User Tools

Site Tools


esxi:caddy_server

Table of Contents

Caddy Server

FIXME: Explain the page/service. Using Caddy to host the list, Love Letter counter, and reverse proxy many internal sites

Setup

First, install a base installation of Photon OS with the following changes:

  • Hostname: Caddy
  • CPU: 1
  • Memory: 2GB

Setup minimal installed profile of PhotonOS

  • Download the Photon OS OVA with virtual hardware v13 from https://github.com/vmware/photon/wiki/Downloading-Photon-OS
  • In ESXi:
    • Create/Register VM:
      • Deploy a virtual machine from an OVF or OVA file
      • Name the VM
      • Upload the Photon OS OVA file
      • Specify the desired Target Datastore
      • Accept the License Agreement
      • Deselect Power on automatically
      • Confirm settings and Finish
    • Wait for the files to upload
    • If autostart is desired for this machine go to Host > Manage > System > Autostart:
      • Click on the current VM
      • Enable
      • Use Start earlier and Start later to set the desired order
    • Go to Virtual Machines on the sidebar and click on the current VM
    • Actions > Edit Settings:
      • CPU > Enable Expose hardware assisted virtualization to the guest OS
      • If using NVMe storage for the datastore:
        • Add other device > NVMe controller
        • Hard Disk 1 > Controller location > NVMe controller 0
        • Save and reopen Edit Settings
        • Remove SCSI controller 0
      • NOTE: Disable Secure Boot because of an issue after updating, see Issue #974
      • Select other appropriate VM settings depending on desired applications
    • Power on the VM, then shut it down again to generate a MAC address
    • Give the VM a static IP address from your router using the generated MAC address (found under Hardware Configuration > Network adapter 1) and desired hostname
    • Power on the VM
    • Using an SSH client, connect to the hostname set above, then run:
# Login with root details from the VM note
# Follow instructions to set new password
# Update packages:
tdnf upgrade
# Disable password expiry:
chage -M -1 root
# Set new hostname:
hostnamectl set-hostname <hostname-as-set-in-router>
# Set the timezone to Perth
ln -sf /usr/share/zoneinfo/Australia/Perth /etc/localtime
# Change the SSH port to 50001:
sed -i "s/#Port 22/Port 50001/" /etc/ssh/sshd_config
sed -i "s/-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT/-A INPUT -p tcp -m tcp --dport 50001 -m state --state NEW -j ACCEPT/" /etc/systemd/scripts/ip4save
exit
  • Shutdown the VM
  • Edit VM note to be the following:
Minimal installed profile of PhotonOS
User: root

Ports:
50001/tcp SSH
  • Save a snapshot called Base Install
2020/05/18 18:24 · derek

Install Caddy Server:

  • Add a port forwarding rule in your router for tcp, port http,https to the IP of the VM
  • Using an SSH client, connect to <hostname>:50001 then run:
# Allow http/https through iptables
sed -i "s/COMMIT/-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\nCOMMIT/" /etc/systemd/scripts/ip4save
reboot  # And then reconnect the SSH client
 
# Download Caddy
tdnf install tar
mkdir /tmp/caddydir
# Copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file from https://github.com/caddyserver/caddy/releases/latest
curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>"
tar -xzf caddy.tar.gz -C /tmp/caddydir
mv /tmp/caddydir/caddy /usr/bin/
rm /tmp/caddydir/*
 
# Add the caddy group and user
groupadd --system caddy
useradd --system \
    --gid caddy \
    --create-home \
    --home-dir /var/lib/caddy \
    --shell /usr/sbin/nologin \
    --comment "Caddy web server" \
    caddy
 
# Config file and html pages
cd /usr/bin
curl -L -o "fetch" "https://github.com/gruntwork-io/fetch/releases/latest/download/fetch_linux_amd64"
chmod u+x fetch
# Generate a GitHub Personal Access Token at https://github.com/settings/tokens
fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy
chmod -R a=r,u+w,a+X /etc/caddy
 
# Setup startup, and run
curl -L -o /etc/systemd/system/caddy.service "https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service"
systemctl daemon-reload
systemctl enable caddy
systemctl start caddy
  • Edit the VM note and append the following FIXME:

  • Save a snapshot called Configured

Notes

# View the Caddy log (add -n <num> to see the latest <num> entries, or -f to actively follow the log)
journalctl -u caddy
 
# Use updated config file
systemctl reload caddy

@No_Backup

Update

  • If desired, Log in to ESXi, navigate to the docker VM and create new snapshot
  • Using an SSH client, connect to <hostname>:50001 then run:
tdnf upgrade
tdnf clean all
reboot  # If desired/needed
2020/05/18 18:24 · derek
# Update Caddy
caddy version
# Compare with the version from https://github.com/caddyserver/caddy/releases/latest and copy the link for the "caddy_2.x.x_linux_amd64.tar.gz" file if newer
curl -L -o /tmp/caddydir/caddy.tar.gz "<DownloadLink>"
tar -xzf caddy.tar.gz -C /tmp/caddydir
mv /tmp/caddydir/caddy /usr/bin/
rm /tmp/caddydir/*
systemctl reload caddy
 
# Update just config
# Generate a GitHub Personal Access Token at https://github.com/settings/tokens
fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy/Caddyfile" --github-oauth-token="<GitHub PAT>" /etc/caddy/Caddyfile
 
# Update Config and HTML
rm -r /etc/caddy
# Generate a GitHub Personal Access Token at https://github.com/settings/tokens
fetch --repo="https://github.com/Archer4499/Configs" --branch="master" --source-path="/Server/Caddy" --github-oauth-token="<GitHub PAT>" /etc/caddy
chmod -R a=r,u+w,a+X /etc/caddy
 
# Use updated config file
systemctl reload caddy

Sources

esxi/caddy_server.txt · Last modified: 2020/07/05 17:25 by derek