This guide will walk you through configuring Caddy as a reverse proxy for your Erugo instance. Using Caddy provides several benefits:
- Automatic HTTPS with Let's Encrypt certificates
- Simple configuration with minimal setup
- Enhanced security by not exposing your Erugo container directly
- Additional features like compression and caching
Prerequisites
Before you begin, ensure you have:
- A working Erugo instance
- A registered domain name pointing to your server
- SSH access to your server
- Basic knowledge of terminal commands
Installing Caddy
On Debian/Ubuntu Systems
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
Please check the latest install instructions on the Caddy Website.
On RHEL/CentOS/Fedora Systems
dnf install 'dnf-command(copr)'
dnf copr enable @caddy/caddy
dnf install caddy
Please check the latest install instructions on the Caddy Website.
Using Docker
If you prefer to run Caddy in a container alongside Erugo, add the following to your existing docker-compose.yml file:
services:
# Your existing Erugo service
app:
image: wardy784/erugo:latest
restart: unless-stopped
volumes:
- ./storage:/var/www/html/storage
# Remove the ports section if previously exposed
networks:
- erugo
# Add Caddy service
caddy:
image: caddy:2
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
networks:
- erugo
networks:
erugo:
driver: bridge
volumes:
caddy_data:
caddy_config:
Configuring Caddy
Basic Caddyfile
Create a file named Caddyfile in the same directory as your docker-compose.yml file (or in /etc/caddy/ if installed directly on your system):
yourdomain.com {
reverse_proxy app:80
}
Replace yourdomain.com with your actual domain name. If you installed Caddy directly on your host (not using Docker), use localhost (or 127.0.0.1) and the port of you exposed in your Erugo container:
yourdomain.com {
reverse_proxy localhost:9998
}
Enhanced Configuration
For better performance and security, you can use an enhanced configuration:
yourdomain.com {
# Enable Gzip compression
encode gzip
# Set security headers
header {
# Enable HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Disable FLoC
Permissions-Policy "interest-cohort=()"
# XSS Protection
X-XSS-Protection "1; mode=block"
# Prevent content-type sniffing
X-Content-Type-Options "nosniff"
# Referrer policy
Referrer-Policy "strict-origin-when-cross-origin"
# Remove Server header
-Server
}
# Handle file uploads with longer timeouts
timeouts {
read_body 1h
read_header 10s
write 1h
idle 1h
}
# Proxy to Erugo container
reverse_proxy app:80 {
# Increase max upload size (adjust as needed)
transport http {
response_header_timeout 30m
dial_timeout 10s
read_buffer 4096
}
}
# Log all requests
log {
output file /var/log/caddy/yourdomain.access.log
}
}
Starting Caddy
If Installed on the Host
# Start Caddy service
sudo systemctl enable caddy
sudo systemctl start caddy
# Check status
sudo systemctl status caddy
# View logs
sudo journalctl -u caddy
If Using Docker
# Start or restart the containers
docker compose up -d
# View logs
docker compose logs -f caddy
Configuring Erugo
Make sure to update your Erugo configuration to reflect your domain:
- Log in to your Erugo instance and click the settings icon (bottom right, next to logout)
- Go to the System Settings tab then click General
- Update the "Application URL" to `https://yourdomain.com (no trailing slash)
- Save System Settings
- Restart your container to ensure the queue worker for emails picks up these new settings.
Handling Large File Uploads
When working with large files, you may need to adjust your Caddy configuration:
yourdomain.com {
# Previous configuration...
# Increase request body size limit (adjust as needed)
request_body {
max_size 10GB
}
# Proxy to Erugo container
reverse_proxy app:80
}
Troubleshooting
Common Issues
- 502 Bad Gateway: Check if your Erugo container is running
- Certificate Issues: Ensure your domain points to the correct IP address
- Timeout Errors: Increase timeout values in Caddy configuration
- Upload Failures: Verify request body limits and timeouts
Checking Logs
For Docker-based setup:
docker compose logs -f caddy
For system-installed Caddy:
sudo journalctl -u caddy
Security Considerations
- Keep Caddy and Erugo updated to the latest versions
- Consider implementing IP restrictions if it makes sense for your use case
- Set up fail2ban to protect against brute force attacks
- Regular backups of your Caddy data (certificates and configurations)
Advanced Configuration
Multiple Domains
yourdomain.com, www.yourdomain.com {
# Redirect www to non-www
@www host www.yourdomain.com
redir @www https://yourdomain.com{uri} permanent
# Rest of your configuration...
reverse_proxy app:80
}
Rate Limiting
yourdomain.com {
# Rate limiting
rate_limit {
zone global {
requests 10
window 10s
}
}
# Rest of your configuration...
reverse_proxy app:80
}
With these configurations, your Erugo instance will be securely accessible via HTTPS through Caddy's reverse proxy. This setup not only enhances security but also improves the user experience with features like automatic HTTPS.