2.2 KiB
2.2 KiB
Caddy — ingress, local CDN, landing page
Summary
Single HTTP ingress for the stack. Three roles:
- Reverse proxy —
auth.ulicraft.local→ drasl. - Local CDN / static —
packwiz.ulicraft.localserves pack metadata AND the mirrored mod jars (offline installs). - Landing page — apex
ulicraft.localserves launcher downloads + guest guide.
Plain :80 for now (LAN). TLS via step-ca deferred. Image: caddy:alpine.
Caddy natively reads {$BASE_DOMAIN} env placeholders — no template render needed.
Network aliases (internal resolution)
caddy:
networks:
mcnet:
aliases:
- "auth.${BASE_DOMAIN}"
- "packwiz.${BASE_DOMAIN}"
Lets minecraft reach http://auth.ulicraft.local/authlib-injector and
http://packwiz.ulicraft.local/pack.toml without dnsmasq.
Caddyfile sketch
{
auto_https off
}
http://{$BASE_DOMAIN} {
root * /srv/www
file_server
}
http://auth.{$BASE_DOMAIN} {
reverse_proxy drasl:25585
}
http://packwiz.{$BASE_DOMAIN} {
root * /srv/pack
file_server browse
}
Mounts: ./www:/srv/www:ro, ./pack:/srv/pack:ro, ./mirror/launcher:/srv/www/launcher:ro.
Notes / risks
- drasl behind a proxy: docs don't detail
X-Forwarded-*trust. On plain HTTP LAN with matchingBaseURLit should be fine; revisit when TLS is added. file_server browsegives a directory listing — handy for debugging the pack.- Mod-jar mirror lives under
/srv/pack/mods/so packwiz URLs and jars share host.
Tasks
- Add
caddyservice todocker-compose.yml, ports80:80(+443later) - Pass
BASE_DOMAINinto caddy env - Create
caddy/Caddyfilewith apex + auth + packwiz vhosts - Add network aliases for
auth.andpackwiz.subdomains - Mount
./www,./pack,./mirror/launcher - Confirm reverse_proxy to drasl works (auth web UI loads, Yggdrasil API responds)
- Verify internal alias resolution from
minecraftcontainer (curl pack.toml) - Air-gap mirror: add per-host
tls internalvhosts + aliases + mounts (see 11) - Export Caddy root CA for guest trust (LAN-party TLS =
tls internal; step-ca deferred) - Defer (reminder): graduate
tls internal→ step-ca for persistent homelab