Caddy: Move to more templated approach

no ref

- The goal here is to be able to provide more functionality to self-hosters through snippets and other segmented config
- Some customers run Admin <-> content domains on separate ones which our current config doesn't support
- Our current config also hardcodes a www redirect which complicates setups when you don't have that domain setup or don't even want it
- Moving to a default template customers will have to copy which includes snippets allows us to update these later on without breaking peoples setups

.editorconfig

@@ -24,3 +24,6 @@ indent_size = 2
 
 [Makefile]
 indent_style = tab
+
+[Caddyfile]
+indent_style = tab

.env.example

@@ -23,9 +23,13 @@ DATABASE_PASSWORD=ghostpassword
 ENABLE_DEVELOPER_EXPERIMENTS=false
 
 # Developer Experiments must be enabled above
-ENABLE_ACTIVITYPUB=false
 ENABLE_TRAFFIC_ANALYTICS=false
 
+# ActivityPub
+ENABLE_ACTIVITYPUB=false
+# If you'd prefer to self-host ActivityPub yourself uncomment the below line
+# ACTIVITYPUB_TARGET=activitypub:8080
+
 # Tinybird configuration
 TINYBIRD_API_URL=https://api.tinybird.co
 TINYBIRD_TRACKER_TOKEN=p.eyJxxxxx

Caddyfile

@@ -1,63 +0,0 @@
-# Replace your-domain.com with your actual domain
-{$DOMAIN} {
-    # Log all requests
-    log {
-        output stdout
-        format console
-        level INFO
-    }
-
-    # Proxy analytics requests with any prefix (e.g. /.ghost/analytics/ or /blog/.ghost/analytics/)
-    @analytics_paths path_regexp analytics_match ^(.*)/\.ghost/analytics(.*)$
-    handle @analytics_paths {
-        rewrite * {re.analytics_match.2}
-        reverse_proxy traffic-analytics:3000
-    }
-
-    # ActivityPub
-    # Proxy activitypub requests /.ghost/activitypub/
-    handle /.ghost/activitypub/* {
-        reverse_proxy https://ap.ghost.org
-    }
-
-    handle /.well-known/webfinger {
-        reverse_proxy https://ap.ghost.org
-    }
-
-    handle /.well-known/nodeinfo {
-        reverse_proxy https://ap.ghost.org
-    }
-
-    # Default proxy everything else to Ghost
-    handle {
-        reverse_proxy ghost:2368
-    }
-
-    # Optional: Enable gzip compression
-    encode gzip
-
-    # Optional: Add security headers
-    header {
-        # Enable HSTS
-        Strict-Transport-Security max-age=31536000;
-        # Prevent embedding in frames
-        X-Frame-Options DENY
-        # Enable XSS protection
-        X-XSS-Protection "1; mode=block"
-        # Prevent MIME sniffing
-        X-Content-Type-Options nosniff
-        # Referrer policy
-        Referrer-Policy strict-origin-when-cross-origin
-    }
-}
-
-# Redirect www to non-www (optional)
-www.{$DOMAIN} {
-    # Log all requests
-    log {
-        output stdout
-        format console
-        level INFO
-    }
-    redir https://{$DOMAIN}{uri}
-}

caddy/Caddyfile.example

@@ -0,0 +1,38 @@
+# Replace your-domain.com with your actual domain
+{$DOMAIN} {
+	import snippets/Logging
+
+	# Traffic Analytics service
+	import snippets/TrafficAnalytics
+
+	# ActivityPub Service
+	import snippets/ActivityPub
+
+	# Default proxy everything else to Ghost
+	handle {
+		reverse_proxy ghost:2368
+	}
+
+	# Optional: Enable gzip compression
+	encode gzip
+
+	# Optional: Add security headers
+	header {
+		# Enable HSTS
+		Strict-Transport-Security max-age=31536000;
+		# Prevent embedding in frames
+		X-Frame-Options DENY
+		# Enable XSS protection
+		X-XSS-Protection "1; mode=block"
+		# Prevent MIME sniffing
+		X-Content-Type-Options nosniff
+		# Referrer policy
+		Referrer-Policy strict-origin-when-cross-origin
+	}
+}
+
+# Redirect www to non-www (optional)
+www.{$DOMAIN} {
+	import snippets/Logging
+	redir https://{$DOMAIN}{uri}
+}

caddy/snippets/ActivityPub

@@ -0,0 +1,13 @@
+# ActivityPub
+# Proxy activitypub requests /.ghost/activitypub/
+handle /.ghost/activitypub/* {
+	reverse_proxy {$ACTIVITYPUB_TARGET}
+}
+
+handle /.well-known/webfinger {
+	reverse_proxy {$ACTIVITYPUB_TARGET}
+}
+
+handle /.well-known/nodeinfo {
+	reverse_proxy {$ACTIVITYPUB_TARGET}
+}

caddy/snippets/Logging

@@ -0,0 +1,6 @@
+# Log all requests
+log {
+	output stdout
+	format console
+	level INFO
+}

caddy/snippets/TrafficAnalytics

@@ -0,0 +1,6 @@
+# Proxy analytics requests with any prefix (e.g. /.ghost/analytics/ or /blog/.ghost/analytics/)
+@analytics_paths path_regexp analytics_match ^(.*)/\.ghost/analytics(.*)$
+handle @analytics_paths {
+	rewrite * {re.analytics_match.2}
+	reverse_proxy traffic-analytics:3000
+}

compose.yml

@@ -9,8 +9,9 @@ services:
       - "443:443"
     environment:
       DOMAIN: ${DOMAIN:?DOMAIN environment variable is required}
+      ACTIVITYPUB_TARGET: ${ACTIVITYPUB_TARGET:-https://ap.ghost.org}
     volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./caddy:/etc/caddy
       - caddy_data:/data
       - caddy_config:/config
     depends_on: