Update to caddy2

2020-05-19 21:26:04 +02:00 · 2020-05-19 21:26:04 +02:00 · 2008bd12ae
parent 7a35f631f2
commit 2008bd12ae
6 changed files with 28 additions and 51 deletions
--- a/README.md
+++ b/README.md
@ -19,7 +19,7 @@ Role Variables
 - caddy_email: email used to register ACME/Let's Encrypt stuff
 - caddy_update: yes/no - activate caddy updates
 - test_url: url used for the test page
- test_https: should the test page use https
+- test_acme: should the test page use acme or internal HTTPS
 - test_name: name of the test
 - test_code: test page source code directory
 - test_www: yes/no - enable redirection from www. to .
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -6,11 +6,11 @@ caddy_logs: /var/log/caddy
 caddy_conf: /etc/caddy
 caddy_confd: /etc/caddy/conf.d
 caddy_www: /var/www/caddy
-caddy_email: none@none.com
-caddy_update: yes

 test_url: none.none
-test_https: no
+test_acme: no
 test_name: test
 test_code: /var/www/caddy/test
 test_www: no
+
+caddy_version: 2.0.0
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,6 +1,6 @@
 galaxy_info:
  author: Wilfried OLLIVIER
-  description: Install Caddy webserver on Debian
+  description: Install Caddy (2) webserver on Debian
  company: none

  license: WTFPL
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -9,22 +9,14 @@
        shell=/bin/nologin
  tags: user

- name: Get all Caddy releases
-  get_url: url=https://api.github.com/repos/mholt/caddy/git/refs/tags
-           dest={{ caddy_home }}/releases
-           force=yes
-  when: caddy_update
-  register: caddy_releases_cache
-
 - name: Download new Caddy version or build
-  get_url: url=https://caddyserver.com/download/linux/amd64?license=personal&telemetry=off
-           dest=/tmp/caddy.tar.gz
+  get_url: url=https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_{{ caddy_version }}_linux_amd64.tar.gz
+           dest=/tmp/caddy_{{ caddy_version }}.tar.gz
           force=yes
-  when: caddy_releases_cache.changed
  register: caddy_binary_cache

 - name: Extract new Caddy version or build
-  unarchive: src=/tmp/caddy.tar.gz
+  unarchive: src=/tmp/caddy_{{ caddy_version }}.tar.gz
             dest=/usr/bin/
             copy=no
  when: caddy_binary_cache.changed
--- a/templates/caddy.service.j2
+++ b/templates/caddy.service.j2
@ -8,8 +8,8 @@ After=network.target
 WorkingDirectory={{ caddy_home }}
 User=caddy
 LimitNOFILE=8192
-ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile
-ExecReload=/bin/kill -USR1 $MAINPID
+ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
 Restart=on-failure
 StartLimitInterval=600
 TimeoutStopSec=5s
--- a/templates/http.caddy.j2
+++ b/templates/http.caddy.j2
@ -1,43 +1,28 @@
-{% if test_https %}
 {{ test_url }} {
-{% else %}
-http://{{ test_url }}
-{% endif %}

-    {% if test_https %}
-    header / {
-        # Enable HTTP Strict Transport Security (HSTS) to force clients to always
-        # connect via HTTPS (do not use if only testing)
-        Strict-Transport-Security "max-age=31536000;"
-        # Enable cross-site filter (XSS) and tell browser to block detected attacks
-        X-XSS-Protection "1; mode=block"
-        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
-        X-Content-Type-Options "nosniff"
-        # Disallow the site to be rendered within a frame (clickjacking protection)
-        X-Frame-Options "DENY"
-    }
+    {% if test_acme %}
+header / {
+    # Enable HTTP Strict Transport Security (HSTS) to force clients to always
+    # connect via HTTPS (do not use if only testing)
+    Strict-Transport-Security "max-age=31536000;"
+    # Enable cross-site filter (XSS) and tell browser to block detected attacks
+    X-XSS-Protection "1; mode=block"
+    # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+    X-Content-Type-Options "nosniff"
+    # Disallow the site to be rendered within a frame (clickjacking protection)
+    X-Frame-Options "DENY"
+}
    {% else %}
-    tls off
+tls internal
    {% endif %}

-    log {{ caddy_logs }}/{{ test_name }}/access.log {
-        rotate_size  100
-        rotate_age   30
-        rotate_keep  10
+    log  {
+        output file {{ caddy_logs }}/{{ test_name }}/vhost.log
    }

-    errors {{ caddy_logs }}/{{ test_name }}/errors.log {
-        rotate_size  100
-        rotate_age   30
-        rotate_keep  10
-    }
-
-    root {{ test_code }}/
-
-    gzip {
-        ext .jpg
-        level 9
-    }
+    root * {{ test_code }}
+    file_server
+    encode zstd gzip

 }