From cddd051bbcfcbcaded137b3f5e638017d289f00e Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sun, 2 Jul 2023 13:31:15 +0200 Subject: [PATCH 01/16] Add guide on setting up Caddy as webserver and tutorial for using Caddy with Cloudflare DNS in proxy mode --- .snippets/webservers/Caddyfile | 56 +++++++++++++++++ .snippets/webservers/Caddyfile-nossl | 56 +++++++++++++++++ panel/1.0/webserver_configuration.md | 48 +++++++++++++++ tutorials/creating_ssl_certificates.md | 83 ++++++++++++++++++++++++++ 4 files changed, 243 insertions(+) create mode 100644 .snippets/webservers/Caddyfile create mode 100644 .snippets/webservers/Caddyfile-nossl diff --git a/.snippets/webservers/Caddyfile b/.snippets/webservers/Caddyfile new file mode 100644 index 00000000..7d4fc9ba --- /dev/null +++ b/.snippets/webservers/Caddyfile @@ -0,0 +1,56 @@ +{ + servers :443 { + timeouts { + read_body 120s + } + } +} + + { + root * /var/www/pterodactyl/public + + file_server + + php_fastcgi unix//run/php/php8.1-fpm.sock { + root /var/www/pterodactyl/public + index index.php + + env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" + env HTTP_PROXY "" + # env HTTPS "on" + + read_timeout 300s + dial_timeout 300s + write_timeout 300s + } + + header Strict-Transport-Security "max-age=16768000; preload;" + header X-Content-Type-Options "nosniff" + header X-XSS-Protection "1; mode=block;" + header X-Robots-Tag "none" + header Content-Security-Policy "frame-ancestors 'self'" + header X-Frame-Options "DENY" + header Referrer-Policy "same-origin" + + request_body { + max_size 100m + } + + respond /.ht* 403 + + log { + output file /var/log/caddy/pterodactyl.app-access.log { + roll_size 100MiB + roll_keep_for 7d + } + level INFO + } + + log { + output file /var/log/caddy/pterodcatyl.app-error.log { + roll_size 100MiB + roll_keep_for 7d + } + level ERROR + } +} \ No newline at end of file diff --git a/.snippets/webservers/Caddyfile-nossl b/.snippets/webservers/Caddyfile-nossl new file mode 100644 index 00000000..0d985325 --- /dev/null +++ b/.snippets/webservers/Caddyfile-nossl @@ -0,0 +1,56 @@ +{ + servers :80 { + timeouts { + read_body 120s + } + } +} + +http:// { + root * /var/www/pterodactyl/public + + file_server + + php_fastcgi unix//run/php/php8.1-fpm.sock { + root /var/www/pterodactyl/public + index index.php + + env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" + env HTTP_PROXY "" + # env HTTPS "on" + + read_timeout 300s + dial_timeout 300s + write_timeout 300s + } + + header Strict-Transport-Security "max-age=16768000; preload;" + header X-Content-Type-Options "nosniff" + header X-XSS-Protection "1; mode=block;" + header X-Robots-Tag "none" + header Content-Security-Policy "frame-ancestors 'self'" + header X-Frame-Options "DENY" + header Referrer-Policy "same-origin" + + request_body { + max_size 100m + } + + respond /.ht* 403 + + log { + output file /var/log/caddy/pterodactyl.app-access.log { + roll_size 100MiB + roll_keep_for 7d + } + level INFO + } + + log { + output file /var/log/caddy/pterodcatyl.app-error.log { + roll_size 100MiB + roll_keep_for 7d + } + level ERROR + } +} \ No newline at end of file diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index a74074cb..4a259b93 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -4,6 +4,10 @@ When using the SSL configuration you MUST create SSL certificates, otherwise your webserver will fail to start. See the [Creating SSL Certificates](/tutorials/creating_ssl_certificates.html) documentation page to learn how to create these certificates before continuing. ::: +::: tip +If you are using [Caddy With Automatic SSL](#caddy-with-automatic-ssl), you do not have to create SSL certificates manually, Caddy will take care of it automatically. +::: + :::: tabs ::: tab "Nginx With SSL" First, remove the default NGINX configuration. @@ -109,6 +113,50 @@ sudo a2enmod rewrite sudo systemctl restart apache2 ``` +::: +::: tab "Caddy With Automatic SSL" + +You should paste the contents of the file bellow, replacing `` with your domain name. + +The default config path is `/etc/caddy/Caddyfile`. + +<<< @/.snippets/webservers/Caddyfile{9} + +::: tip +If you are using Cloudflare DNS in proxy mode, refer to [this tutorial](/tutorials/creating_ssl_certificates.html#method-3:-caddy-(using-cloudflare-api)), to see how to configure Caddy to use DNS challenge for obtaining SSL certificates. +::: + +### Enabling Configuration + +The final step is to validate configuration and restart Caddy. + +```bash +caddy validate --config /etc/caddy/Caddyfile + +systemctl restart caddy +``` + +::: +::: tab "Caddy Without SSL" + +You should paste the contents of the file bellow, replacing `` with your domain name. + +The default config path is `/etc/caddy/Caddyfile`. + +The only two differences are that we have prefixed the `` with `http://` (or you can use `:80` suffix behind the ``) and in the global config at `servers` directive, we have changed the port from `:443` to `:80`. + +<<< @/.snippets/webservers/Caddyfile-nossl{2,9} + +### Enabling Configuration + +The final step is to validate configuration and restart Caddy. + +```bash +caddy validate --config /etc/caddy/Caddyfile + +systemctl restart caddy +``` + ::: :::: diff --git a/tutorials/creating_ssl_certificates.md b/tutorials/creating_ssl_certificates.md index 6abce13f..308255d9 100644 --- a/tutorials/creating_ssl_certificates.md +++ b/tutorials/creating_ssl_certificates.md @@ -139,5 +139,88 @@ After running the script for the first time, it will be added to the crontab aut sudo crontab -e ``` +::: +::: tab "Method 3: Caddy (using Cloudflare API)" +This is for advanced users, who are running Cloudflare in proxy mode or do not have access to port `80`. + +### Installing Caddy with Cloudflare DNS plugin + +Caddy does not come by default with Cloudflare DNS plugin, you need to install it yourself. + +There are two main methods: + +1. using `xcaddy` - CLI tool to build your own Caddy build +2. downloading prebuilt binary from [Caddy's download page](https://caddyserver.com/download). +3. using Ansible to download and install Caddy with plugins. See [caddy-ansible](https://github.com/caddy-ansible/caddy-ansible) + +#### Build Caddy using `xcaddy` on your server + +Please refer to [Caddy docs on building Caddy](https://caddyserver.com/docs/build#xcaddy). + +### Obtaining CloudFlare API Token + +After installing acme.sh, we need to fetch a CloudFlare API key. Please make sure that a DNS record (A or CNAME record) is pointing to your target node, and set the cloud to grey (bypassing CloudFlare proxy). Then go to My Profile > API keys and on Global API Key subtab, click on "view", enter your CloudFlare password, and copy the API key to clipboard. + +After install Caddy with Cloudflare DNS plugin, we need to fetch a Cloudflare API token. Please make sure that a DNS record (A or CNAME record) is pointing at your target node. Then go to My Profile > API Tokens and on API Tokens click "Create Token". Create API Token > API token templates, at the end of line with "Edit zone DNS", click "Use template". Under **Zone Resources**, select your DNS zone for which you wish to create the API token, click "Continue to summary". Review the API token summary and click "Create Token". And finally copy the API token to clipboard. + +### Reconfiguring Caddy to use Cloudflare DNS for obtaining certificates + +Create an environment variable file (like `.env`), keep in mind that this file contains secrets and should not be accessed by public. + +```bash +# /etc/caddy/.secrets.env +CLOUDFLARE_API_TOKEN= +``` + +For security reasons, we recommend setting permissions to `0600` (only owner can read or write to the file). + +```bash +# Set ownership of the `.secrets.env` file to `caddy` system user +chown caddy:caddy /etc/caddy/.secrets.env + +# Set read-write permissions only to owner - the `caddy` system user +chmod 0600 /etc/caddy/.secrets.env +``` + +Modify the systemd unit file, to load environment variables from file (add `--envfile /etc/caddy/.secrets.env` flag to `ExecStart`): + +```unit{12} +# /etc/systemd/system/caddy.service +[Unit] +Description=Caddy +Documentation=https://caddyserver.com/docs/ +After=network.target network-online.target +Requires=network-online.target + +[Service] +Type=notify +User=caddy +Group=caddy +ExecStart=/usr/bin/caddy run --environ --envfile /etc/caddy/.secrets.env --config /etc/caddy/Caddyfile +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile +TimeoutStopSec=5s +LimitNOFILE=1048576 +LimitNPROC=512 +PrivateTmp=true +ProtectSystem=full +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target +``` + +You can add a `tls` block to your `Caddyfile`, under the `` block of your panel configuration: + +```caddyfile{5-7} +# /etc/caddy/Caddyfile + { + # ... + + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + } +} +``` + ::: :::: From 08c04068576ab616c68584732c5300e49da06084 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 2 Sep 2023 08:01:20 +0200 Subject: [PATCH 02/16] style(caddy snippets): use spaces instead of tabs (4 wide) --- .snippets/webservers/Caddyfile | 84 ++++++++++++++-------------- .snippets/webservers/Caddyfile-nossl | 84 ++++++++++++++-------------- 2 files changed, 84 insertions(+), 84 deletions(-) diff --git a/.snippets/webservers/Caddyfile b/.snippets/webservers/Caddyfile index 7d4fc9ba..64c6eb42 100644 --- a/.snippets/webservers/Caddyfile +++ b/.snippets/webservers/Caddyfile @@ -1,56 +1,56 @@ { - servers :443 { - timeouts { - read_body 120s - } - } + servers :443 { + timeouts { + read_body 120s + } + } } { - root * /var/www/pterodactyl/public + root * /var/www/pterodactyl/public - file_server + file_server - php_fastcgi unix//run/php/php8.1-fpm.sock { - root /var/www/pterodactyl/public - index index.php + php_fastcgi unix//run/php/php8.1-fpm.sock { + root /var/www/pterodactyl/public + index index.php - env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" - env HTTP_PROXY "" - # env HTTPS "on" + env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" + env HTTP_PROXY "" + # env HTTPS "on" - read_timeout 300s - dial_timeout 300s - write_timeout 300s - } + read_timeout 300s + dial_timeout 300s + write_timeout 300s + } - header Strict-Transport-Security "max-age=16768000; preload;" - header X-Content-Type-Options "nosniff" - header X-XSS-Protection "1; mode=block;" - header X-Robots-Tag "none" - header Content-Security-Policy "frame-ancestors 'self'" - header X-Frame-Options "DENY" - header Referrer-Policy "same-origin" + header Strict-Transport-Security "max-age=16768000; preload;" + header X-Content-Type-Options "nosniff" + header X-XSS-Protection "1; mode=block;" + header X-Robots-Tag "none" + header Content-Security-Policy "frame-ancestors 'self'" + header X-Frame-Options "DENY" + header Referrer-Policy "same-origin" - request_body { - max_size 100m - } + request_body { + max_size 100m + } - respond /.ht* 403 + respond /.ht* 403 - log { - output file /var/log/caddy/pterodactyl.app-access.log { - roll_size 100MiB - roll_keep_for 7d - } - level INFO - } + log { + output file /var/log/caddy/pterodactyl.app-access.log { + roll_size 100MiB + roll_keep_for 7d + } + level INFO + } - log { - output file /var/log/caddy/pterodcatyl.app-error.log { - roll_size 100MiB - roll_keep_for 7d - } - level ERROR - } + log { + output file /var/log/caddy/pterodcatyl.app-error.log { + roll_size 100MiB + roll_keep_for 7d + } + level ERROR + } } \ No newline at end of file diff --git a/.snippets/webservers/Caddyfile-nossl b/.snippets/webservers/Caddyfile-nossl index 0d985325..a2877c31 100644 --- a/.snippets/webservers/Caddyfile-nossl +++ b/.snippets/webservers/Caddyfile-nossl @@ -1,56 +1,56 @@ { - servers :80 { - timeouts { - read_body 120s - } - } + servers :80 { + timeouts { + read_body 120s + } + } } http:// { - root * /var/www/pterodactyl/public + root * /var/www/pterodactyl/public - file_server + file_server - php_fastcgi unix//run/php/php8.1-fpm.sock { - root /var/www/pterodactyl/public - index index.php + php_fastcgi unix//run/php/php8.1-fpm.sock { + root /var/www/pterodactyl/public + index index.php - env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" - env HTTP_PROXY "" - # env HTTPS "on" + env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" + env HTTP_PROXY "" + # env HTTPS "on" - read_timeout 300s - dial_timeout 300s - write_timeout 300s - } + read_timeout 300s + dial_timeout 300s + write_timeout 300s + } - header Strict-Transport-Security "max-age=16768000; preload;" - header X-Content-Type-Options "nosniff" - header X-XSS-Protection "1; mode=block;" - header X-Robots-Tag "none" - header Content-Security-Policy "frame-ancestors 'self'" - header X-Frame-Options "DENY" - header Referrer-Policy "same-origin" + header Strict-Transport-Security "max-age=16768000; preload;" + header X-Content-Type-Options "nosniff" + header X-XSS-Protection "1; mode=block;" + header X-Robots-Tag "none" + header Content-Security-Policy "frame-ancestors 'self'" + header X-Frame-Options "DENY" + header Referrer-Policy "same-origin" - request_body { - max_size 100m - } + request_body { + max_size 100m + } - respond /.ht* 403 + respond /.ht* 403 - log { - output file /var/log/caddy/pterodactyl.app-access.log { - roll_size 100MiB - roll_keep_for 7d - } - level INFO - } + log { + output file /var/log/caddy/pterodactyl.app-access.log { + roll_size 100MiB + roll_keep_for 7d + } + level INFO + } - log { - output file /var/log/caddy/pterodcatyl.app-error.log { - roll_size 100MiB - roll_keep_for 7d - } - level ERROR - } + log { + output file /var/log/caddy/pterodcatyl.app-error.log { + roll_size 100MiB + roll_keep_for 7d + } + level ERROR + } } \ No newline at end of file From 3061cd497020e22b52b9c31186b3e7fad7c20e86 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Mon, 13 Nov 2023 11:47:52 +0100 Subject: [PATCH 03/16] style(creating_ssl_certificates.md): capitalize fist letter in numbered list --- tutorials/creating_ssl_certificates.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tutorials/creating_ssl_certificates.md b/tutorials/creating_ssl_certificates.md index 308255d9..814708fd 100644 --- a/tutorials/creating_ssl_certificates.md +++ b/tutorials/creating_ssl_certificates.md @@ -149,9 +149,9 @@ Caddy does not come by default with Cloudflare DNS plugin, you need to install i There are two main methods: -1. using `xcaddy` - CLI tool to build your own Caddy build -2. downloading prebuilt binary from [Caddy's download page](https://caddyserver.com/download). -3. using Ansible to download and install Caddy with plugins. See [caddy-ansible](https://github.com/caddy-ansible/caddy-ansible) +1. Using `xcaddy` - CLI tool to build your own Caddy build +2. Downloading prebuilt binary from [Caddy's download page](https://caddyserver.com/download). +3. Using Ansible to download and install Caddy with plugins. See [caddy-ansible](https://github.com/caddy-ansible/caddy-ansible) #### Build Caddy using `xcaddy` on your server From 163c623f79a6289f3cdb2cf48aae72012863fe36 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Mon, 13 Nov 2023 11:49:12 +0100 Subject: [PATCH 04/16] fix(caddy): uncomment env HTTPS "on" --- .snippets/webservers/Caddyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.snippets/webservers/Caddyfile b/.snippets/webservers/Caddyfile index 64c6eb42..8a77be32 100644 --- a/.snippets/webservers/Caddyfile +++ b/.snippets/webservers/Caddyfile @@ -17,7 +17,7 @@ env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" env HTTP_PROXY "" - # env HTTPS "on" + env HTTPS "on" read_timeout 300s dial_timeout 300s From f7751b04c2d7b4782c480f0914d55fd249ae1960 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Mon, 13 Nov 2023 11:52:17 +0100 Subject: [PATCH 05/16] fix(snippets/caddy): simplify logging --- .snippets/webservers/Caddyfile | 10 +--------- .snippets/webservers/Caddyfile-nossl | 10 +--------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/.snippets/webservers/Caddyfile b/.snippets/webservers/Caddyfile index 8a77be32..725edd85 100644 --- a/.snippets/webservers/Caddyfile +++ b/.snippets/webservers/Caddyfile @@ -39,18 +39,10 @@ respond /.ht* 403 log { - output file /var/log/caddy/pterodactyl.app-access.log { + output file /var/log/caddy/pterodactyl.log { roll_size 100MiB roll_keep_for 7d } level INFO } - - log { - output file /var/log/caddy/pterodcatyl.app-error.log { - roll_size 100MiB - roll_keep_for 7d - } - level ERROR - } } \ No newline at end of file diff --git a/.snippets/webservers/Caddyfile-nossl b/.snippets/webservers/Caddyfile-nossl index a2877c31..a41d9f20 100644 --- a/.snippets/webservers/Caddyfile-nossl +++ b/.snippets/webservers/Caddyfile-nossl @@ -39,18 +39,10 @@ http:// { respond /.ht* 403 log { - output file /var/log/caddy/pterodactyl.app-access.log { + output file /var/log/caddy/pterodactyl.log { roll_size 100MiB roll_keep_for 7d } level INFO } - - log { - output file /var/log/caddy/pterodcatyl.app-error.log { - roll_size 100MiB - roll_keep_for 7d - } - level ERROR - } } \ No newline at end of file From f32dee99dce3d5fce35a357b819cab2681989b8a Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Mon, 13 Nov 2023 12:05:47 +0100 Subject: [PATCH 06/16] fix(snippets/caddy): explicit comment for disabling https --- .snippets/webservers/Caddyfile-nossl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.snippets/webservers/Caddyfile-nossl b/.snippets/webservers/Caddyfile-nossl index a41d9f20..a8cca6b6 100644 --- a/.snippets/webservers/Caddyfile-nossl +++ b/.snippets/webservers/Caddyfile-nossl @@ -17,7 +17,7 @@ http:// { env PHP_VALUE "upload_max_filesize = 100M \n post_max_size = 100M" env HTTP_PROXY "" - # env HTTPS "on" + # env HTTPS "on" # IMPORTANT: this is commented out, to disable HTTPS read_timeout 300s dial_timeout 300s From 9af02fab478e9818c612e8a0290f8d5e4bb44ee7 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Mon, 13 Nov 2023 12:06:12 +0100 Subject: [PATCH 07/16] refactor(panel/webserver_configuration.md): do not validate caddy, only restart the daemon --- panel/1.0/webserver_configuration.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index 4a259b93..47e06b56 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -128,11 +128,9 @@ If you are using Cloudflare DNS in proxy mode, refer to [this tutorial](/tutoria ### Enabling Configuration -The final step is to validate configuration and restart Caddy. +The final step is to restart Caddy. ```bash -caddy validate --config /etc/caddy/Caddyfile - systemctl restart caddy ``` @@ -149,11 +147,9 @@ The only two differences are that we have prefixed the `` with `http://` ### Enabling Configuration -The final step is to validate configuration and restart Caddy. +The final step is to restart Caddy. ```bash -caddy validate --config /etc/caddy/Caddyfile - systemctl restart caddy ``` From 3c3601878a54f2f346ff2bebfda3fcd4927d29e0 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Mon, 13 Nov 2023 12:10:47 +0100 Subject: [PATCH 08/16] refactor(caddy): use :80 suffix for HTTP configuration --- .snippets/webservers/Caddyfile-nossl | 2 +- panel/1.0/webserver_configuration.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.snippets/webservers/Caddyfile-nossl b/.snippets/webservers/Caddyfile-nossl index a8cca6b6..1b796e0f 100644 --- a/.snippets/webservers/Caddyfile-nossl +++ b/.snippets/webservers/Caddyfile-nossl @@ -6,7 +6,7 @@ } } -http:// { +:80 { root * /var/www/pterodactyl/public file_server diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index 47e06b56..51d12ca5 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -141,7 +141,7 @@ You should paste the contents of the file bellow, replacing `` with your The default config path is `/etc/caddy/Caddyfile`. -The only two differences are that we have prefixed the `` with `http://` (or you can use `:80` suffix behind the ``) and in the global config at `servers` directive, we have changed the port from `:443` to `:80`. +The only two differences are that we have suffixed the `` with `:80` and in the global config at `servers` directive, we have changed the port from `:443` to `:80`. <<< @/.snippets/webservers/Caddyfile-nossl{2,9} From bad00b77427c46f3c150042bf3dd666fc503eaa8 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Tue, 28 Nov 2023 10:53:51 +0100 Subject: [PATCH 09/16] refactor(webserver_configuration.md): instruct user to delete default config --- panel/1.0/webserver_configuration.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index 51d12ca5..e741e4dd 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -118,7 +118,15 @@ sudo systemctl restart apache2 You should paste the contents of the file bellow, replacing `` with your domain name. -The default config path is `/etc/caddy/Caddyfile`. +Before adding our custom configuration, let's remove the default one. You can do it either by deleting the contents of config file or by deleting the config file completely and than creating a new one from scratch. The config file path is `/etc/caddy/Caddyfile`. + +To delete the config file completely, run the following command: + +```shell +rm /etc/caddy/Caddyfile +``` + +Than continue with an editor of your choice to write the config. <<< @/.snippets/webservers/Caddyfile{9} @@ -139,7 +147,15 @@ systemctl restart caddy You should paste the contents of the file bellow, replacing `` with your domain name. -The default config path is `/etc/caddy/Caddyfile`. +Before adding our custom configuration, let's remove the default one. You can do it either by deleting the contents of config file or by deleting the config file completely and than creating a new one from scratch. The config file path is `/etc/caddy/Caddyfile`. + +To delete the config file completely, run the following command: + +```shell +rm /etc/caddy/Caddyfile +``` + +Than continue with an editor of your choice to write the config. The only two differences are that we have suffixed the `` with `:80` and in the global config at `servers` directive, we have changed the port from `:443` to `:80`. From 4c46daa798ef4954c3eb67779ee31583c180901f Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Tue, 28 Nov 2023 11:45:03 +0100 Subject: [PATCH 10/16] refactor(webserver_configuration.md): remove highlight from server directive --- panel/1.0/webserver_configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index e741e4dd..90c0e6a7 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -159,7 +159,7 @@ Than continue with an editor of your choice to write the config. The only two differences are that we have suffixed the `` with `:80` and in the global config at `servers` directive, we have changed the port from `:443` to `:80`. -<<< @/.snippets/webservers/Caddyfile-nossl{2,9} +<<< @/.snippets/webservers/Caddyfile-nossl{9} ### Enabling Configuration From 8ffb97d82cd722c985fe9d5ada1358c123983c48 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Tue, 28 Nov 2023 11:57:31 +0100 Subject: [PATCH 11/16] refactor(webserver_configuration.md): add extra `:` to tabs, for hierarchy - this was required to allow for `::: tip :::` inside a tab. Using only three colons resulted in formatting/rendering error --- panel/1.0/webserver_configuration.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index 90c0e6a7..381be4a0 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -8,8 +8,8 @@ When using the SSL configuration you MUST create SSL certificates, otherwise you If you are using [Caddy With Automatic SSL](#caddy-with-automatic-ssl), you do not have to create SSL certificates manually, Caddy will take care of it automatically. ::: -:::: tabs -::: tab "Nginx With SSL" +::::: tabs +:::: tab "Nginx With SSL" First, remove the default NGINX configuration. ``` bash @@ -33,8 +33,8 @@ sudo ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/ sudo systemctl restart nginx ``` -::: -::: tab "Nginx Without SSL" +:::: +:::: tab "Nginx Without SSL" First, remove the default NGINX configuration. ``` bash @@ -58,8 +58,8 @@ sudo ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/ sudo systemctl restart nginx ``` -::: -::: tab "Apache With SSL" +:::: +:::: tab "Apache With SSL" First, remove the default Apache configuration. ``` bash @@ -86,8 +86,8 @@ sudo a2enmod ssl sudo systemctl restart apache2 ``` -::: -::: tab "Apache Without SSL" +:::: +:::: tab "Apache Without SSL" First, remove the default Apache configuration. ``` bash @@ -113,8 +113,8 @@ sudo a2enmod rewrite sudo systemctl restart apache2 ``` -::: -::: tab "Caddy With Automatic SSL" +:::: +:::: tab "Caddy With Automatic SSL" You should paste the contents of the file bellow, replacing `` with your domain name. @@ -142,8 +142,8 @@ The final step is to restart Caddy. systemctl restart caddy ``` -::: -::: tab "Caddy Without SSL" +:::: +:::: tab "Caddy Without SSL" You should paste the contents of the file bellow, replacing `` with your domain name. @@ -169,7 +169,7 @@ The final step is to restart Caddy. systemctl restart caddy ``` -::: :::: +::::: #### Next Step: [Wings Installation](../../wings/installing.md) From 0c61c3c24c3c838d6a1f5ff9d9243a08a1bcb9aa Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 29 Nov 2023 09:41:55 +0100 Subject: [PATCH 12/16] refactor(webserver_configuration.md): than -> then --- panel/1.0/webserver_configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index 381be4a0..af23bafb 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -126,7 +126,7 @@ To delete the config file completely, run the following command: rm /etc/caddy/Caddyfile ``` -Than continue with an editor of your choice to write the config. +Then continue with an editor of your choice to write the config. <<< @/.snippets/webservers/Caddyfile{9} @@ -155,7 +155,7 @@ To delete the config file completely, run the following command: rm /etc/caddy/Caddyfile ``` -Than continue with an editor of your choice to write the config. +Then continue with an editor of your choice to write the config. The only two differences are that we have suffixed the `` with `:80` and in the global config at `servers` directive, we have changed the port from `:443` to `:80`. From 02510f064075d6e9491a9e31e902f00de7822a8c Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 29 Nov 2023 09:42:21 +0100 Subject: [PATCH 13/16] refactor(webserver_configuration.md): move section describing how to change domain in caddy config after deleting default config --- panel/1.0/webserver_configuration.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index af23bafb..2fb8e472 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -116,8 +116,6 @@ sudo systemctl restart apache2 :::: :::: tab "Caddy With Automatic SSL" -You should paste the contents of the file bellow, replacing `` with your domain name. - Before adding our custom configuration, let's remove the default one. You can do it either by deleting the contents of config file or by deleting the config file completely and than creating a new one from scratch. The config file path is `/etc/caddy/Caddyfile`. To delete the config file completely, run the following command: @@ -128,6 +126,8 @@ rm /etc/caddy/Caddyfile Then continue with an editor of your choice to write the config. +You should paste the contents of the file bellow, replacing `` with your domain name. + <<< @/.snippets/webservers/Caddyfile{9} ::: tip @@ -145,8 +145,6 @@ systemctl restart caddy :::: :::: tab "Caddy Without SSL" -You should paste the contents of the file bellow, replacing `` with your domain name. - Before adding our custom configuration, let's remove the default one. You can do it either by deleting the contents of config file or by deleting the config file completely and than creating a new one from scratch. The config file path is `/etc/caddy/Caddyfile`. To delete the config file completely, run the following command: @@ -157,6 +155,8 @@ rm /etc/caddy/Caddyfile Then continue with an editor of your choice to write the config. +You should paste the contents of the file bellow, replacing `` with your domain name. + The only two differences are that we have suffixed the `` with `:80` and in the global config at `servers` directive, we have changed the port from `:443` to `:80`. <<< @/.snippets/webservers/Caddyfile-nossl{9} From 432c6cd42a003ba8709931aa27c0fcd116474d96 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 29 Nov 2023 09:46:38 +0100 Subject: [PATCH 14/16] refactor(creating_ssl_certificates.md): move file path out of snippet --- tutorials/creating_ssl_certificates.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tutorials/creating_ssl_certificates.md b/tutorials/creating_ssl_certificates.md index 814708fd..d381a171 100644 --- a/tutorials/creating_ssl_certificates.md +++ b/tutorials/creating_ssl_certificates.md @@ -167,8 +167,9 @@ After install Caddy with Cloudflare DNS plugin, we need to fetch a Cloudflare AP Create an environment variable file (like `.env`), keep in mind that this file contains secrets and should not be accessed by public. +We recommend that you create the secret file in the following location: `/etc/caddy/.secrets.env`. + ```bash -# /etc/caddy/.secrets.env CLOUDFLARE_API_TOKEN= ``` @@ -182,10 +183,9 @@ chown caddy:caddy /etc/caddy/.secrets.env chmod 0600 /etc/caddy/.secrets.env ``` -Modify the systemd unit file, to load environment variables from file (add `--envfile /etc/caddy/.secrets.env` flag to `ExecStart`): +Modify the systemd unit file, to load environment variables from file (add `--envfile /etc/caddy/.secrets.env` flag to `ExecStart`), the default systemd unit file location is `/etc/systemd/system/caddy.service`: ```unit{12} -# /etc/systemd/system/caddy.service [Unit] Description=Caddy Documentation=https://caddyserver.com/docs/ @@ -209,10 +209,9 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE WantedBy=multi-user.target ``` -You can add a `tls` block to your `Caddyfile`, under the `` block of your panel configuration: +You can add a `tls` block to your `Caddyfile`, under the `` block of your panel configuration, the Caddy config file location is `/etc/caddy/Caddyfile`: ```caddyfile{5-7} -# /etc/caddy/Caddyfile { # ... From f1ab970cb8765557412fb5c74127e6b31d45377d Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 29 Nov 2023 10:35:43 +0100 Subject: [PATCH 15/16] chore(webserver_configuration.md): remove whitespace (new line) after :::: tab --- panel/1.0/webserver_configuration.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index 2fb8e472..57729147 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -115,7 +115,6 @@ sudo systemctl restart apache2 :::: :::: tab "Caddy With Automatic SSL" - Before adding our custom configuration, let's remove the default one. You can do it either by deleting the contents of config file or by deleting the config file completely and than creating a new one from scratch. The config file path is `/etc/caddy/Caddyfile`. To delete the config file completely, run the following command: @@ -144,7 +143,6 @@ systemctl restart caddy :::: :::: tab "Caddy Without SSL" - Before adding our custom configuration, let's remove the default one. You can do it either by deleting the contents of config file or by deleting the config file completely and than creating a new one from scratch. The config file path is `/etc/caddy/Caddyfile`. To delete the config file completely, run the following command: From 10bf4f1416e48b27b239085bcf8facf7dfc6664b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= Date: Tue, 2 Jan 2024 10:24:22 +0100 Subject: [PATCH 16/16] fix(webserver_configuration.md): typo --- panel/1.0/webserver_configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/panel/1.0/webserver_configuration.md b/panel/1.0/webserver_configuration.md index 57729147..35e0ebc5 100644 --- a/panel/1.0/webserver_configuration.md +++ b/panel/1.0/webserver_configuration.md @@ -125,7 +125,7 @@ rm /etc/caddy/Caddyfile Then continue with an editor of your choice to write the config. -You should paste the contents of the file bellow, replacing `` with your domain name. +You should paste the contents of the file below, replacing `` with your domain name. <<< @/.snippets/webservers/Caddyfile{9} @@ -153,7 +153,7 @@ rm /etc/caddy/Caddyfile Then continue with an editor of your choice to write the config. -You should paste the contents of the file bellow, replacing `` with your domain name. +You should paste the contents of the file below, replacing `` with your domain name. The only two differences are that we have suffixed the `` with `:80` and in the global config at `servers` directive, we have changed the port from `:443` to `:80`.