feat(ingress): configurable caddy port so host nginx can front it
Make the caddy host-published port configurable (CADDY_HTTP_PORT / CADDY_HTTP_BIND, default 0.0.0.0:80 unchanged) so the machine's own nginx can terminate TLS and reverse-proxy to caddy on a localhost-only port. Add nginx/ulicraft-caddy.conf.tmpl: a TLS-terminator vhost set that proxies apex/auth/pack to caddy by Host header, letting caddy stay the single ingress for all routing. Alternative to ulicraft.conf.tmpl (nginx-as-static + drasl proxy). minecraft still reaches caddy internally over http via mcnet aliases. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -15,8 +15,12 @@ services:
|
||||
image: caddy:alpine
|
||||
container_name: caddy
|
||||
restart: unless-stopped
|
||||
# Host-published port. Default 80 for the standalone LAN/air-gap path; set
|
||||
# CADDY_HTTP_PORT to a high localhost-only port when the machine's nginx
|
||||
# fronts caddy (nginx terminates TLS, reverse-proxies here by Host header —
|
||||
# see nginx/ulicraft-caddy.conf.tmpl).
|
||||
ports:
|
||||
- "80:80"
|
||||
- "${CADDY_HTTP_BIND:-0.0.0.0}:${CADDY_HTTP_PORT:-80}:80"
|
||||
environment:
|
||||
BASE_DOMAIN: ${BASE_DOMAIN}
|
||||
volumes:
|
||||
|
||||
Reference in New Issue
Block a user