Switch reverse-proxy to Caddy and let it handle the certs

Do this to simply the entire deployment.
2024-02-15 14:58:27 +01:00
parent bcd065f42d
commit 89fda37a38
4 changed files with 8 additions and 77 deletions
--- a/docker_compose_applications/reverse-proxy/Caddyfile
+++ b/docker_compose_applications/reverse-proxy/Caddyfile
@@ -0,0 +1,3 @@
+pdf.consider-it.de {
+    reverse_proxy 127.0.0.1:8080
+}
--- a/docker_compose_applications/reverse-proxy/compose.yaml
+++ b/docker_compose_applications/reverse-proxy/compose.yaml
@@ -1,12 +1,13 @@
 # Links & Resources
-# - https://hub.docker.com/_/nginx
+# - https://hub.docker.com/_/caddy
+# - https://caddyserver.com/docs/

 services:
  caddy:
-    image: nginx
+    image: caddy
    ports:
      - "80:80"
      - "443:443"
    volumes:
-      - "./nginx.conf:/etc/nginx/nginx.conf:ro"
-      - "./conf.d/:/etc/nginx/conf.d/:ro"
+      - "./Caddyfile:/etc/caddy/Caddyfile:ro"
+      - "/ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data"
--- a/docker_compose_applications/reverse-proxy/conf.d/acme_challenge.conf
+++ b/docker_compose_applications/reverse-proxy/conf.d/acme_challenge.conf
@@ -1,23 +0,0 @@
-map $host $upstream_acme_challenge_host {
-    pdf.consider-it.de 127.0.0.1:8000;
-    default "";
-}
-
-server {
-    listen 80 default_server;
-
-    location /.well-known/acme-challenge/ {
-        proxy_pass http://$upstream_acme_challenge_host;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        # This is http in any case.
-        proxy_set_header X-Forwarded-Proto http;
-    }
-
-    # Better safe than sorry.
-    # Don't do a permanent redirect to avoid acme challenge pain.
-    location / {
-        return 307 https://$host$request_uri;
-    }
-}
--- a/docker_compose_applications/reverse-proxy/nginx.conf
+++ b/docker_compose_applications/reverse-proxy/nginx.conf
@@ -1,50 +0,0 @@
-# Modified nginx.conf from nginx Docker container from 2024-02-07, via the
-# following command:
-# docker run --rm --pull=always --entrypoint=cat nginx /etc/nginx/nginx.conf > ./nginx.conf
-
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log notice;
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
-# upstreams.
-stream {
-    map $ssl_preread_server_name $address {
-        pdf.consider-it.de 127.0.0.1:44300;
-    }
-
-    server {
-        listen 0.0.0.0:443;
-        listen [::]:443;
-        proxy_pass $address;
-        ssl_preread on;
-        proxy_protocol on;
-    }
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    include /etc/nginx/conf.d/*.conf;
-}