Caddy Configuration
The Caddyfile (/etc/caddy/Caddyfile) defines the sites and how they are proxied.
Note:
<INTERNAL_DOMAIN>: e.g.,lan,home.arpa.<NEXTCLOUD_IP>,<WEB_VM_IP>, etc.: The internal IP addresses of your services.<API_KEY>/<SECRET_KEY>: Your DNS provider credentials.
Common Patterns
Reverse Proxy
Redirects incoming traffic to a backend IP and port.
subdomain.<INTERNAL_DOMAIN> {
reverse_proxy <backend_ip>:<port>
}
TLS with DNS Challenge
Used for internal domains or when ports 80/443 aren't directly exposed for HTTP challenges.
tls {
dns <provider_name> {
api_key <YOUR_API_KEY>
api_secret_key <YOUR_SECRET_KEY>
}
}
Active Configurations (Web Application VM)
The Web Application VM acts as the main ingress.
| Domain | Backend IP | Service |
|---|---|---|
cloud.<INTERNAL_DOMAIN> | <NEXTCLOUD_IP> | Nextcloud |
vault.<INTERNAL_DOMAIN> | <HYPERVISOR_IP>:8084 | Vaultwarden |
git.<INTERNAL_DOMAIN> | <WEB_VM_IP>:3001 | Forgejo |
wiki.<INTERNAL_DOMAIN> | <WEB_VM_IP>:3000 | Wiki |
hypervisor.<INTERNAL_DOMAIN> | <HYPERVISOR_IP>:9090 | Cockpit |
media.<INTERNAL_DOMAIN> | <HYPERVISOR_IP>:8096 | Jellyfin |
Example Block (Nextcloud)
cloud.<INTERNAL_DOMAIN> {
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
reverse_proxy <NEXTCLOUD_IP>
tls {
dns <provider_name> { ... }
}
header {
enable HSTS
Strict-Transport-Security max-age=31536000;
}
}
Active Configurations (Public VPS)
The Public VPS hosts public-facing sites (e.g., Ghost blogs).
| Domain | Ghost Port |
|---|---|
<PUBLIC_DOMAIN_1> | 2368 |
<PUBLIC_DOMAIN_2> | 2369 |
Example Block (Ghost)
<PUBLIC_DOMAIN_1> {
handle /ghost/* {
reverse_proxy 127.0.0.1:2368
}
reverse_proxy 127.0.0.1:2368 {
header_up Host {host}
header_up X-Forwarded-Proto https
}
}