Caddy
A fair Caddy quadlets set:
#caddy.network
[Network]
NetworkName=caddy.network
#caddy_config.volume
[Volume]
VolumeName=caddy_config
#caddy_data.volume
[Volume]
VolumeName=caddy_data
#caddy.container
[Unit]
Description=Caddy OVH
[Container]
ContainerName=caddy
Image=localhost/caddy-ovh:2
Volume=%h/.config/containers/storage/caddy/conf:/etc/caddy
Volume=%h/.config/containers/storage/caddy/sites:/srv
Volume=%h/.config/containers/storage/caddy/logs:/var/log/caddy
Volume=caddy_data:/data
Volume=caddy_config:/config
PublishPort=80:80
PublishPort=443:443
Network=caddy.network
Environment=EMAIL=info@epicjourney.dev
Environment=LOG_FILE=/data/access.log
[Service]
Restart=always
[Install]
WantedBy=default.target
generate directories
mkdir -p ~/.config/containers/storage/caddy/{conf,sites,logs}
Containerfile
This quadlet relies on a Caddy instance builded with the ovh dns plugin.
#Containerfile
FROM docker.io/caddy:2-builder AS builder
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
xcaddy build \
--with github.com/caddy-dns/ovh
FROM docker.io/caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Caddyfile
A working OVH configuration plus some trivial websites and reverse proxies. This file runs this website.
{
email info@epicjourney.dev
dns ovh {
endpoint ovh-eu
application_key secret
application_secret secret
consumer_key secret
}
}
www.epicjourney.dev {
redir https://epicjourney.dev{uri} permanent
}
epicjourney.dev {
root * /srv/epicjourney.dev
file_server
encode gzip zstd
}
git.epicjourney.dev {
reverse_proxy forgejo:3000
}
bind privileged ports with rootless containers
I choose this solution
echo "net.ipv4.ip_unprivileged_port_start=80" | sudo tee /etc/sysctl.d/99-unprivileged-ports.conf
sudo sysctl -p /etc/sysctl.d/99-unprivileged-ports.conf