- cross-posted to:
- news@lemmy.linuxuserspace.show
Rimu ( @rimu@piefed.social ) 14•4 months agoThey both implement the ACME protocol internally, allowing them to integrate with services like Let’s Encrypt to automate regularly obtaining the certificates needed to offer HTTPS.
I did not realise this. Very nice, I’ll be trying Caddy on my next server!
elvith ( @elvith@feddit.de ) 9•4 months agoMy newest vps runs with Caddy. Works like a charm. The downside was, that I didn’t think of the automatic certificate deployment when I set everything up and it wouldn’t come up a first when I only wanted to connect locally to it, as it tried to get a certificate but the challenge failed because I hadn’t the firewall open yet. But besides that it was very smooth so far.
Kangie ( @Kangie@lemmy.srcfiles.zip ) 7•4 months agoI use Traefik for all of my containerised services. It’s fantastic.
dfyx ( @dfyx@lemmy.helios42.de ) 3•4 months agoYou know what’s even better? You can point traefik to your own ACME-compatible CA (I use step-ca) to get certs for LAN-only services. And you can even configure per service which one it should use.
Lem453 ( @Lem453@lemmy.ca ) 2•4 months agoIs this better than using wildcard certificates?
I have local only SSL via a wildcard *.local.domain.com
Instructions here:
dfyx ( @dfyx@lemmy.helios42.de ) 3•4 months agoI think I set that up back when Let’s Encrypt didn’t offer wildcard certificates. In the end, it serves pretty much the same purpose.
iiGxC ( @iiGxC@slrpnk.net ) 10•4 months agoI’ve had pretty good experience with caddy, although some key aspects of documentation I found hard to find - namely, how to use it with docker compose and a custom build with other plugins like dns challenge and dynamic dns
gullmar ( @gullmar@feddit.it ) 3•4 months agoPersonally, I followed the instructions to install Caddy with Docker Compose in the Nextcloud AIO reverse proxy documentation. Regarding building custom images, there are the instructions to build a custom Caddy image in a Dockerfile in the Docker Hub page.
iiGxC ( @iiGxC@slrpnk.net ) 2•4 months agoYep, I think that’s what I found too. I set it up to use nextcloud aio as well, it just took me a while to find that docker page
nis ( @nis@feddit.dk ) 3•4 months agoSo… Did you find documentation about how to do that?
iiGxC ( @iiGxC@slrpnk.net ) 1•4 months agoYes, but it was piece by piece as I went
jherazob ( @jherazob@beehaw.org ) English1•4 months agoI use this, it’s very much not perfect but works: https://github.com/lucaslorentz/caddy-docker-proxy
palarith ( @palarith@aussie.zone ) English4•4 months agoI use cerbot, but not trusting enough to let it touch any conf files
Rekhyt ( @Rekhyt@beehaw.org ) 3•4 months agoYeah, it just replaces the cert files and reload/restarts nginx for me. I don’t want it anywhere near my config files.
jarfil ( @jarfil@beehaw.org ) 3•4 months agoIsn’t Certbot like the “reference implementation” though?
I’ve been using Traefik for several years now, but I think having a tool that allows troubleshooting the process step by step is also valuable.