cloudflare
Caddy
cloudflare | Caddy | |
---|---|---|
10 | 403 | |
371 | 53,904 | |
3.6% | 1.4% | |
5.1 | 9.5 | |
about 1 month ago | 5 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cloudflare
-
Which reverse proxy are you using?
If you're using Cloudflare then you might need the Cloudflare module which is a little annoying because you need to rebuild the Caddy executable (or Docker image) to include it. I just set up a GitHub repo that uses GitHub Actions to build and publish a Docker image that includes the Caddy Docker Proxy and Cloudflare modules, but I haven't figured out how automatically update the image when a new version of Caddy is released so it's still a manual process for now.
-
Help: Caddy setup for internal LAN access only
if domain.xyz is already pointed to cloudflare's nameservers, you'll want to use the cloudflare dns plugin with caddy for a wildcard tls cert from letsencrypt.
-
Story on revisiting Svelte/Kit after moving to Solid, then Remix
I'm on Cloudflare now, so I build my own image based on this Docker image to use SSL from Cloudflare.
-
Caddy2 reverse proxy to pihole not working
Anyways, my end goal is to use cloudflare aswell, because I see that then you can get a wildcard DNS record. Have you tried that? Are you using https://github.com/caddy-dns/cloudflare ? Did you have to build it yourself, or is it included in dockerhub image?
- Komga & caddyserver2 are driving me insane.
-
NGINX Proxy Manager
> First, what versions am I getting? Does using `2.5.1-builder` result in a customer built binary that's version `2.5.1`? The command usage [1] of the `xcaddy` command says it falls back to the `CADDY_VERSION` environment variable if it's not set explicitly. Since it's not set explicitly, I go looking for that variable in the Dockerfile [2].
Yeah - the default version it'll build with is the version embedded in the builder image, so in that case, v2.5.1. But really, you can just use always use the latest builder image and specify the version you want in the xcaddy command, i.e. 'xcaddy build v2.5.1 --with ', or any other git ref if not a version (cause we're using Go to build and you can use any git ref, like a commit hash or branch name if you want to try a WIP pull request).
We set it up with a good default so most users wouldn't need to ask that question, it should "just work" for them. But it's a valid question to ask.
> That's some templating language I'm not familiar with and I can't track down where the variable gets set, at least not quickly.
Yeah we're using Gomplate for generating the Dockerfiles for the official Docker Library builds, since we need to make builds for every CPU architecture, and even Windows docker images (I still have no idea why anyone would want those, but alas). Either way, that's an implementation detail of how we automate this stuff, doesn't matter to users.
> Now, what version of `caddy-dns/cloudflare` am I getting?
The latest, if you don't specify a version. The https://github.com/caddy-dns/cloudflare repo doesn't have tagged releases, so it'll just be the latest commit on the master branch. You can specify a specific commit like '--with github.com/caddy-dns/cloudflare@8ea1cff' for (as of this writing) the commit just before the latest.
> What other risks come along with building and maintaining my own custom image?
Honestly, none. Maybe problems with plugins not being compatible with eachother, but Caddy's plugin design means that should rarely happen, except if two plugins have the same module ID. But that's up to you to make sure you don't pick two plugins that try to do the same thing.
Because of the way Go builds work, they can always be cross-compiled. We don't use CGO, so builds of Caddy are completely static and have zero dependencies. There's really no risk that it doesn't build in a specific environment, or whatever.
> If I build a custom image, do I let other people I help with the odd tech thing use it or is all the effort for me only? I don't want to become the maintainer of a Docker image others rely on, so I can't even re-use any related config if I help others in the future since they won't have access to the needed image.
Up to you. But that's the exact reason we don't maintain builds with plugins ourselves. There's literally an infinite amount of combinations possible. Some have suggested like "caddy-lite" and "caddy-full" sort of setups where we ship just a few vetted plugins or "yolo give me all the plugins" but that's silly. We don't have the time or resources to vet all the plugins.
From your perspective it might seem like "duh, there should be an official build with Cloudflare", but really it's a pretty small percentage of users who need this.
> Also, a 4 line Docker file looks nice in terms of being simple, but explicitly declaring or even adding comments describing some of the things I pointed out above can save people a lot of time. Even comments with links to the relevant portions of the docs would be super useful.
(as I wrote in my other comment, the docs for this are on https://hub.docker.com/_/caddy)
> The desire for wildcard certificates is to keep things from being discoverable via CTLogs.
It's really trivial for someone to scan until they hit subdomains that return a successful response, if they really cared. This doesn't really protect from anything. Using wildcards for that is a bit of an antipattern.
- Best Applications To Use For 2FA For VPN Connections Into Local LAN?
-
Can't access website from outside local network.
For more, see: https://github.com/caddy-dns/cloudflare
-
3 weeks ago I knew nothing about docker or selfhosting. Now I have my small home server and thanks to r/selfhosted I was able to setup it all by myself! Any recommendations on what should I install next?
As default it does need port 80 open to renew certificates, but you can use DNS challenge instead. https://github.com/caddy-dns/cloudflare
Caddy
-
How I use Devbox in my Elm projects
These projects use Caddy as my local development server, Dart Sass for converting my Sass files to CSS, elm, elm-format, elm-optimize-level-2, elm-review, elm-test (only in Calculator), ShellCheck to find bugs in my shell scripts, and Terser to mangle and compress JavaScript code.
-
Why Does Windows Use Backslash as Path Separator?
No, look at the associated unit test: https://github.com/caddyserver/caddy/blob/c6eb186064091c79f4...
If that test fails we could serve PHP source code instead of having it be evaluated, a major security flaw.
-
How to securely reverse-proxy ASP.NET Core web apps
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
-
HTTP/2 Continuation Flood: Technical Details
I think that recompiling with upgraded Go will not solve the issue. It seems Caddy imports `golang.org/x/net/http2` and pins it to v0.22.0 which is vulnerable: https://github.com/caddyserver/caddy/issues/6219#issuecommen....
-
Show HN: Nano-web, a low latency one binary webserver designed for serving SPAs
Caddy [1] is a single binary. It is not minimal, but the size difference is barely noticeable.
serve also comes to mind. If you have node installed, `npx serve .` does exactly that.
There are a few go projects that fit your description, none of them very popular, probably because they end up being a 20-line wrapper around http frameworks just like this one.
[1] https://caddyserver.com/
-
I Deployed My Own Cute Lil’ Private Internet (a.k.a. VPC)
Each app’s front end is built with Qwik and uses Tailwind for styling. The server-side is powered by Qwik City (Qwik’s official meta-framework) and runs on Node.js hosted on a shared Linode VPS. The apps also use PM2 for process management and Caddy as a reverse proxy and SSL provisioner. The data is stored in a PostgreSQL database that also runs on a shared Linode VPS. The apps interact with the database using Drizzle, an Object-Relational Mapper (ORM) for JavaScript. The entire infrastructure for both apps is managed with Terraform using the Terraform Linode provider, which was new to me, but made provisioning and destroying infrastructure really fast and easy (once I learned how it all worked).
-
Automatic SSL Solution for SaaS/MicroSaaS Applications with Caddy, Node.js and Docker
So I dug a little deeper and came across this gem: Caddy. Caddy is this fantastic, extensible, cross-platform, open-source web server that's written in Go. The best part? It comes with automatic HTTPS. It basically condenses all the work our scripts and manual maintenance were doing into just 4-5 lines of config. So, stick around and I'll walk you through how to set up an automatic SSL solution with Caddy, Docker and a Node.js server.
-
Cheapest ECS Fargate Service with HTTPS
Let's use Caddy which can act as reverse-proxy with automatic HTTPS coverage.
-
Bluesky announces data federation for self hosters
Even if it may be simple, it doesn't handle edge cases such as https://github.com/caddyserver/caddy/issues/1632
I personally would make the trade off of taking on more complexity so that I can have extra compatibility.
-
Freenginx.org
One of the most heavily used Russian software projects on the internet https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-n... but it's only marginally more modern than Apache httpd.
In light of recently announced nginx memory-safety vulnerabilities I'd suggest migrating to Caddy https://caddyserver.com/
What are some alternatives?
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
traefik - The Cloud Native Application Proxy
unbound
HAProxy - HAProxy documentation
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
envoy - Cloud-native high-performance edge/middle/service proxy
caddy-docker - Source for the official Caddy v2 Docker Image
Nginx - An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html
caddy-docker-proxy - Caddy as a reverse proxy for Docker
RoadRunner - 🤯 High-performance PHP application server, process manager written in Go and powered with plugins
docker-pi-hole - Pi-hole in a docker container
Squid - Squid Web Proxy Cache