feat: replace Traefik with Caddy

- Add templates for the Caddy installation. - Replace Traefik with Caddy for both dev and prod.
2024-10-22 03:00:57 +01:00 · 2024-10-22 03:00:57 +01:00 · 0490fc6568
commit 0490fc6568
parent 0fd1f05fd7
5 changed files with 114 additions and 1 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 830827da9e0cd82f93e493074fbbad464c3a1ec4
+Subproject commit 4bcd59b35e78780e43a22c641517697bfc345dc7
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -16,6 +16,7 @@ type Config struct {
 	RootDomain string      `json:"rootDomain"`
 	FlowGID    int32       `json:"flowGID"`
 	Docker     Docker      `json:"docker"`
+	Caddy      Caddy       `json:"caddy"`
 	Traefik    Traefik     `json:"traefik"`
 	Forgejo    Forgejo     `json:"forgejo"`
 	GoToSocial Gotosocial  `json:"gotosocial"`
@ -33,6 +34,25 @@ type DockerNetwork struct {
 	Subnet string `json:"subnet"`
 }

+type Caddy struct {
+	Version                  string   `json:"version"`
+	ContainerName            string   `json:"containerName"`
+	ContainerIpv4Address     string   `json:"containerIpv4Address"`
+	ConfigHostDirectory      string   `json:"configHostDirectory"`
+	ConfigContainerDirectory string   `json:"configContainerDirectory"`
+	DataHostDirectory        string   `json:"dataHostDirectory"`
+	DataContainerDirectory   string   `json:"dataContainerDirectory"`
+	GracePeriod              string   `json:"gracePeriod"`
+	TLS                      CaddyTLS `json:"tls"`
+}
+
+type CaddyTLS struct {
+	AcmeEmail             string `json:"acmeEmail"`
+	UseCustomCertificates bool   `json:"useCustomCertificates"`
+	HostDirectory         string `json:"hostDirectory"`
+	ContainerDirectory    string `json:"containerDirectory"`
+}
+
 type Traefik struct {
 	Version                  string `json:"version"`
 	CheckNewVersion          bool   `json:"checkNewVersion"`
--- a/templates/caddy/Caddyfile.gotmpl
+++ b/templates/caddy/Caddyfile.gotmpl
@ -0,0 +1,43 @@
+{
+	admin off
+	grace_period {{ .Caddy.GracePeriod }}
+	{{- if .Caddy.TLS.UseCustomCertificates -}}
+	{{ print "" }}
+	local_certs
+	skip_install_trust
+	auto_https disable_certs
+	{{- end -}}
+	{{ print "" }}
+	{{- if not .Caddy.TLS.UseCustomCertificates -}}
+	{{ print "" }}
+	email {{ .Caddy.TLS.AcmeEmail }}
+	{{- end -}}
+	{{ print "" }}
+}
+
+{{ .RootDomain }} {
+	{{- if .Caddy.TLS.UseCustomCertificates -}}
+	{{ print "" }}
+	tls {{ .Caddy.TLS.ContainerDirectory}}/caddy.crt {{ .Caddy.TLS.ContainerDirectory }}/caddy.key
+	{{- end -}}
+	{{ print "" }}
+	reverse_proxy {{ .Landing.ContainerIpv4Address }}:{{ .Landing.Port }}
+}
+
+{{ .Forgejo.Subdomain }}.{{ .RootDomain }} {
+	{{- if .Caddy.TLS.UseCustomCertificates -}}
+	{{ print "" }}
+	tls {{ .Caddy.TLS.ContainerDirectory}}/caddy.crt {{ .Caddy.TLS.ContainerDirectory }}/caddy.key
+	{{- end -}}
+	{{ print "" }}
+	reverse_proxy {{ .Forgejo.ContainerIpv4Address }}:{{ .Forgejo.HttpPort }}
+}
+
+{{ .GoToSocial.Subdomain }}.{{ .RootDomain }} {
+	{{- if .Caddy.TLS.UseCustomCertificates -}}
+	{{ print "" }}
+	tls {{ .Caddy.TLS.ContainerDirectory}}/caddy.crt {{ .Caddy.TLS.ContainerDirectory }}/caddy.key
+	{{- end -}}
+	{{ print "" }}
+	reverse_proxy {{ .GoToSocial.ContainerIpv4Address }}:{{ .GoToSocial.Port }}
+}
--- a/templates/caddy/Dockerfile.gotmpl
+++ b/templates/caddy/Dockerfile.gotmpl
@ -0,0 +1,9 @@
+# syntax=docker/dockerfile:1
+FROM caddy:{{ .Caddy.Version }}-alpine
+
+RUN --mount=type=bind,source=.,target=/packages \
+    mkdir -p {{ .Caddy.DataContainerDirectory }} {{ .Caddy.ConfigContainerDirectory }} {{ if .Caddy.TLS.UseCustomCertificates }}{{ .Caddy.TLS.ContainerDirectory }}{{ end }} \
+    && cp /packages/Caddyfile /etc/caddy/Caddyfile
+
+ENV XDG_CONFIG_HOME {{ .Caddy.ConfigContainerDirectory }}
+ENV XDG_DATA_HOME {{ .Caddy.DataContainerDirectory }}
--- a/templates/compose/docker-compose.yaml.gotmpl
+++ b/templates/compose/docker-compose.yaml.gotmpl
@ -20,6 +20,47 @@ networks:
      - subnet: "{{ .Docker.Network.Subnet }}"

 services:
+  # -- Edge flow --
+  caddy:
+    container_name: "{{ .Caddy.ContainerName }}"
+    image: "localhost/flow/caddy:{{ .Caddy.Version }}"
+    build:
+      context: "../caddy"
+    networks:
+      flow:
+        ipv4_address: "{{ .Caddy.ContainerIpv4Address }}"
+    ports:
+    - target: 80
+      published: 80
+      protocol: "tcp"
+      mode: "host"
+    - target: 443
+      published: 443
+      protocol: "tcp"
+      mode: "host"
+    - target: 443
+      published: 443
+      protocol: "udp"
+      mode: "host"
+    restart: "always"
+    volumes:
+    {{- template "defaultVolumes" }}
+    # Caddy data volume
+    - type: "bind"
+      source: "{{ .Caddy.DataHostDirectory }}"
+      target: "{{ .Caddy.DataContainerDirectory }}"
+    # Caddy config volume
+    - type: "bind"
+      source: "{{ .Caddy.ConfigHostDirectory }}"
+      target: "{{ .Caddy.ConfigContainerDirectory }}"
+    {{- if .Caddy.TLS.UseCustomCertificates -}}
+    {{ print "" }}
+    # Caddy TLS volume
+    - type: "bind"
+      source: "{{ .Caddy.TLS.HostDirectory }}"
+      target: "{{ .Caddy.TLS.ContainerDirectory }}"
+    {{- end -}}
+    {{ print "" }}
  # -- Traffic flow --
  traefik:
    container_name: "{{ .Traefik.ContainerName }}"