chef 3763 Posted January 13, 2023 Share Posted January 13, 2023 14 minutes ago, pwhodges said: No, sorry. But I haven't used it on Linux, which is what I tend to associate the term "socket" with. Re "route" - that's not what it is. Route is a directive to force a group of other directives to be handled in the order you write them rather than their default order. What I think you're trying to write with it is what's called a "matcher", which can be part of many directives - but in almost all cases "/*" is the default anyway. The route directive can have a matcher, but this is used to specify that the directives it controls are only used in that instance, and you might typically have multiple routes to specify different subsections of a web site. But for that purpose you would normally use "handle", which also specifies a group of directives to be used in just some of the web site, but doesn't force an order to override the default order on them as route does. Paul In this example, are the "route /*" necessary then? example.com { encode zstd gzip route /* handle_errors { rewrite * /redir-target/NoSignal404.html file_server } log file_server header { # disable FLoC tracking Permissions-Policy interest-cohort=() # enable HSTS Strict-Transport-Security max-age=31536000; # disable clients from sniffing the media type X-Content-Type-Options nosniff # clickjacking protection X-Frame-Options DENY # keep referrer data off of HTTP connections Referrer-Policy no-referrer-when-downgrade } } sub.example.com { route /* reverse_proxy 192.168.1.126:8096 header { # disable FLoC tracking Permissions-Policy interest-cohort=() # enable HSTS Strict-Transport-Security max-age=31536000; # disable clients from sniffing the media type X-Content-Type-Options nosniff # clickjacking protection X-Frame-Options DENY # keep referrer data off of HTTP connections Referrer-Policy no-referrer-when-downgrade } } Thanks so much for your help. Link to comment Share on other sites More sharing options...
pwhodges 1649 Posted January 14, 2023 Author Share Posted January 14, 2023 "Route /*" is serving no purpose in that setup, not least as it has no directives specified as the main parameter! Also, in the first site, "log" used with no parameters is enabling just access logging to the console - is this what you mean to enable, or do you want file logging? And the first site also doesn't specify what files the "file_server" directive can serve! - you need to include: "root * /path/to/site/files" (N.B. in this case, the "*" matcher, although default, is required to disambiguate the path which starts with a "/" as that can also start a matcher). Paul 1 Link to comment Share on other sites More sharing options...
chef 3763 Posted January 14, 2023 Share Posted January 14, 2023 It would be better to log to a text file. I could do this in the first version of caddy, but haven't been able to get that working properly this time around. Link to comment Share on other sites More sharing options...
seanbuff 933 Posted January 14, 2023 Share Posted January 14, 2023 9 minutes ago, chef said: It would be better to log to a text file. log { output file C:\caddy\logs\emby_access.log { roll true # Rotate logs, enabled by default roll_size_mb 5 # Set max size 5 MB roll_gzip true # Whether to compress rolled files roll_local_time true # Use localhost time roll_keep 2 # Keep at most 2 log files roll_keep_days 7 # Keep log files for 7 days } The above has worked for me 2 Link to comment Share on other sites More sharing options...
chef 3763 Posted January 14, 2023 Share Posted January 14, 2023 (edited) 48 minutes ago, seanbuff said: log { output file C:\caddy\logs\emby_access.log { roll true # Rotate logs, enabled by default roll_size_mb 5 # Set max size 5 MB roll_gzip true # Whether to compress rolled files roll_local_time true # Use localhost time roll_keep 2 # Keep at most 2 log files roll_keep_days 7 # Keep log files for 7 days } The above has worked for me Oh, log is like an object. Thank you. That's super helpful. So the only other thing that has got me confused is how 'root' points to a folder with site files. For instance if I had a folder which contains caddy. Then, a subfolder called 'main' (beside the caddy binaries), I thought that 'root * /main' would point to it. But, I think something isn't quite right. maybe it's suppose to be a full path to the site files? or maybe I have to do "./" Or ../" Edited January 14, 2023 by chef Link to comment Share on other sites More sharing options...
pwhodges 1649 Posted January 14, 2023 Author Share Posted January 14, 2023 If "main" is a subfolder you don't start the path with "/" which goes back to the base of the file system. Try "./main", where "." means "current directory". This is probably not necessary in Windows, but I think Linux might require it (or even Caddy's parsing might). BTW, you could also save typing by defining your big "header" block as a "snippet" at the top of the Caddyfile, which you then simply import into each site. Paul 1 Link to comment Share on other sites More sharing options...
chef 3763 Posted January 14, 2023 Share Posted January 14, 2023 (edited) Is there way to whitelist urls requesting data from one of my services through caddy? Or is that something that my service has to handle? Edit: https://stackoverflow.com/questions/66357765/caddy-v2-ip-whitelist Yes, looks possible. Edited January 14, 2023 by chef Link to comment Share on other sites More sharing options...
chef 3763 Posted January 15, 2023 Share Posted January 15, 2023 (edited) On 1/13/2023 at 7:37 PM, seanbuff said: log { output file C:\caddy\logs\emby_access.log { roll true # Rotate logs, enabled by default roll_size_mb 5 # Set max size 5 MB roll_gzip true # Whether to compress rolled files roll_local_time true # Use localhost time roll_keep 2 # Keep at most 2 log files roll_keep_days 7 # Keep log files for 7 days } The above has worked for me are you missing a curly brace in that example @seanbuff. EDIT: I was able to get this working by removing the localhost_time, and adding the brace. FOr some reason caddy didn't allow me to add the local_host time. log { output file "C:/Caddy 2/logs/emby/access.log" { roll true # Rotate logs, enabled by default roll_size_mb 5 # Set max size 5 MB roll_gzip true # Whether to compress rolled files roll_keep 2 # Keep at most 2 log files roll_keep_days 7 # Keep log files for 7 days } } Edited January 15, 2023 by chef Link to comment Share on other sites More sharing options...
chef 3763 Posted January 15, 2023 Share Posted January 15, 2023 17 hours ago, pwhodges said: BTW, you could also save typing by defining your big "header" block as a "snippet" at the top of the Caddyfile, which you then simply import into each site. Paul So, this right here was an invaluable piece of information thank you! (headers) { header { # disable FLoC tracking Permissions-Policy interest-cohort=() # enable HSTS Strict-Transport-Security max-age=31536000; # disable clients from sniffing the media type X-Content-Type-Options nosniff # clickjacking protection X-Frame-Options DENY # keep referrer data off of HTTP connections Referrer-Policy no-referrer-when-downgrade } } example.com { # use the snippet here to add headers! header import headers } Seems to work as far as I can see. Link to comment Share on other sites More sharing options...
seanbuff 933 Posted January 15, 2023 Share Posted January 15, 2023 5 hours ago, chef said: are you missing a curly brace in that example Correct, I just pulled out that snippet from a bigger config and missed that last brace. But I knew you're a clever guy so would have no issues 1 Link to comment Share on other sites More sharing options...
kikinjo 179 Posted January 17, 2023 Share Posted January 17, 2023 @pwhodges this is getting more interesting. tested my emby web for all suppoorted protocols...using online tools / web checkers. Results are all supported http1, http2 even http3 is working (after i opened udp port). But all emby clients web, andorid, windows..whatewver..when they connect they are http1, at least in emby web dashboard. Link to comment Share on other sites More sharing options...
rbjtech 4588 Posted January 17, 2023 Share Posted January 17, 2023 1 hour ago, kikinjo said: @pwhodges this is getting more interesting. tested my emby web for all suppoorted protocols...using online tools / web checkers. Results are all supported http1, http2 even http3 is working (after i opened udp port). But all emby clients web, andorid, windows..whatewver..when they connect they are http1, at least in emby web dashboard. Are you using https from the RP internal connection to the local emby web server ? Link to comment Share on other sites More sharing options...
kikinjo 179 Posted January 17, 2023 Share Posted January 17, 2023 7 minutes ago, rbjtech said: Are you using https from the RP internal connection to the local emby web server ? Nope, only from client to caddy is https. I mentioned that in first posts. Link to comment Share on other sites More sharing options...
rbjtech 4588 Posted January 17, 2023 Share Posted January 17, 2023 2 minutes ago, kikinjo said: Nope, only from client to caddy is https. I mentioned that in first posts. ok - so that's why then. For http2/3 - as the emby web server serves http2 only with https - then it will be falling back to http1. If you have a https connection from the RP to Emby - then I believe it should be delivered via http2. As a test I did a while back, using a direct connection (no RP), an external https connection got delivered using http2. Any internal connection via http, got delivered via http1. Link to comment Share on other sites More sharing options...
kikinjo 179 Posted January 17, 2023 Share Posted January 17, 2023 Thanks rbjtech for explanation. Link to comment Share on other sites More sharing options...
Riddler84 44 Posted January 29, 2023 Share Posted January 29, 2023 On 1/17/2023 at 6:59 PM, rbjtech said: If you have a https connection from the RP to Emby - then I believe it should be delivered via http2. Any idea how to achieve this with Caddy? Link to comment Share on other sites More sharing options...
pwhodges 1649 Posted January 30, 2023 Author Share Posted January 30, 2023 Create or acquire an appropriate certificate for the Emby server, install it in Emby and use https for the proxy backend. If your Emby is on a separate machine, you could install Caddy on that as well, with an http/1 link to localhost, and use this article to create an https link between the two Caddy servers - that would at least encrypt your data travelling in your local network. (j/k - I mean, you could...) But why do you want to? Http/1 probably gives you marginally better performance (I'd be surprised if you noticed, though), and if you want https because you consider your local network insecure you've other matters to worry about before your Emby setup. Paul 1 Link to comment Share on other sites More sharing options...
Gecko 66 Posted January 31, 2023 Share Posted January 31, 2023 Just adding my 2 cents for the posterity 19 hours ago, pwhodges said: Create or acquire an appropriate certificate for the Emby server, install it in Emby and use https for the proxy backend. If your Emby is on a separate machine, you could install Caddy on that as well, with an http/1 link to localhost, and use this article to create an https link between the two Caddy servers - that would at least encrypt your data travelling in your local network. (j/k - I mean, you could...) Paul This is exactly what I did (without the second caddy proxy). I connected Emby (through https port) with caddy. Each one are on 2 different machines (so that the one hosting emby can sleep and be awaken by the proxy whenever needed). At first, I installed nginx and it was ok but not great. I wanted to try out http/2 (https) which Caddy can provide to try to solve a bug I had with safari. Turns out the situation is far better but still not ideal so I will currently stay with Caddy (which I set up in merely 1 hour instead of days of document reading for nginx). But why do you want to? Http/1 probably gives you marginally better performance (I'd be surprised if you noticed, though), and if you want https because you consider your local network insecure you've other matters to worry about before your Emby setup. Performance wise, Caddy is a little bit faster using http/1.1 to connect Emby instead of http/2. (on my setup the chrome dev tools tells me that on average, a single .ts request of 20Mo is received ~100ms faster using http/1.1 compared to http/2. On wired and local connection. In the end of the day, I sense that http/2 seems more reliable for me. Maybe if Emby could serve http/2 requests without tls, the situation would be inverted, but I'm sure that's not an important tasks to tackle for the devs right now. @pwhodges, did you set up anything special in Caddyfile for Emby or left the default behaviour of Caddy? Link to comment Share on other sites More sharing options...
Gecko 66 Posted January 31, 2023 Share Posted January 31, 2023 For those interested, here's my actual Caddyfile for Emby. I've set it up with this facultative plugin that geo-filter incoming requests. Both http and https requests to emby are available if needed. I experimented special directive about buffering and response flushing, but so far, keeping the default values and behavior of Caddy seems to be the best for me. Caddyfile Link to comment Share on other sites More sharing options...
chef 3763 Posted January 31, 2023 Share Posted January 31, 2023 24 minutes ago, Gecko said: For those interested, here's my actual Caddyfile for Emby. I've set it up with this facultative plugin that geo-filter incoming requests. Both http and https requests to emby are available if needed. I experimented special directive about buffering and response flushing, but so far, keeping the default values and behavior of Caddy seems to be the best for me. Caddyfile 4.33 kB · 2 downloads cool. So did you have to sign up for GeoIP2? Link to comment Share on other sites More sharing options...
kikinjo 179 Posted January 31, 2023 Share Posted January 31, 2023 Gecko, is this caddy v1 config or v2? I was just googling about geo ip blocking with caddy and trying to implement it. Cheers Link to comment Share on other sites More sharing options...
Gecko 66 Posted January 31, 2023 Share Posted January 31, 2023 15 minutes ago, chef said: cool. So did you have to sign up for GeoIP2? Yes it’s free of charge at the country level and the best is that I just noticed on Caddy plugin page that another plugin allows to automatically recover the file for you every week. 3 minutes ago, kikinjo said: Gecko, is this caddy v1 config or v2? I was just googling about geo ip blocking with caddy and trying to implement it. Cheers It’s V2 1 Link to comment Share on other sites More sharing options...
kikinjo 179 Posted January 31, 2023 Share Posted January 31, 2023 gecko, on caddy download page i see caddy plus plugins download in one package. I m already running caddy, how to add this plugin / download now in my running caddy ? Cheers Link to comment Share on other sites More sharing options...
pwhodges 1649 Posted January 31, 2023 Author Share Posted January 31, 2023 1 hour ago, Gecko said: @pwhodges, did you set up anything special in Caddyfile for Emby or left the default behaviour of Caddy? Completely default. 9 minutes ago, kikinjo said: I'm already running caddy, how to add this plugin / download now in my running caddy ? You can't (Caddy runs as a single .exe). Just rebuild your usual version with the added plugin - that way you're also completely up to date. Paul 1 Link to comment Share on other sites More sharing options...
Gecko 66 Posted January 31, 2023 Share Posted January 31, 2023 38 minutes ago, kikinjo said: gecko, on caddy download page i see caddy plus plugins download in one package. I m already running caddy, how to add this plugin / download now in my running caddy ? Cheers Like pwhodges said, build yourself your image with the required plugins. I personally use docker and followed what's on the docker hub page using xcaddy command to add plugins. FROM caddy:<version>-builder AS builder RUN xcaddy build \ --with github.com/caddyserver/nginx-adapter \ --with github.com/hairyhenderson/caddy-teapot-module@v0.0.3-0 FROM caddy:<version> COPY --from=builder /usr/bin/caddy /usr/bin/caddy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now