From 280ea24dea9c18a5757de249882f7ca562d3d2ca Mon Sep 17 00:00:00 2001
From: Anton Vakhrushev <anwinged@ya.ru>
Date: Tue, 6 May 2025 11:50:26 +0300
Subject: [PATCH] Caddy: web proxy in docker container
---
files/caddyproxy/Caddyfile.j2 | 67 ++++++++++++++++++++++++++
files/caddyproxy/docker-compose.yml.j2 | 22 +++++++++
playbook-caddyproxy.yml | 67 ++++++++++++++++++++++++++
3 files changed, 156 insertions(+)
create mode 100644 files/caddyproxy/Caddyfile.j2
create mode 100644 files/caddyproxy/docker-compose.yml.j2
create mode 100644 playbook-caddyproxy.yml
diff --git a/files/caddyproxy/Caddyfile.j2 b/files/caddyproxy/Caddyfile.j2
new file mode 100644
index 0000000..db6859b
--- /dev/null
+++ b/files/caddyproxy/Caddyfile.j2
@@ -0,0 +1,67 @@
+# -------------------------------------------------------------------
+# Global options
+# -------------------------------------------------------------------
+
+{
+ grace_period 15s
+}
+
+# -------------------------------------------------------------------
+# Netdata service
+# -------------------------------------------------------------------
+
+status.vakhrushev.me, :29999 {
+ tls anwinged@ya.ru
+
+ reverse_proxy {
+ to netdata:19999
+ }
+
+ basicauth / {
+ {{ netdata.login }} {{ netdata.password_hash }}
+ }
+}
+
+# -------------------------------------------------------------------
+# Applications
+# -------------------------------------------------------------------
+
+vakhrushev.me {
+ tls anwinged@ya.ru
+
+ reverse_proxy {
+ to homepage_app:80
+ }
+}
+
+git.vakhrushev.me {
+ tls anwinged@ya.ru
+
+ reverse_proxy {
+ to gitea_app:3000
+ }
+}
+
+kk.vakhrushev.me {
+ tls anwinged@ya.ru
+
+ reverse_proxy {
+ to keycloak_app:8080
+ }
+}
+
+outline.vakhrushev.me {
+ tls anwinged@ya.ru
+
+ reverse_proxy {
+ to outline_app:3000
+ }
+}
+
+gramps.vakhrushev.me {
+ tls anwinged@ya.ru
+
+ reverse_proxy {
+ to gramps_app:5000
+ }
+}
diff --git a/files/caddyproxy/docker-compose.yml.j2 b/files/caddyproxy/docker-compose.yml.j2
new file mode 100644
index 0000000..a03dbd0
--- /dev/null
+++ b/files/caddyproxy/docker-compose.yml.j2
@@ -0,0 +1,22 @@
+services:
+
+ {{ service_name }}:
+ image: caddy:2.9.1
+ restart: unless-stopped
+ container_name: {{ service_name }}
+ ports:
+ - "80:80"
+ - "443:443"
+ - "443:443/udp"
+ cap_add:
+ - NET_ADMIN
+ volumes:
+ - {{ caddy_file_dir }}:/etc/caddy
+ - {{ data_dir }}:/data
+ - {{ config_dir }}:/config
+ networks:
+ - "{{ web_proxy_network }}"
+
+networks:
+ {{ web_proxy_network }}:
+ external: true
diff --git a/playbook-caddyproxy.yml b/playbook-caddyproxy.yml
new file mode 100644
index 0000000..66f3f32
--- /dev/null
+++ b/playbook-caddyproxy.yml
@@ -0,0 +1,67 @@
+---
+- name: "Configure caddy reverse proxy service"
+ hosts: all
+
+ vars_files:
+ - vars/ports.yml
+ - vars/vars.yml
+
+ vars:
+ app_name: "caddyproxy"
+ app_user: "{{ app_name }}"
+ base_dir: "/home/{{ app_user }}"
+
+ data_dir: "{{ (base_dir, 'data') | path_join }}"
+ config_dir: "{{ (base_dir, 'config') | path_join }}"
+ caddy_file_dir: "{{ (base_dir, 'caddy_file') | path_join }}"
+
+ service_name: "{{ app_name }}"
+
+ tasks:
+ - name: "Create user and environment"
+ ansible.builtin.import_role:
+ name: owner
+ vars:
+ owner_name: "{{ app_user }}"
+ owner_extra_groups:
+ - "docker"
+
+ - name: "Create internal application directories"
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: "directory"
+ owner: "{{ app_user }}"
+ group: "{{ app_user }}"
+ mode: "0770"
+ loop:
+ - "{{ data_dir }}"
+ - "{{ config_dir }}"
+ - "{{ caddy_file_dir }}"
+
+ - name: "Copy caddy file"
+ ansible.builtin.template:
+ src: "./files/{{ app_name }}/Caddyfile.j2"
+ dest: "{{ (caddy_file_dir, 'Caddyfile') | path_join }}"
+ owner: "{{ app_user }}"
+ group: "{{ app_user }}"
+ mode: "0640"
+
+ - name: "Copy docker compose file"
+ ansible.builtin.template:
+ src: "./files/{{ app_name }}/docker-compose.yml.j2"
+ dest: "{{ base_dir }}/docker-compose.yml"
+ owner: "{{ app_user }}"
+ group: "{{ app_user }}"
+ mode: "0640"
+
+ - name: "Run application with docker compose"
+ community.docker.docker_compose_v2:
+ project_src: "{{ base_dir }}"
+ state: "present"
+ remove_orphans: true
+
+ - name: "Reload caddy"
+ community.docker.docker_compose_v2_exec:
+ project_src: '{{ base_dir }}'
+ service: "{{ service_name }}"
+ command: caddy reload --config /etc/caddy/Caddyfile