/tags/Podlet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Podlet</span></a> in order to use dockerfiles whenever possible, and to create <a href="https://social.linux.pizza/tags/systemd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>systemd</span></a> services. And <a href="https://social.linux.pizza/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> as frontend.</p>
Lanie Molinar Carmelo<p><strong>🚨 Help Needed: <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CORS</span></a> and <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> Access Issues with <a href="https://allovertheplace.ca/tags/Nextflux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nextflux</span></a> + <a href="https://allovertheplace.ca/tags/MiniFlux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MiniFlux</span></a> Setup 🚨</strong></p><p>Hi everyone! I’m struggling with a <a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosted</span></a> setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:</p><p><strong><strong>Setup</strong></strong></p><ul><li><strong>MiniFlux</strong>: Running in <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Docker</span></a> on a <a href="https://allovertheplace.ca/tags/RaspberryPi500" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaspberryPi500</span></a> (<a href="https://allovertheplace.ca/tags/Stormux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stormux</span></a>, based on <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArchLinuxARM</span></a>).</li><li><strong>Nextflux</strong>: Hosted on Cloudflare Pages.</li><li><strong>Reverse Proxy</strong>: <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Caddy</span></a> (installed via AUR).</li><li><strong>Cloudflare Access</strong>: Enabled for security and SSO.</li><li><strong>Cloudflared</strong>: Also installed via AUR.</li><li><strong>CORS Settings in Cloudflare Access</strong>: Configured to allow all origins, methods, and headers.</li></ul><p><strong><strong>What’s Working</strong></strong></p><ul><li>MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.</li><li>Nextflux is properly deployed on Cloudflare Pages.</li></ul><p><strong><strong>The Problem</strong></strong></p><p>Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:</p><ol><li><strong>CORS Error</strong>:<code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.</code></li><li><p><strong>Cloudflare Access Redirection</strong>:</p><pre><code>Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.<br></code></pre></li><li><p><strong>Failed to Fetch</strong>:</p><pre><code>Failed to fetch: TypeError: Failed to fetch.<br></code></pre></li></ol><p><strong><strong>What I’ve Tried</strong></strong></p><ol><li><p><strong>Service Token Authentication</strong>:</p><ul><li>Generated a service token in Cloudflare Access for Nextflux.</li><li>Added <code>CF-Access-Client-Id</code> and <code>CF-Access-Client-Secret</code> headers in Caddy for <code>rss.laniecarmelo.tech</code>.</li><li>Updated Cloudflare Access policies to include a bypass rule for this service token.</li></ul></li><li><p><strong>CORS Configuration</strong>:</p><ul><li>Tried permissive settings (<code>Access-Control-Allow-Origin: *</code>) in both Caddy and MiniFlux.</li><li>Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.</li></ul></li><li><p><strong>Policy Adjustments</strong>:</p><ul><li>Created a bypass policy for my home IP range and public IP.</li><li>Added an "Allow" policy for authenticated users via email/login methods.</li></ul></li><li><p><strong>Debugging Logs</strong>:</p><ul><li>Checked Cloudflared logs, which show requests being blocked due to missing access tokens (<code>AccessJWTValidator</code> errors).</li></ul></li></ol><p><strong><strong>Current State</strong></strong></p><p>Despite these efforts:</p><ul><li>Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.</li><li>The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.</li></ul><p><strong><strong>Goals</strong></strong></p><ol><li>Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).</li><li>Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).</li></ol><p><strong><strong>My Environment</strong></strong></p><ul><li>Raspberry Pi 500 running Arch Linux ARM.</li><li>Both Caddy and Cloudflared are installed via AUR packages.</li><li>MiniFlux is running in Docker with the following environment variables:<code>CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret></code></li></ul><p><strong><strong>Relevant Logs</strong></strong></p><p>From <code>cloudflared</code>:</p><pre><code>ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"<br></code></pre><p>From the browser console:</p><pre><code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.<br></code></pre><p><strong><strong>Questions</strong></strong></p><ol><li>Is there a better way to configure CORS for this setup?</li><li>Should I be handling authentication differently between Nextflux and MiniFlux?</li><li>How can I ensure that requests from Nextflux include valid access tokens?</li></ol><p>Any help or advice would be greatly appreciated! 🙏</p><p><a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Docker</span></a> <a href="https://allovertheplace.ca/tags/RSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RSS</span></a> <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CORS</span></a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArchLinuxARM</span></a> <a href="https://allovertheplace.ca/tags/CloudflarePages" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflarePages</span></a></p>
LavX News<p>Enhance Your Web Security with the Caddy Defender Plugin</p><p>The Caddy Defender plugin offers a powerful middleware solution for web developers looking to protect their applications from unwanted traffic and safeguard AI training data. With features like IP ran...</p><p><a href="https://news.lavx.hu/article/enhance-your-web-security-with-the-caddy-defender-plugin" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/enhance-y</span><span class="invisible">our-web-security-with-the-caddy-defender-plugin</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://mastodon.cloud/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> <a href="https://mastodon.cloud/tags/Middleware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Middleware</span></a></p>
Raven<p>Today I switched my web server from Apache httpd to Caddy on FreeBSD 14. I've never seen a simpler web server. All you need is one Caddyfile to manage Caddy itself and all websites.</p><p><a href="https://mastodon.bsd.cafe/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> <a href="https://mastodon.bsd.cafe/tags/freebsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freebsd</span></a></p>
Paco Hope #resist<p>Funny. I got some <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a> from <a href="https://infosec.exchange/tags/salesforce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>salesforce</span></a> and went to click the 'unsubscribe' link. Nice to know that <a href="https://infosec.exchange/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> is what they use. But, uh, not very effective at unsubscribing.</p>
Robert Rudolf<p><span class="h-card" translate="no"><a href="https://sopuli.xyz/u/IsoKiero" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>IsoKiero</span></a></span> I'm a happy user of <a href="https://fosstodon.org/tags/MailCow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MailCow</span></a> for years. It just works, simple to inslall and update. I'm using <a href="https://fosstodon.org/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> as a reverse proxy to further simplify the setup. And it's made in <a href="https://fosstodon.org/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a> 😄</p>
Mirko Lenz<p>For anyone wanting to add custom plugins/modules to <a href="https://fosstodon.org/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> on <a href="https://fosstodon.org/tags/NixOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NixOS</span></a>: <span class="h-card" translate="no"><a href="https://hachyderm.io/@vbernat" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vbernat</span></a></span> released a flake to do this via xcaddy in a fixed-output derivation. Switched to it on my server today and works perfectly! More details in his blog post:</p><p><a href="https://vincent.bernat.ch/en/blog/2024-caddy-nix-plugins" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vincent.bernat.ch/en/blog/2024</span><span class="invisible">-caddy-nix-plugins</span></a></p>
Allen<p>:hacker_u: :hacker_i: <br><a href="https://social.tchncs.de/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> <a href="https://social.tchncs.de/tags/music" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>music</span></a></p>
Lukas Rotermund<p>I retired NGINX for Caddy - and never looked back.</p><p>In my last blog post, I reported on a DoS attack and Docker's dangerous default behaviour regarding ufw and setting up NGINX locally.</p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@lil5" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lil5</span></a></span> pointed me to the Caddy web server after my post, and I migrated everything to it shortly afterwards.</p><p>My latest blog post is about migrating from NGINX to Caddy and why I don't want to go back to NGINX.</p><p><a href="https://lukasrotermund.de/posts/i-retired-nginx-for-caddy-and-never-looked-back/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lukasrotermund.de/posts/i-reti</span><span class="invisible">red-nginx-for-caddy-and-never-looked-back/</span></a></p><p><a href="https://social.tchncs.de/tags/Caddy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Caddy</span></a> <a href="https://social.tchncs.de/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> <a href="https://social.tchncs.de/tags/NGINX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NGINX</span></a></p>
Emanuele Panz<p>"I recreated the server, now with encrypted disks, and restored the application. Can you check why it is not running?"</p><p>Spent considerable time checking the <a href="https://phpc.social/tags/Symfony" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Symfony</span></a>, <a href="https://phpc.social/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> and <a href="https://phpc.social/tags/phpfpm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phpfpm</span></a> configs: nothing could explain such errors, including not respecting any config change.</p><p>It was the usual suspect: <a href="https://phpc.social/tags/selinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selinux</span></a>, which was non properly configured</p><p>Bonus point: took the time to quickly upgrade to PHP 8.3 and Symfony 6.4; not bad for an application last deployed on December 2022 ☺</p>
Kévin Dunglas<p>On December 5 and 6, I'll be in Vienna for SymfonyCon! I'll be explaining how HTTP compression works and how to use the latest developments in the field (Brotli, Zstandard...) to make your <span class="h-card" translate="no"><a href="https://mastodon.social/@symfony" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>symfony</span></a></span> applications even faster.</p><p>Of course, we'll also talk about how <a href="https://mastodon.social/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a> and <a href="https://mastodon.social/tags/FrankenPHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FrankenPHP</span></a> can help (as always)!</p>
Elias Probst<p><span class="h-card" translate="no"><a href="https://chaos.social/@alios" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>alios</span></a></span> I don't know whether there's a module for a fully declarative self-contained CA in <a href="https://mastodon.social/tags/nixpkgs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nixpkgs</span></a>, but you could run your own CA using "services.step-ca" and retrieve certs via <a href="https://mastodon.social/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACME</span></a> (either through the corresponding applications' support or using "security.acme").</p><p>If you're using <a href="https://mastodon.social/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CaddyServer</span></a>, you also might want to simply use its built-in support to run an ACME CA (also based on smallstep) or utilize its ACME support to automatically retrieve certs at runtime for all defined hosts.</p>
chris@strafpla.net<p>Because the excellent (and beloved for a decade or so) <a href="https://mstdn.strafpla.net/tags/reeder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reeder</span></a> by <span class="h-card" translate="no"><a href="https://gloria.social/@rizzi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rizzi</span></a></span> does not support <a href="https://mstdn.strafpla.net/tags/TLSClientAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLSClientAuth</span></a> for feeds* I spent a few hours on Yak-Shaving and on learning about <a href="https://mstdn.strafpla.net/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> <a href="https://mstdn.strafpla.net/tags/systemd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>systemd</span></a>-<a href="https://mstdn.strafpla.net/tags/resolved" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>resolved</span></a> and - in the end - about <a href="https://mstdn.strafpla.net/tags/iCloudPrivateRelay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iCloudPrivateRelay</span></a>.<br>If a local request is handled like an external request it may be because ... it's coming in as an external request.<br>___<br>* I’m sure I’m the only one left on the planet who has rss feeds with Client Certificates, so this is fine!</p>
Mitex Leo<p>After a lot of trial and error, I finally got object storage configured for this instance. I had originally planned to use Backblaze, but ended up going with Linode Object Storage. Unfortunately, the guides I found online didn't work for me, and I also had to make the switch from Caddy to Nginx. I'm thinking about writing a blog post to share my experience.</p><p><a href="https://mitexleo.one/tags/mastoadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastoadmin</span></a> <a href="https://mitexleo.one/tags/fedimin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedimin</span></a> <a href="https://mitexleo.one/tags/fediadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fediadmin</span></a> <a href="https://mitexleo.one/tags/s3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>s3</span></a> <a href="https://mitexleo.one/tags/linode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linode</span></a> <a href="https://mitexleo.one/tags/backblaze" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backblaze</span></a> <a href="https://mitexleo.one/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a> <a href="https://mitexleo.one/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> <a href="https://mitexleo.one/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a></p>
Mitex Leo<p>I'm using Caddy and couldn't find a guide to set up object cache proxying. Can someone please provide a Caddyfile for this? I'm using Backblaze for storage.</p><p><a href="https://mitexleo.one/tags/mastoadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastoadmin</span></a> <a href="https://mitexleo.one/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mastodon</span></a> <a href="https://mitexleo.one/tags/fediadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fediadmin</span></a> <a href="https://mitexleo.one/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a></p>
teledyn 𓂀<p>Today’s <a href="https://mstdn.ca/tags/apache2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apache2</span></a> puzzle: a machine on one domain needs to reverse proxy for a LAN machine on a different domain, so I need to also proxy the certificate which sounds like something that shouldn't be allowed, but perhaps there's a trick?</p><p>I'm really just wanting to build a dev <a href="https://mstdn.ca/tags/mobilizon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mobilizon</span></a> <a href="https://mstdn.ca/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> for that other domain, and I could just put it on strange ports, but proxying seemed more elegant and elsewheres useful. </p><p><a href="https://mstdn.ca/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a></p>
teledyn 𓂀<p>First question: if I attempt to migrate my rpi4B+ to <a href="https://mstdn.ca/tags/caddyserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caddyserver</span></a> from Apache2, am I headed for heartache?</p><p>Second question is technical: I have one domain with a static page site that redirects a sub-path to WordPress and that same <a href="https://mstdn.ca/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>letsencrypt</span></a> cert must also be combined full-chain+key put elsewhere as a PEM file for <a href="https://mstdn.ca/tags/icecast2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icecast2</span></a>. Is this triple-app coverage for one cert doable with caddy?</p><p>I presently build the icecast2 cert by hand every ninety days, which is a pain. There must be a better way.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload