Update to caddy2
This commit is contained in:
parent
7a35f631f2
commit
2008bd12ae
|
|
@ -19,7 +19,7 @@ Role Variables
|
||||||
- caddy_email: email used to register ACME/Let's Encrypt stuff
|
- caddy_email: email used to register ACME/Let's Encrypt stuff
|
||||||
- caddy_update: yes/no - activate caddy updates
|
- caddy_update: yes/no - activate caddy updates
|
||||||
- test_url: url used for the test page
|
- test_url: url used for the test page
|
||||||
- test_https: should the test page use https
|
- test_acme: should the test page use acme or internal HTTPS
|
||||||
- test_name: name of the test
|
- test_name: name of the test
|
||||||
- test_code: test page source code directory
|
- test_code: test page source code directory
|
||||||
- test_www: yes/no - enable redirection from www. to .
|
- test_www: yes/no - enable redirection from www. to .
|
||||||
|
|
|
||||||
|
|
@ -6,11 +6,11 @@ caddy_logs: /var/log/caddy
|
||||||
caddy_conf: /etc/caddy
|
caddy_conf: /etc/caddy
|
||||||
caddy_confd: /etc/caddy/conf.d
|
caddy_confd: /etc/caddy/conf.d
|
||||||
caddy_www: /var/www/caddy
|
caddy_www: /var/www/caddy
|
||||||
caddy_email: none@none.com
|
|
||||||
caddy_update: yes
|
|
||||||
|
|
||||||
test_url: none.none
|
test_url: none.none
|
||||||
test_https: no
|
test_acme: no
|
||||||
test_name: test
|
test_name: test
|
||||||
test_code: /var/www/caddy/test
|
test_code: /var/www/caddy/test
|
||||||
test_www: no
|
test_www: no
|
||||||
|
|
||||||
|
caddy_version: 2.0.0
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Wilfried OLLIVIER
|
author: Wilfried OLLIVIER
|
||||||
description: Install Caddy webserver on Debian
|
description: Install Caddy (2) webserver on Debian
|
||||||
company: none
|
company: none
|
||||||
|
|
||||||
license: WTFPL
|
license: WTFPL
|
||||||
|
|
|
||||||
|
|
@ -9,22 +9,14 @@
|
||||||
shell=/bin/nologin
|
shell=/bin/nologin
|
||||||
tags: user
|
tags: user
|
||||||
|
|
||||||
- name: Get all Caddy releases
|
|
||||||
get_url: url=https://api.github.com/repos/mholt/caddy/git/refs/tags
|
|
||||||
dest={{ caddy_home }}/releases
|
|
||||||
force=yes
|
|
||||||
when: caddy_update
|
|
||||||
register: caddy_releases_cache
|
|
||||||
|
|
||||||
- name: Download new Caddy version or build
|
- name: Download new Caddy version or build
|
||||||
get_url: url=https://caddyserver.com/download/linux/amd64?license=personal&telemetry=off
|
get_url: url=https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_{{ caddy_version }}_linux_amd64.tar.gz
|
||||||
dest=/tmp/caddy.tar.gz
|
dest=/tmp/caddy_{{ caddy_version }}.tar.gz
|
||||||
force=yes
|
force=yes
|
||||||
when: caddy_releases_cache.changed
|
|
||||||
register: caddy_binary_cache
|
register: caddy_binary_cache
|
||||||
|
|
||||||
- name: Extract new Caddy version or build
|
- name: Extract new Caddy version or build
|
||||||
unarchive: src=/tmp/caddy.tar.gz
|
unarchive: src=/tmp/caddy_{{ caddy_version }}.tar.gz
|
||||||
dest=/usr/bin/
|
dest=/usr/bin/
|
||||||
copy=no
|
copy=no
|
||||||
when: caddy_binary_cache.changed
|
when: caddy_binary_cache.changed
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,8 @@ After=network.target
|
||||||
WorkingDirectory={{ caddy_home }}
|
WorkingDirectory={{ caddy_home }}
|
||||||
User=caddy
|
User=caddy
|
||||||
LimitNOFILE=8192
|
LimitNOFILE=8192
|
||||||
ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile
|
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
|
||||||
ExecReload=/bin/kill -USR1 $MAINPID
|
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
StartLimitInterval=600
|
StartLimitInterval=600
|
||||||
TimeoutStopSec=5s
|
TimeoutStopSec=5s
|
||||||
|
|
|
||||||
|
|
@ -1,43 +1,28 @@
|
||||||
{% if test_https %}
|
|
||||||
{{ test_url }} {
|
{{ test_url }} {
|
||||||
{% else %}
|
|
||||||
http://{{ test_url }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if test_https %}
|
{% if test_acme %}
|
||||||
header / {
|
header / {
|
||||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
|
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
|
||||||
# connect via HTTPS (do not use if only testing)
|
# connect via HTTPS (do not use if only testing)
|
||||||
Strict-Transport-Security "max-age=31536000;"
|
Strict-Transport-Security "max-age=31536000;"
|
||||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||||
X-XSS-Protection "1; mode=block"
|
X-XSS-Protection "1; mode=block"
|
||||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
X-Content-Type-Options "nosniff"
|
X-Content-Type-Options "nosniff"
|
||||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||||
X-Frame-Options "DENY"
|
X-Frame-Options "DENY"
|
||||||
}
|
}
|
||||||
{% else %}
|
{% else %}
|
||||||
tls off
|
tls internal
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
log {{ caddy_logs }}/{{ test_name }}/access.log {
|
log {
|
||||||
rotate_size 100
|
output file {{ caddy_logs }}/{{ test_name }}/vhost.log
|
||||||
rotate_age 30
|
|
||||||
rotate_keep 10
|
|
||||||
}
|
}
|
||||||
|
|
||||||
errors {{ caddy_logs }}/{{ test_name }}/errors.log {
|
root * {{ test_code }}
|
||||||
rotate_size 100
|
file_server
|
||||||
rotate_age 30
|
encode zstd gzip
|
||||||
rotate_keep 10
|
|
||||||
}
|
|
||||||
|
|
||||||
root {{ test_code }}/
|
|
||||||
|
|
||||||
gzip {
|
|
||||||
ext .jpg
|
|
||||||
level 9
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue