Replacing NGINX with Caddy
So, I was planning on doing further CI work to build another version of the site
using a different base URL and then
scp‘ing it to a front-end NGINX reverse proxy
with Let’s Encrypt SSL certificates providing SSL termination.
Then I discovered Caddy.
Caddy has some fantastic features:
- Automatic SSL configuration using Let’s Encrypt
- Automatic git integration
- Automatic Hugo integration
- Proxy support
What’s even better is that Caddy scores an ‘A+’ from Qualys SSL Labs with just a single additional configuration setting (the
header line in the
Migrating from NGINX to Caddy literally took a few minutes. I’ve setup Caddy with a webhook that is triggered by my local GitLab CE instance every time I push new content. That will update the git repo on the Caddy server and run Hugo to generate the static output.
Caddyfile that enables all this automation is pretty simple:
I use Route 53 to serve dje.li and Caddy
includes automatic DNS integration for Let’s Encrypt validation. I provide my
EnvironmentFile in the
systemd service definition for Caddy. And that file is
chmod 400 to the
git block should be fairly straight-forward to read as well. I have a unique
public/private key pair for Caddy which has
pull access from my internal GitLab
CE instance. Caddy will automatically update the Hugo theme (via the
call and then run Hugo to generate the static output.