Caddy: Move to more templated approach

no ref - The goal here is to be able to provide more functionality to self-hosters through snippets and other segmented config - Some customers run Admin <-> content domains on separate ones which our current config doesn't support - Our current config also hardcodes a www redirect which complicates setups when you don't have that domain setup or don't even want it - Moving to a default template customers will have to copy which includes snippets allows us to update these later on without breaking peoples setups
2026-05-13 15:09:34 +00:00 · 2025-07-15 15:44:28 +10:00
parent 190a350bd5
commit 8d0d565df9
8 changed files with 73 additions and 65 deletions
--- a/caddy/Caddyfile.example
+++ b/caddy/Caddyfile.example
@@ -0,0 +1,38 @@
+# Replace your-domain.com with your actual domain
+{$DOMAIN} {
+	import snippets/Logging
+
+	# Traffic Analytics service
+	import snippets/TrafficAnalytics
+
+	# ActivityPub Service
+	import snippets/ActivityPub
+
+	# Default proxy everything else to Ghost
+	handle {
+		reverse_proxy ghost:2368
+	}
+
+	# Optional: Enable gzip compression
+	encode gzip
+
+	# Optional: Add security headers
+	header {
+		# Enable HSTS
+		Strict-Transport-Security max-age=31536000;
+		# Prevent embedding in frames
+		X-Frame-Options DENY
+		# Enable XSS protection
+		X-XSS-Protection "1; mode=block"
+		# Prevent MIME sniffing
+		X-Content-Type-Options nosniff
+		# Referrer policy
+		Referrer-Policy strict-origin-when-cross-origin
+	}
+}
+
+# Redirect www to non-www (optional)
+www.{$DOMAIN} {
+	import snippets/Logging
+	redir https://{$DOMAIN}{uri}
+}
--- a/caddy/snippets/ActivityPub
+++ b/caddy/snippets/ActivityPub
@@ -0,0 +1,13 @@
+# ActivityPub
+# Proxy activitypub requests /.ghost/activitypub/
+handle /.ghost/activitypub/* {
+	reverse_proxy {$ACTIVITYPUB_TARGET}
+}
+
+handle /.well-known/webfinger {
+	reverse_proxy {$ACTIVITYPUB_TARGET}
+}
+
+handle /.well-known/nodeinfo {
+	reverse_proxy {$ACTIVITYPUB_TARGET}
+}
--- a/caddy/snippets/Logging
+++ b/caddy/snippets/Logging
@@ -0,0 +1,6 @@
+# Log all requests
+log {
+	output stdout
+	format console
+	level INFO
+}
--- a/caddy/snippets/TrafficAnalytics
+++ b/caddy/snippets/TrafficAnalytics
@@ -0,0 +1,6 @@
+# Proxy analytics requests with any prefix (e.g. /.ghost/analytics/ or /blog/.ghost/analytics/)
+@analytics_paths path_regexp analytics_match ^(.*)/\.ghost/analytics(.*)$
+handle @analytics_paths {
+	rewrite * {re.analytics_match.2}
+	reverse_proxy traffic-analytics:3000
+}