docs(gremlin): update caddy
This commit is contained in:
parent
1c84c43a36
commit
39f6809393
1 changed files with 107 additions and 6 deletions
|
|
@ -1,15 +1,116 @@
|
|||
# caddy Stack
|
||||
description: Caddy reverse proxy in NetGrimoire Docker Swarm environment.
|
||||
---
|
||||
title: caddy Stack
|
||||
description: Reverse proxy for NetGrimoire services
|
||||
published: true
|
||||
date: 2026-05-01T02:51:41.019Z
|
||||
tags: docker,swarm,caddy,netgrimoire
|
||||
editor: markdown
|
||||
dateCreated: 2026-05-01T02:51:41.019Z
|
||||
|
||||
---
|
||||
|
||||
# caddy
|
||||
|
||||
## Overview
|
||||
Caddy is a secure web server that includes support for HTTPS, HTTP/2, WebSockets, VPNs, DNS, and more. It's designed to be highly configurable and secure. The `caddy` service provides access to the Caddy proxy, while also exposing internal services through reverse proxy.
|
||||
The Caddy stack is a reverse proxy service that provides secure and efficient access to NetGrimoire services. It utilizes the Docker Swarm management system to deploy and manage multiple containers, ensuring high availability and scalability.
|
||||
|
||||
---
|
||||
## Architecture
|
||||
| Service | Image | Port | Role |
|
||||
|---------|-----|-----|---------|
|
||||
- **Host:** docker4
|
||||
- **Network:** netgrimoire
|
||||
- **Exposed via:** `http://netgrimoire:80`, `https://netgrimoire:443`
|
||||
- **Homepage group:** `homepage`
|
||||
- **Exposed via:** `caddy:80`, `caddy:443` (internal only)
|
||||
- **Homepage group:** [homepage](#homepage-group)
|
||||
|
||||
---
|
||||
|
||||
## Build & Configuration
|
||||
|
||||
### Prerequisites
|
||||
* Docker and Docker Swarm installed on the manager node (`znas`)
|
||||
* `docker4` worker nodes available in the swarm cluster
|
||||
|
||||
### Volume Setup
|
||||
```bash
|
||||
mkdir -p /DockerVol/caddy-logs
|
||||
mkdir -p /DockerVol/crowdsec-db
|
||||
```
|
||||
|
||||
### Environment Variables
|
||||
```bash
|
||||
# generate: openssl rand -hex 32
|
||||
CADDY_INGRESS_NETWORKS: netgrimoire
|
||||
CADDY_DOCKER_EVENT_THROTTLE_INTERVAL: 2000
|
||||
BYSLg/wKOa7wlHYzChJpBVJA06Ukc7G6fKJCvBwjyZg # Caddy bouncer API key
|
||||
```
|
||||
|
||||
### Deploy
|
||||
```bash
|
||||
cd services/swarm/stack/caddy
|
||||
set -a && source .env && set +a
|
||||
docker stack config --compose-file caddy-stack.yml > resolved.yml
|
||||
docker stack deploy --compose-file resolved.yml caddy
|
||||
rm resolved.yml
|
||||
docker stack services caddy
|
||||
```
|
||||
|
||||
### First Run
|
||||
After deploying the Caddy stack, verify that it is functioning correctly by accessing the `caddy:80` and `caddy:443` endpoints.
|
||||
|
||||
---
|
||||
|
||||
## User Guide
|
||||
|
||||
### Accessing caddy
|
||||
| Service | URL | Purpose |
|
||||
|---------|-----|---------|
|
||||
- **Caddy** | `http://localhost:8900` | Reverse proxy for NetGrimoire services |
|
||||
- **CrowdSec** | `http://localhost:8901` | Crowd security service |
|
||||
|
||||
### Primary Use Cases
|
||||
The Caddy stack provides secure reverse proxying and access control for NetGrimoire services, ensuring the integrity and confidentiality of sensitive data.
|
||||
|
||||
### NetGrimoire Integrations
|
||||
The Caddy stack integrates with other NetGrimoire services through environment variables and labels, including:
|
||||
|
||||
* `kuma.*` labels for monitoring and logging
|
||||
* `homepage.*` labels for dashboard integration
|
||||
|
||||
---
|
||||
|
||||
## Operations
|
||||
|
||||
### Monitoring
|
||||
Use the `docker stack services caddy` command to view Caddy logs and monitoring information.
|
||||
|
||||
```bash
|
||||
docker stack services caddy
|
||||
```
|
||||
|
||||
### Backups
|
||||
Critical services, such as Caddy and CrowdSec, should be backed up regularly using the `/DockerVol/caddy-logs` volume. Non-critical services can be restored from the `/DockerVol/crowdsec-db` volume.
|
||||
|
||||
---
|
||||
|
||||
## Common Failures
|
||||
| Symptom | Cause | Fix |
|
||||
|---------|------|-----|
|
||||
* Caddy not accessible | Incorrect network configuration | Verify `CADDY_INGRESS_NETWORKS` environment variable is set to `netgrimoire` |
|
||||
* CrowdSec not functioning | Missing API key in environment variables | Update `BYSLg/wKOa7wlHYzChJpBVJA06Ukc7G6fKJCvBwjyZg` with correct Caddy bouncer API key |
|
||||
|
||||
---
|
||||
|
||||
## Changelog
|
||||
|
||||
| Date | Commit | Summary |
|
||||
|------|--------|---------|
|
||||
| 2026-04-30 | 5dc452a7 | Initial documentation and configuration for the Caddy stack |
|
||||
| 2026-04-30 | 40f19721 | Added environment variable for Caddy bouncer API key |
|
||||
| 2026-02-24 | f51eba0f | Updated `caddy-stack.yml` file to include additional services and configurations |
|
||||
|
||||
---
|
||||
|
||||
## Notes
|
||||
* Generated by Gremlin on 2026-05-01T02:51:41.019Z
|
||||
* Source: swarm/stack/caddy/caddy.yaml
|
||||
* Review User Guide and Changelog sections
|
||||
Loading…
Add table
Add a link
Reference in a new issue