Reverse Proxy with Caddy on RHEL¶
Introduction¶
This article introducing a method on reverse proxy with Caddy web server on RHEL.
1. Install Caddy¶
2. Edit Caddy Config File in /etc/nginx/nginx.conf¶
{
email email@example.com
}
(tls) {
tls {
dns cloudflare {env.CF_DNS_API_TOKEN}
protocols tls1.2 tls1.3
}
}
(common_headers) {
encode gzip
}
(secure_headers) {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Frame-Options SAMEORIGIN
X-Content-Type-Options nosniff
}
}
xxx.example.com {
import tls
import common_headers
import secure_headers
reverse_proxy localhost:80
}
3. Edit Systemd Service File in /usr/lib/systemd/system/caddy.service¶
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
Environment="CF_DNS_API_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
ProtectHome=read-only
ReadWritePaths=/usr/share/caddy
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
REF¶
[1]. https://caddyserver.com/docs/
[2]. https://catcat.cc/post/h9bti/