diff options
| author | Alan Pearce | 2023-07-02 09:05:52 +0200 |
|---|---|---|
| committer | Alan Pearce | 2023-07-02 09:05:52 +0200 |
| commit | b180e25232ba4fd943c5eb5ff6ca0a1d70ee7e16 (patch) | |
| tree | 9a93549c7168d3344afd1338a8b714d33c68f911 | |
| parent | b4dc3bd51b45d1343cdf486e4cb54e5e92295534 (diff) | |
| download | website-b180e25232ba4fd943c5eb5ff6ca0a1d70ee7e16.tar.lz website-b180e25232ba4fd943c5eb5ff6ca0a1d70ee7e16.tar.zst website-b180e25232ba4fd943c5eb5ff6ca0a1d70ee7e16.zip | |
Use fly proxy for TLS termination, using h2c
| -rw-r--r-- | Caddyfile | 17 | ||||
| -rw-r--r-- | Dockerfile | 13 | ||||
| -rw-r--r-- | fly.toml | 34 |
3 files changed, 41 insertions, 23 deletions
diff --git a/Caddyfile b/Caddyfile index 576a1d0..a53abba 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,16 +1,26 @@ { admin off persist_config off - http_port 8080 + auto_https disable_redirects + acme_ca https://acme.zerossl.com/v2/DV90 + storage redis { + } + servers :80 { + protocols h1 h2c + trusted_proxies static private_ranges + } } :9091 { metrics } +http://, +http://alanpearce.uk, +http://www.alanpearce.uk, http://www.alanpearce.eu { header Cache-Control max-age=31536000 - redir https://alanpearce.eu{uri} + redir https://alanpearce.eu{uri} permanent } http://alanpearce.eu { @@ -37,4 +47,7 @@ http://alanpearce.eu { respond /favicon.ico 204 redir /index.xml /atom.xml redir /post/index.xml /atom.xml + + @http header X-Forwarded-Proto http + redir @http https://alanpearce.eu{uri} } diff --git a/Dockerfile b/Dockerfile index bf01304..ca10c88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,18 @@ -FROM docker.io/caddy:2-alpine +ARG VERSION=2.6 +ARG VARIANT=alpine + +FROM docker.io/caddy:${VERSION}-builder-${VARIANT} AS builder + +RUN xcaddy build \ + --with github.com/gamalan/caddy-tlsredis + +FROM docker.io/caddy:${VERSION}-${VARIANT} + +COPY --from=builder /usr/bin/caddy /usr/bin/caddy COPY Caddyfile /etc/caddy/ COPY public /srv EXPOSE 9091/tcp -EXPOSE 8080/tcp ENV SITE_ROOT=/srv diff --git a/fly.toml b/fly.toml index e6363d2..1bc1440 100644 --- a/fly.toml +++ b/fly.toml @@ -1,5 +1,3 @@ -# fly.toml file generated for alanpearce-eu on 2023-06-30T19:28:33+02:00 - app = "alanpearce-eu" kill_signal = "SIGINT" kill_timeout = 5 @@ -10,22 +8,20 @@ primary_region = "ams" path = "/metrics" [env] + CADDY_CLUSTERING_REDIS_HOST = "fly-caddy-storage.upstash.io" SITE_ROOT = "/srv" -[http_service] - internal_port = 8080 - force_https = true - auto_stop_machines = true - auto_start_machines = true - min_machines_running = 1 - [http_service.concurrency] - type = "requests" - soft_limit = 2000 - hard_limit = 2500 - [[http_service.checks]] - grace_period = "10s" - interval = "30s" - method = "GET" - timeout = "5s" - path = "/" - +[[services]] + internal_port = 80 + protocol = "tcp" + [services.concurrency] + type = "connections" + hard_limit = 25 + soft_limit = 20 + [[services.ports]] + handlers = ["http"] + port = 80 + [[services.ports]] + handlers = ["tls"] + port = "443" + tls_options = { "alpn" = ["h2"] } |