Jump to content

Caddy - a lightweight HTTP2 web server

gurkendoktor

By gurkendoktor
in Dev Talk

 Share

Recommended Posts

LostKobrakai Hero Member

LostKobrakai

Posted
Posted

With php7 I don't see any reason why one would run hhvm besides at enterprice scale. Without 100% feature parity to php using hhvm is trading a spark more speed for the potential of having unexpected issues, which are probably hard to debug/reason about.

  • 4 years later...
netcarver Hero Member

netcarver

Posted
Posted

Hello wonderful Caddyphiles,

Do any of you have an updated config for PW and Caddy?  I wouldn't mind trying this out now Caddy has matured somewhat. Never run it before though so will start acquainting myself with the docs.

  • Like 1
Beluga Hero Member

Beluga

Posted
Posted

Here is my Caddy 2 config for a PW site:
  

mysite.fi, www.mysite.fi {
    encode gzip
    tls my@email.com
    root * /var/www/mysite/pw
    file_server

    php_fastcgi unix//var/run/php-fpm/php-fpm.sock {
        health_timeout 10000s
    }

    @deny_hidden path_regexp /\.
    @deny_root path_regexp /(CONTRIBUTING|COPYRIGHT|LICENSE|README|htaccess)\.txt
    @deny_assets path_regexp ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions)
    @deny_install path_regexp ^/site(-[^/]+)?/install
    @deny_config path_regexp ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php
    @deny_modules path_regexp ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl)
    @deny_templates path_regexp ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl)

    rewrite @deny_hidden /denyaccess
    rewrite @deny_root /denyaccess
    rewrite @deny_assets /denyaccess
    rewrite @deny_install /denyaccess
    rewrite @deny_config /denyaccess
    rewrite @deny_modules /denyaccess
    rewrite @deny_templates /denyaccess

    # global rule
    try_files {path} {path}/ /index.php?it={path}&{query}

    log {
        format single_field common_log
        output file /var/log/www/access.log {
            roll_size      50MiB
            roll_keep      5
            roll_keep_for  168h
        }
    }
}

 

  • Like 5
  • Thanks 2
  • 2 years later...
Jonathan Lahijani Hero Member

Jonathan Lahijani

Posted
Posted

I've been using Apache forever... never even touched nginx.  Today I felt like giving Caddy a try and it feels nice.

I developed what I believe is a much more improved Caddyfile that also supports ProCache and stronger blocking of files (returns a 403 like PW's htaccess file, instead of a 404 which is what /denyaccess seems to do).  I added a way to also put the site in maintenance mode (meaning all requests get rewritten to /maintenance.php) if /maintenance.php exists (which is now part of my deployment process).

Hopefully I can share the results in a week.

  • Like 5
bernhard Hero Member

bernhard

Posted
Posted
7 hours ago, Jonathan Lahijani said:

I added a way to also put the site in maintenance mode (meaning all requests get rewritten to /maintenance.php) if /maintenance.php exists (which is now part of my deployment process).

RockMigrations has a checkbox to prevent guest access. What you state hear sounds interesting. What do you think of adding that to RockMigrations?

  • Like 1
  • 2 years later...
Pete Hero Member

Pete

Posted
Posted

@Jonathan Lahijani just wondering if you got further with your Caddy file? Caddy looks really interesting to me but where you were at with your own config sounds like if I could take a look at your file it would save a lot of headaches working it out from scratch (lazy of me I know).

Jonathan Lahijani Hero Member

Jonathan Lahijani

Posted
Posted

@Pete I did get far with it, but I never ended up running a site with Caddy so it hasn't been battle tested.  I've messaged it to you directly as I don't want to post something incomplete for the public until I've really done my due diligence on it.

Jonathan Lahijani Hero Member

Jonathan Lahijani

Posted
Posted

This is a bit off-topic (however related to Caddy), but I have been re-doing my internal development setup, which is now powered by a dedicated Proxmox server (on a Minisforum MS-01) and uses LXC containers for ProcessWire sites.  On some containers, I just have one ProcessWire site, and on others, I have multiple.  Previously, I just had one bare-metal, dedicated server with all my sites on it, which is very convenient but I lose having parity with my production environments (which isn't a big deal with a typical website, but more-so for mission critical webapps; also I am trying to avoid using Docker).

So my internal infrastructure might look like this:

  • lxc1
    • site1.domain.com
    • site2.domain.com
    • site3.domain.com
  • lxc2
    • site4.domain.com

Since I want some of my development sites to be accessible from the outside on a dedicated subdomain like shown above, this requires the need of a reverse proxy since my internet connection has only 1 IP address.  Therefore, I set up another LXC which runs Caddy as a reverse proxy (also set up fail2ban to deal with stupid hackbots) which works so well and it's ridiculously easy to set up and takes care of SSL automatically.  I did this just a couple days ago, after not having played with Caddy for a couple years, so maybe this bit of excitement will get me back into using it directly as well.

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...