Lukas Rotermund<p>I just added a custom caddy build with the cache handler in front of my `file_server`, which increased the response performance by 50%. Crazy!</p><p><a href="https://social.tchncs.de/tags/caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddy</span></a> <a href="https://social.tchncs.de/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.6Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#caddyserver
2 posts · 2 participants · 0 posts today
Lukas Rotermund<p>Take back control: secure and private self-hosting on Debian with SSH keys, an ufw firewall and a robust fail2ban configuration. Use Docker and Caddy as a reverse proxy to securely provide your self-hosted services.</p><p>Step-by-step, minimal, and practical.</p><p><a href="https://lukasrotermund.de/posts/simple-private-self-hosting/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lukasrotermund.de/posts/simple</span><span class="invisible">-private-self-hosting/</span></a></p><p><a href="https://social.tchncs.de/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> <a href="https://social.tchncs.de/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://social.tchncs.de/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.tchncs.de/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> <a href="https://social.tchncs.de/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a> <a href="https://social.tchncs.de/tags/DockerCompose" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DockerCompose</span></a> <a href="https://social.tchncs.de/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a> <a href="https://social.tchncs.de/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Caddy</span></a> <a href="https://social.tchncs.de/tags/ReverseProxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReverseProxy</span></a> <a href="https://social.tchncs.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.tchncs.de/tags/Webhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Webhosting</span></a> <a href="https://social.tchncs.de/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Server</span></a> <a href="https://social.tchncs.de/tags/Hosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hosting</span></a></p>
Elias Probst<p><span class="h-card" translate="no"><a href="https://san-junipero.gimme-sympathy.org/@gewt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gewt</span></a></span> move to <a href="https://mastodon.social/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a> and there won't be a need for <a href="https://mastodon.social/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a> anymore, since it comes with built-in <a href="https://mastodon.social/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> support and all tools and knobs one could wish for.</p><p>It comes with many sane defaults and thereby allows to run quite complex setups - yet only requiring very minimal configs.</p><p><a href="https://caddyserver.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">caddyserver.com/</span><span class="invisible"></span></a></p>
Scott Williams 🐧<p>I have again tried and failed to get my <a href="https://mastodon.online/tags/Nextcloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextcloud</span></a> server to be happy with <a href="https://mastodon.online/tags/caddyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyserver</span></a>. It seems others have gotten pretty URLs with a subdomain to work and I got it sort of half-working, in that it's showing a nextcloud page, but with no CSS and an otherwise page not found.</p><p>My current ISP blocks port 80, so I have to use dns-01 with apache, which is one of those things that isn't great if I were to abruptly kick the bucket and my wife would eventually lose access to our server.</p>
Matt Williams<p>Want to leverage <a href="https://fosstodon.org/tags/MCP" class="mention hashtag" rel="tag">#<span>MCP</span></a> (Model Context Protocol) without the hassle? Learn how to set up a powerful <a href="https://fosstodon.org/tags/n8n" class="mention hashtag" rel="tag">#<span>n8n</span></a> server on <a href="https://fosstodon.org/tags/hostinger" class="mention hashtag" rel="tag">#<span>hostinger</span></a> for <a href="https://fosstodon.org/tags/AI" class="mention hashtag" rel="tag">#<span>AI</span></a> <a href="https://fosstodon.org/tags/automation" class="mention hashtag" rel="tag">#<span>automation</span></a> with <span class="h-card" translate="no"><a href="https://hachyderm.io/@tailscale" class="u-url mention">@<span>tailscale</span></a></span> and <a href="https://fosstodon.org/tags/caddyserver" class="mention hashtag" rel="tag">#<span>caddyserver</span></a> </p><p>Save $200+ over 2 years with this method 🔧<br /><a href="https://youtu.be/OmWJPJ1CR7M" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="">youtu.be/OmWJPJ1CR7M</span><span class="invisible"></span></a></p>
KielKontrovers Blog<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@simsus" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>simsus</span></a></span> für den Fall finde ich ja den Webserver <a href="https://norden.social/tags/Caddyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Caddyserver</span></a> genial, der automatisch verlängert und auch automatisch beantragt:</p><p><a href="https://caddyserver.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">caddyserver.com/</span><span class="invisible"></span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@caddy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>caddy</span></a></span></p>
Raven<p>Caddy Web Server 2.10 released with encrypted ClientHello (ECH) support, post-quantum key exchange, ACME profiles, libdns 1.0 APIs, global DNS config</p><p><a href="https://github.com/caddyserver/caddy/releases/tag/v2.10.0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/caddyserver/caddy/r</span><span class="invisible">eleases/tag/v2.10.0</span></a></p><p><a href="https://mastodon.bsd.cafe/tags/caddyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyserver</span></a> <a href="https://mastodon.bsd.cafe/tags/caddyreverseproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyreverseproxy</span></a> <a href="https://mastodon.bsd.cafe/tags/webserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webserver</span></a> <a href="https://mastodon.bsd.cafe/tags/reverseproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseproxy</span></a> <a href="https://mastodon.bsd.cafe/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://mastodon.bsd.cafe/tags/postquantumcryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>postquantumcryptography</span></a></p>
Lanie Molinar Carmelo<p>Hi all. Hoping someone in the <a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> community can help. I'm trying to set up <a href="https://allovertheplace.ca/tags/Linkwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linkwarden</span></a> in <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a> behind <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Caddy</span></a>. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:</p><pre><code>register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113<br>register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <br><input data-testid="password-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc"><br>register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <br><input data-testid="password-confirm-input" type="password" placeholder="••••••••••••••" class="w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:border-primary duration-100 bg-base-100" value="tyq5ghp!QVH-mva1agc"><br>Error<br>api/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()<br></code></pre><p><strong>compose file:</strong></p><pre><code>services:<br> postgres:<br> image: postgres:16-alpine<br> container_name: linkwarden_postgres<br> env_file: .env<br> restart: always<br> volumes:<br> - ./pgdata:/var/lib/postgresql/data<br> networks:<br> - linkwarden_net<br> linkwarden:<br> env_file: .env<br> environment:<br> - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres<br> restart: always<br> # build: . # uncomment this line to build from source<br> image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source<br> container_name: linkwarden<br> ports:<br> - 3009:3000<br> volumes:<br> - ./data:/data/data<br> networks:<br> - linkwarden_net<br> depends_on:<br> - postgres<br><br>networks:<br> linkwarden_net:<br> driver: bridge<br></code></pre><p><strong>Relevant part of .env file:</strong></p><pre><code>NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/auth<br>NEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf<br><br># Manual installation database settings<br># Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwarden<br>DATABASE_URL=<br><br># Docker installation database settings<br>POSTGRES_PASSWORD=redacted<br><br># Additional Optional Settings<br>PAGINATION_TAKE_COUNT=<br>STORAGE_FOLDER=<br>AUTOSCROLL_TIMEOUT=<br>NEXT_PUBLIC_DISABLE_REGISTRATION=false<br>NEXT_PUBLIC_CREDENTIALS_ENABLED=true<br></code></pre><p><strong>Caddyfile snippet</strong></p><pre><code>*.laniecarmelo.tech {<br> tls redacted {<br> dns cloudflare redacted<br> }<br><br> header {<br> Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; <br> img-src https: data:; <br> font-src 'self' https: data:; <br> frame-src 'self' https:; <br> object-src 'none'"<br> Referrer-Policy "strict-origin-when-cross-origin"<br> Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"<br> X-Content-Type-Options "nosniff"<br> X-Xss-Protection "1; mode=block"<br> }<br><br> encode br gzip<br><br> # Bookmarks<br> @bookmarks host bookmarks.laniecarmelo.tech<br> handle @bookmarks {<br> reverse_proxy 127.0.0.1:3009<br> }<br>}<br></code></pre><p>Can anyone help? I have no idea how to fix this.<br><a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosted</span></a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://allovertheplace.ca/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://allovertheplace.ca/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <br><span class="h-card" translate="no"><a href="https://lemmy.ml/c/selfhost" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>selfhost</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.world/c/selfhosted" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>selfhosted</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/selfhosting" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>selfhosting</span></a></span></p>
Paul Campbell<p>Switching my Caddy server to use ZeroSSL for AMCE SSL certification, replacing LetsEncrypt, was as easy as adding this to my <code>Caddyfile</code>:</p><pre><code>{
acme_ca https://acme.zerossl.com/v2/DV90
}
</code></pre><p><a class="hashtag" href="https://mitra.kemitix.net/collections/tags/caddyserver" rel="nofollow noopener" target="_blank">#CaddyServer</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/caddy" rel="nofollow noopener" target="_blank">#Caddy</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/ssl" rel="nofollow noopener" target="_blank">#SSL</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/acme" rel="nofollow noopener" target="_blank">#ACME</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/letsencypt" rel="nofollow noopener" target="_blank">#LetsEncypt</a> <a class="hashtag" href="https://mitra.kemitix.net/collections/tags/zerossl" rel="nofollow noopener" target="_blank">#ZeroSSL</a></p>
Lanie Molinar Carmelo<p>Hi everyone,<br><br>I'm encountering an issue with my self-hosted setup using <strong>Caddy 2.9.1</strong> and <strong>Authelia 4.38.19</strong>. All domains except <code>auth.laniecarmelo.tech</code> return a <strong>401 Unauthorized</strong> error. Journald logs suggest issues with insecure schemes (<code>''</code>) instead of <code>https</code> or <code>wss</code>.</p><p><strong>Details:</strong></p><ul><li><strong>Setup:</strong> Caddy as reverse proxy, Authelia for authentication</li><li><strong>Domains:</strong> AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer</li><li><strong>Logs:</strong><br>Authelia:<br><code>Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"</code>Caddy:<br><code>Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}</code></li></ul><p><strong>Configurations:</strong> </p><ul><li>Full Caddyfile and Authelia config: <a href="https://gist.github.com/Lanie-Carmelo/fce9a7d6c984fc816475afee430f54a8" rel="nofollow noopener" target="_blank">GitHub Gist</a></li></ul><p><strong>Curl Output:</strong><br><br>HTTP Request:</p><pre><code>$ curl home.laniecarmelo.tech -v<br>< HTTP/1.1 308 Permanent Redirect<br>< Location: https://home.laniecarmelo.tech/<br></code></pre><p>HTTPS Request:</p><pre><code>$ curl https://home.laniecarmelo.tech -v<br>< HTTP/2 401 <br>< content-type: text/plain; charset=utf-8<br>< server: Caddy<br>401 Unauthorized<br></code></pre><p>Does anyone know what might be causing this? I suspect it could be related to <code>forward_auth</code> or trusted proxies.</p><p>Thanks in advance! 🙏 </p><p><a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a> <a href="https://allovertheplace.ca/tags/Authelia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authelia</span></a> <a href="https://allovertheplace.ca/tags/ReverseProxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReverseProxy</span></a> <a href="https://allovertheplace.ca/tags/TechHelp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechHelp</span></a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://allovertheplace.ca/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a><br><span class="h-card" translate="no"><a href="https://lemmy.ml/c/selfhost" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>selfhost</span></a></span> <span class="h-card" translate="no"><a href="https://a.gup.pe/u/selfhosting" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>selfhosting</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.world/c/selfhosted" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>selfhosted</span></a></span></p>
alciregi :fedora:<p>So, in the last times I started to self host various services on some <a href="https://social.linux.pizza/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> low end Virtual Private Servers around the world. For personal use.<br>In the next days I will post a list of services I've deployed. <br>I used rootless <a href="https://social.linux.pizza/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podman</span></a> containers. <a href="https://social.linux.pizza/tags/Podlet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Podlet</span></a> in order to use dockerfiles whenever possible, and to create <a href="https://social.linux.pizza/tags/systemd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>systemd</span></a> services. And <a href="https://social.linux.pizza/tags/caddyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyserver</span></a> as frontend.</p>
Lanie Molinar Carmelo<p><strong>🚨 Help Needed: <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CORS</span></a> and <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudflare</span></a> Access Issues with <a href="https://allovertheplace.ca/tags/Nextflux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextflux</span></a> + <a href="https://allovertheplace.ca/tags/MiniFlux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MiniFlux</span></a> Setup 🚨</strong></p><p>Hi everyone! I’m struggling with a <a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosted</span></a> setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:</p><p><strong><strong>Setup</strong></strong></p><ul><li><strong>MiniFlux</strong>: Running in <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a> on a <a href="https://allovertheplace.ca/tags/RaspberryPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPi500</span></a> (<a href="https://allovertheplace.ca/tags/Stormux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Stormux</span></a>, based on <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchLinuxARM</span></a>).</li><li><strong>Nextflux</strong>: Hosted on Cloudflare Pages.</li><li><strong>Reverse Proxy</strong>: <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Caddy</span></a> (installed via AUR).</li><li><strong>Cloudflare Access</strong>: Enabled for security and SSO.</li><li><strong>Cloudflared</strong>: Also installed via AUR.</li><li><strong>CORS Settings in Cloudflare Access</strong>: Configured to allow all origins, methods, and headers.</li></ul><p><strong><strong>What’s Working</strong></strong></p><ul><li>MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.</li><li>Nextflux is properly deployed on Cloudflare Pages.</li></ul><p><strong><strong>The Problem</strong></strong></p><p>Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:</p><ol><li><strong>CORS Error</strong>:<code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.</code></li><li><p><strong>Cloudflare Access Redirection</strong>:</p><pre><code>Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.<br></code></pre></li><li><p><strong>Failed to Fetch</strong>:</p><pre><code>Failed to fetch: TypeError: Failed to fetch.<br></code></pre></li></ol><p><strong><strong>What I’ve Tried</strong></strong></p><ol><li><p><strong>Service Token Authentication</strong>:</p><ul><li>Generated a service token in Cloudflare Access for Nextflux.</li><li>Added <code>CF-Access-Client-Id</code> and <code>CF-Access-Client-Secret</code> headers in Caddy for <code>rss.laniecarmelo.tech</code>.</li><li>Updated Cloudflare Access policies to include a bypass rule for this service token.</li></ul></li><li><p><strong>CORS Configuration</strong>:</p><ul><li>Tried permissive settings (<code>Access-Control-Allow-Origin: *</code>) in both Caddy and MiniFlux.</li><li>Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.</li></ul></li><li><p><strong>Policy Adjustments</strong>:</p><ul><li>Created a bypass policy for my home IP range and public IP.</li><li>Added an "Allow" policy for authenticated users via email/login methods.</li></ul></li><li><p><strong>Debugging Logs</strong>:</p><ul><li>Checked Cloudflared logs, which show requests being blocked due to missing access tokens (<code>AccessJWTValidator</code> errors).</li></ul></li></ol><p><strong><strong>Current State</strong></strong></p><p>Despite these efforts:</p><ul><li>Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.</li><li>The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.</li></ul><p><strong><strong>Goals</strong></strong></p><ol><li>Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).</li><li>Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).</li></ol><p><strong><strong>My Environment</strong></strong></p><ul><li>Raspberry Pi 500 running Arch Linux ARM.</li><li>Both Caddy and Cloudflared are installed via AUR packages.</li><li>MiniFlux is running in Docker with the following environment variables:<code>CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret></code></li></ul><p><strong><strong>Relevant Logs</strong></strong></p><p>From <code>cloudflared</code>:</p><pre><code>ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"<br></code></pre><p>From the browser console:</p><pre><code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.<br></code></pre><p><strong><strong>Questions</strong></strong></p><ol><li>Is there a better way to configure CORS for this setup?</li><li>Should I be handling authentication differently between Nextflux and MiniFlux?</li><li>How can I ensure that requests from Nextflux include valid access tokens?</li></ol><p>Any help or advice would be greatly appreciated! 🙏</p><p><a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudflare</span></a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a> <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a> <a href="https://allovertheplace.ca/tags/RSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RSS</span></a> <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CORS</span></a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchLinuxARM</span></a> <a href="https://allovertheplace.ca/tags/CloudflarePages" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflarePages</span></a> <a href="https://allovertheplace.ca/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://allovertheplace.ca/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a></p>
lil5 :golang: 🚲 🇳🇱<p>http://www.myproject.localhost:8080/<br />http://app.myproject.localhost:8080/<br />http://api.myproject.localhost:8080/</p><p>TIL you can add subdomains to localhost & it will just work!</p><p>Great for throwing a <a href="https://fosstodon.org/tags/CaddyServer" class="mention hashtag" rel="tag">#<span>CaddyServer</span></a> in between you and your development containers, let it route to all the different services by domain.</p><p><a href="https://fosstodon.org/tags/WebDev" class="mention hashtag" rel="tag">#<span>WebDev</span></a></p>
Esparta :ruby:<p><span class="h-card" translate="no"><a href="https://ruby.social/@nshki" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nshki</span></a></span> that's something I've been telling everybody literally for years*: <a href="https://ruby.social/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a> is the best thing anyone can use for a web server.</p><p><a href="https://caddyserver.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">caddyserver.com/</span><span class="invisible"></span></a></p><p>* I'd link to where I said that before, but my decency prohibits me do that, so here's an screenshot instead.</p>
BeanieBarrow<p>Made my personal website get the maximum amount of points of Mozilla's HTTP Observatory. Now, my static site delivers content as securely as it possibly can. I highly recommend anyone with a personal website to tweak it along with their webserver so that it gets at least a hundred points on HTTP Observatory.<br><a href="https://developer.mozilla.org/en-US/observatory" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developer.mozilla.org/en-US/ob</span><span class="invisible">servatory</span></a><br>The least you can do is add your site to the HSTS Preload list (<a href="https://hstspreload.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">hstspreload.org/</span><span class="invisible"></span></a>).</p><p><a href="https://mastodon.grin.hu/tags/blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blog</span></a> <a href="https://mastodon.grin.hu/tags/personalwebsite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>personalwebsite</span></a> <a href="https://mastodon.grin.hu/tags/mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mozilla</span></a> <a href="https://mastodon.grin.hu/tags/mdn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mdn</span></a> <a href="https://mastodon.grin.hu/tags/http" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>http</span></a> <a href="https://mastodon.grin.hu/tags/caddyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyserver</span></a> <a href="https://mastodon.grin.hu/tags/hsts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hsts</span></a> <a href="https://mastodon.grin.hu/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a></p>
Robert Rudolf<p><span class="h-card" translate="no"><a href="https://sopuli.xyz/u/IsoKiero" class="u-url mention">@<span>IsoKiero</span></a></span> I'm a happy user of <a href="https://fosstodon.org/tags/MailCow" class="mention hashtag" rel="tag">#<span>MailCow</span></a> for years. It just works, simple to inslall and update. I'm using <a href="https://fosstodon.org/tags/CaddyServer" class="mention hashtag" rel="tag">#<span>CaddyServer</span></a> as a reverse proxy to further simplify the setup. And it's made in <a href="https://fosstodon.org/tags/EU" class="mention hashtag" rel="tag">#<span>EU</span></a> 😄</p>
Mirko Lenz<p>For anyone wanting to add custom plugins/modules to <a href="https://fosstodon.org/tags/caddyserver" class="mention hashtag" rel="tag">#<span>caddyserver</span></a> on <a href="https://fosstodon.org/tags/NixOS" class="mention hashtag" rel="tag">#<span>NixOS</span></a>: <span class="h-card" translate="no"><a href="https://hachyderm.io/@vbernat" class="u-url mention">@<span>vbernat</span></a></span> released a flake to do this via xcaddy in a fixed-output derivation. Switched to it on my server today and works perfectly! More details in his blog post:</p><p><a href="https://vincent.bernat.ch/en/blog/2024-caddy-nix-plugins" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">vincent.bernat.ch/en/blog/2024</span><span class="invisible">-caddy-nix-plugins</span></a></p>
lil5 :golang: 🚲 🇳🇱<p><a href="https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666/15" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">caddy.community/t/set-cookie-m</span><span class="invisible">anipulation-in-reverse-proxy/7666/15</span></a></p><p><a href="https://fosstodon.org/tags/CaddyServer" class="mention hashtag" rel="tag">#<span>CaddyServer</span></a> is able to alter cookies that are passed between a reverse proxy, removing pesky browser restriction</p>
Allen<p>:hacker_u: :hacker_i: <br><a href="https://social.tchncs.de/tags/caddyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caddyserver</span></a> <a href="https://social.tchncs.de/tags/music" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>music</span></a></p>
Lukas Rotermund<p>I retired NGINX for Caddy - and never looked back.</p><p>In my last blog post, I reported on a DoS attack and Docker's dangerous default behaviour regarding ufw and setting up NGINX locally.</p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@lil5" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lil5</span></a></span> pointed me to the Caddy web server after my post, and I migrated everything to it shortly afterwards.</p><p>My latest blog post is about migrating from NGINX to Caddy and why I don't want to go back to NGINX.</p><p><a href="https://lukasrotermund.de/posts/i-retired-nginx-for-caddy-and-never-looked-back/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lukasrotermund.de/posts/i-reti</span><span class="invisible">red-nginx-for-caddy-and-never-looked-back/</span></a></p><p><a href="https://social.tchncs.de/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Caddy</span></a> <a href="https://social.tchncs.de/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CaddyServer</span></a> <a href="https://social.tchncs.de/tags/NGINX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NGINX</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload