SSL with Caddy

[Animosity022 6]

I've seen a number of posts on using NGinx or other reverse proxies as my mantra tends to be the simplest / easiest tool for the job. I've been using Caddy for some time now with Emby and it works so well and the ease of use is really where it is at. I do a pretty simple command line build as I use CloudFlare DNS along with CloudFlare to sit in front of Emby since it is free and I can toggle it on / off as well.

 

My build script:

 

 

CADDY_TELEMETRY=on curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.jwt,http.login,http.realip,tls.dns.cloudflare


# if missing the setcap package
#sudo apt-get install libcap2-bin -y


sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy

 

 

For me that sets up the caching part along with a few other plugins that I use for my other apps and I sit those behind Google oAuth.

 

My entire Caddyfile for Emby is below as that handles the SSL cert via validating my DNS name via CloudFlare and that's done by setting a few environment variables in my service file:

 

; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/opt/caddy/ssl
Environment=CLOUDFLARE_API_KEY=yourkeyhere
Environment=CLOUDFLARE_EMAIL=email@domain.us

 

 

Caddyfile:

 

emby.domain.us {
gzip
realip cloudflare
log /opt/caddy/logs/emby.log
tls {
        dns cloudflare
}
proxy / 127.0.0.1:8096 {
        transparent
        websocket
        timeout 1h
        }
}

 

 

Considering that's the entire config for Caddy and I get what each line does, it really pales in terms of how simple it is against NGinx or anything else. 

Edited August 15, 2019 by Animosity022

[Luke 42081]

Thanks for the info.