agala/server-initializer
1
0
Fork 0
mirror of https://github.com/elAgala/server-initializer.git synced 2026-02-14 05:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: refactor caddy folder structure

Browse Source
This commit is contained in:
elAgala
2025-07-09 00:08:57 -03:00
parent 10b0f122e1
commit 925cf377c7
5 changed files with 44 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
templates/caddy/full/caddy/Caddyfile
View File

@@ -7,7 +7,7 @@
# Logging # Logging
log { log {
level DEBUG level INFO
format console format console
} }
@@ -19,40 +19,5 @@
} }
# Example: Static file server # Import all site configurations from sites-enabled directory
# static.example.com { import /etc/caddy/sites-enabled/*.Caddyfile
# root * /srv/static/test
# file_server
# }
# Example: Reverse Proxy for service running in docker container (must be under caddy_net)
# api.example.com {
# coraza_waf {
# directives `
# Include /etc/caddy/coraza.conf
# `
# }
#
# reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
# }
# Example: Bypassing WAF for given API path
# NEEDED FOR PROMETHEUS
# api.example2.com {
# basic_auth {
# agala {$PROMETHEUS_PASSWORD}
# }
#
# @waf {
# not path /api/v1/*
# }
#
# handle @waf {
# coraza_waf {
# directives `
# Include /etc/caddy/coraza.conf
# `
# }
# }
# reverse_proxy * http://prometheus:9090
# }

2
templates/caddy/full/caddy/coraza/coraza.conf
View File

@@ -6,7 +6,7 @@
# only to start with, because that minimises the chances of post-installation # only to start with, because that minimises the chances of post-installation
# disruption. # disruption.
# #
SecRuleEngine DetectionOnly SecRuleEngine On
# -- Request body handling --------------------------------------------------- # -- Request body handling ---------------------------------------------------

19
templates/caddy/full/caddy/sites-enabled/examples.Caddyfile Normal file
View File

@@ -0,0 +1,19 @@
# Example configurations for different use cases
# Remove this file and create your own site-specific Caddyfiles
# Example: Static file server
# static.example.com {
# root * /srv/static/YOUR_APP_FOLDER
# file_server
# }
# Example: Reverse Proxy for service running in docker container (must be under caddy_net)
# api.example.com {
# coraza_waf {
# directives `
# Include /etc/caddy/coraza.conf
# `
# }
#
# reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
# }

20
templates/caddy/full/caddy/sites-enabled/prometheus.Caddyfile Normal file
View File

@@ -0,0 +1,20 @@
# Prometheus monitoring endpoint
# Bypasses WAF for API endpoints since Prometheus scraping doesn't need WAF protection
prometheus.example.com {
basic_auth {
agala {$PROMETHEUS_PASSWORD}
}
@waf {
not path /api/v1/*
}
handle @waf {
coraza_waf {
directives `
Include /etc/caddy/coraza.conf
`
}
}
reverse_proxy * http://prometheus:9090
}

1
templates/caddy/full/docker-compose.yml
View File

@@ -25,6 +25,7 @@ services:
volumes: volumes:
- ../../deploy/static:/srv/static # Your static files location - ../../deploy/static:/srv/static # Your static files location
- ./caddy/Caddyfile:/etc/caddy/Caddyfile - ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/sites-enabled:/etc/caddy/sites-enabled
- ./caddy/coraza/coraza.conf:/etc/caddy/coraza.conf - ./caddy/coraza/coraza.conf:/etc/caddy/coraza.conf
- ./caddy/logs:/var/log/caddy - ./caddy/logs:/var/log/caddy
- caddy_data:/data - caddy_data:/data