Update to caddy2
This commit is contained in:
parent
7a35f631f2
commit
2008bd12ae
6 changed files with 28 additions and 51 deletions
|
@ -19,7 +19,7 @@ Role Variables
|
|||
- caddy_email: email used to register ACME/Let's Encrypt stuff
|
||||
- caddy_update: yes/no - activate caddy updates
|
||||
- test_url: url used for the test page
|
||||
- test_https: should the test page use https
|
||||
- test_acme: should the test page use acme or internal HTTPS
|
||||
- test_name: name of the test
|
||||
- test_code: test page source code directory
|
||||
- test_www: yes/no - enable redirection from www. to .
|
||||
|
|
|
@ -6,11 +6,11 @@ caddy_logs: /var/log/caddy
|
|||
caddy_conf: /etc/caddy
|
||||
caddy_confd: /etc/caddy/conf.d
|
||||
caddy_www: /var/www/caddy
|
||||
caddy_email: none@none.com
|
||||
caddy_update: yes
|
||||
|
||||
test_url: none.none
|
||||
test_https: no
|
||||
test_acme: no
|
||||
test_name: test
|
||||
test_code: /var/www/caddy/test
|
||||
test_www: no
|
||||
|
||||
caddy_version: 2.0.0
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
galaxy_info:
|
||||
author: Wilfried OLLIVIER
|
||||
description: Install Caddy webserver on Debian
|
||||
description: Install Caddy (2) webserver on Debian
|
||||
company: none
|
||||
|
||||
license: WTFPL
|
||||
|
|
|
@ -9,22 +9,14 @@
|
|||
shell=/bin/nologin
|
||||
tags: user
|
||||
|
||||
- name: Get all Caddy releases
|
||||
get_url: url=https://api.github.com/repos/mholt/caddy/git/refs/tags
|
||||
dest={{ caddy_home }}/releases
|
||||
force=yes
|
||||
when: caddy_update
|
||||
register: caddy_releases_cache
|
||||
|
||||
- name: Download new Caddy version or build
|
||||
get_url: url=https://caddyserver.com/download/linux/amd64?license=personal&telemetry=off
|
||||
dest=/tmp/caddy.tar.gz
|
||||
get_url: url=https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_{{ caddy_version }}_linux_amd64.tar.gz
|
||||
dest=/tmp/caddy_{{ caddy_version }}.tar.gz
|
||||
force=yes
|
||||
when: caddy_releases_cache.changed
|
||||
register: caddy_binary_cache
|
||||
|
||||
- name: Extract new Caddy version or build
|
||||
unarchive: src=/tmp/caddy.tar.gz
|
||||
unarchive: src=/tmp/caddy_{{ caddy_version }}.tar.gz
|
||||
dest=/usr/bin/
|
||||
copy=no
|
||||
when: caddy_binary_cache.changed
|
||||
|
|
|
@ -8,8 +8,8 @@ After=network.target
|
|||
WorkingDirectory={{ caddy_home }}
|
||||
User=caddy
|
||||
LimitNOFILE=8192
|
||||
ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
|
||||
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
|
||||
Restart=on-failure
|
||||
StartLimitInterval=600
|
||||
TimeoutStopSec=5s
|
||||
|
|
|
@ -1,43 +1,28 @@
|
|||
{% if test_https %}
|
||||
{{ test_url }} {
|
||||
{% else %}
|
||||
http://{{ test_url }}
|
||||
{% endif %}
|
||||
|
||||
{% if test_https %}
|
||||
header / {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
|
||||
# connect via HTTPS (do not use if only testing)
|
||||
Strict-Transport-Security "max-age=31536000;"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
}
|
||||
{% if test_acme %}
|
||||
header / {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
|
||||
# connect via HTTPS (do not use if only testing)
|
||||
Strict-Transport-Security "max-age=31536000;"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
}
|
||||
{% else %}
|
||||
tls off
|
||||
tls internal
|
||||
{% endif %}
|
||||
|
||||
log {{ caddy_logs }}/{{ test_name }}/access.log {
|
||||
rotate_size 100
|
||||
rotate_age 30
|
||||
rotate_keep 10
|
||||
log {
|
||||
output file {{ caddy_logs }}/{{ test_name }}/vhost.log
|
||||
}
|
||||
|
||||
errors {{ caddy_logs }}/{{ test_name }}/errors.log {
|
||||
rotate_size 100
|
||||
rotate_age 30
|
||||
rotate_keep 10
|
||||
}
|
||||
|
||||
root {{ test_code }}/
|
||||
|
||||
gzip {
|
||||
ext .jpg
|
||||
level 9
|
||||
}
|
||||
root * {{ test_code }}
|
||||
file_server
|
||||
encode zstd gzip
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue