feat(ingress): configurable caddy port so host nginx can front it
Make the caddy host-published port configurable (CADDY_HTTP_PORT / CADDY_HTTP_BIND, default 0.0.0.0:80 unchanged) so the machine's own nginx can terminate TLS and reverse-proxy to caddy on a localhost-only port. Add nginx/ulicraft-caddy.conf.tmpl: a TLS-terminator vhost set that proxies apex/auth/pack to caddy by Host header, letting caddy stay the single ingress for all routing. Alternative to ulicraft.conf.tmpl (nginx-as-static + drasl proxy). minecraft still reaches caddy internally over http via mcnet aliases. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
10
.env.example
10
.env.example
@@ -15,6 +15,16 @@ HOST_LAN_IP=192.168.1.10
|
||||
ENABLE_MDNS=false
|
||||
|
||||
RCON_PASSWORD=change-me-to-something-random
|
||||
|
||||
# Caddy host-published port (docker-compose.caddy.yml). Default 80 for the
|
||||
# standalone LAN/air-gap path. When the machine's own nginx fronts caddy
|
||||
# (nginx terminates TLS → reverse-proxies to caddy), set a high port and bind
|
||||
# it to localhost so only nginx reaches it:
|
||||
# CADDY_HTTP_PORT=8880
|
||||
# CADDY_HTTP_BIND=127.0.0.1
|
||||
# Then render nginx/ulicraft-caddy.conf.tmpl with CADDY_HTTP_PORT.
|
||||
# CADDY_HTTP_PORT=80
|
||||
# CADDY_HTTP_BIND=0.0.0.0
|
||||
# Only needed if using CurseForge-exclusive mods:
|
||||
# CF_API_KEY=your-curseforge-api-key
|
||||
|
||||
|
||||
Reference in New Issue
Block a user