Update to caddy2

This commit is contained in:
Wilfried OLLIVIER 2020-05-19 21:26:04 +02:00
parent 7a35f631f2
commit 2008bd12ae
6 changed files with 28 additions and 51 deletions

View file

@ -19,7 +19,7 @@ Role Variables
- caddy_email: email used to register ACME/Let's Encrypt stuff
- caddy_update: yes/no - activate caddy updates
- test_url: url used for the test page
- test_https: should the test page use https
- test_acme: should the test page use acme or internal HTTPS
- test_name: name of the test
- test_code: test page source code directory
- test_www: yes/no - enable redirection from www. to .

View file

@ -6,11 +6,11 @@ caddy_logs: /var/log/caddy
caddy_conf: /etc/caddy
caddy_confd: /etc/caddy/conf.d
caddy_www: /var/www/caddy
caddy_email: none@none.com
caddy_update: yes
test_url: none.none
test_https: no
test_acme: no
test_name: test
test_code: /var/www/caddy/test
test_www: no
caddy_version: 2.0.0

View file

@ -1,6 +1,6 @@
galaxy_info:
author: Wilfried OLLIVIER
description: Install Caddy webserver on Debian
description: Install Caddy (2) webserver on Debian
company: none
license: WTFPL

View file

@ -9,22 +9,14 @@
shell=/bin/nologin
tags: user
- name: Get all Caddy releases
get_url: url=https://api.github.com/repos/mholt/caddy/git/refs/tags
dest={{ caddy_home }}/releases
force=yes
when: caddy_update
register: caddy_releases_cache
- name: Download new Caddy version or build
get_url: url=https://caddyserver.com/download/linux/amd64?license=personal&telemetry=off
dest=/tmp/caddy.tar.gz
get_url: url=https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_{{ caddy_version }}_linux_amd64.tar.gz
dest=/tmp/caddy_{{ caddy_version }}.tar.gz
force=yes
when: caddy_releases_cache.changed
register: caddy_binary_cache
- name: Extract new Caddy version or build
unarchive: src=/tmp/caddy.tar.gz
unarchive: src=/tmp/caddy_{{ caddy_version }}.tar.gz
dest=/usr/bin/
copy=no
when: caddy_binary_cache.changed

View file

@ -8,8 +8,8 @@ After=network.target
WorkingDirectory={{ caddy_home }}
User=caddy
LimitNOFILE=8192
ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile
ExecReload=/bin/kill -USR1 $MAINPID
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
Restart=on-failure
StartLimitInterval=600
TimeoutStopSec=5s

View file

@ -1,11 +1,7 @@
{% if test_https %}
{{ test_url }} {
{% else %}
http://{{ test_url }}
{% endif %}
{% if test_https %}
header / {
{% if test_acme %}
header / {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
# connect via HTTPS (do not use if only testing)
Strict-Transport-Security "max-age=31536000;"
@ -15,29 +11,18 @@ http://{{ test_url }}
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
}
}
{% else %}
tls off
tls internal
{% endif %}
log {{ caddy_logs }}/{{ test_name }}/access.log {
rotate_size 100
rotate_age 30
rotate_keep 10
log {
output file {{ caddy_logs }}/{{ test_name }}/vhost.log
}
errors {{ caddy_logs }}/{{ test_name }}/errors.log {
rotate_size 100
rotate_age 30
rotate_keep 10
}
root {{ test_code }}/
gzip {
ext .jpg
level 9
}
root * {{ test_code }}
file_server
encode zstd gzip
}