Add caddy vhost role and setup playbook

2026-01-12 11:07:25 +08:00 · 2026-01-12 11:07:25 +08:00 · 69d9448ff3
commit 69d9448ff3
parent 8c7d64bbcf
4 changed files with 170 additions and 0 deletions
--- a/roles/vhosts/caddy/handlers/main.yml
+++ b/roles/vhosts/caddy/handlers/main.yml
@ -0,0 +1,4 @@
+- name: Reload caddy
+  ansible.builtin.service:
+    name: caddy
+    state: reloaded
--- a/roles/vhosts/caddy/tasks/main.yml
+++ b/roles/vhosts/caddy/tasks/main.yml
@ -0,0 +1,67 @@
+- name: Ensure Caddy repo prerequisites
+  ansible.builtin.apt:
+    name:
+      - ca-certificates
+      - gnupg
+    state: present
+    update_cache: true
+  when:
+    - "(ansible_facts['distribution'] == 'Debian' and (ansible_facts['distribution_version'] is version('13', '=='))) or (ansible_facts['distribution'] == 'Ubuntu' and (ansible_facts['distribution_version'] is version('24.04', '==')))"
+
+- name: Ensure apt keyring directory exists
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Download Caddy GPG key
+  ansible.builtin.get_url:
+    url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
+    dest: /etc/apt/keyrings/caddy-stable.asc
+    mode: '0644'
+
+- name: Dearmor Caddy GPG key
+  ansible.builtin.command:
+    cmd: gpg --dearmor -o /etc/apt/keyrings/caddy-stable.gpg /etc/apt/keyrings/caddy-stable.asc
+    creates: /etc/apt/keyrings/caddy-stable.gpg
+
+- name: Add Caddy repository (Debian)
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
+    filename: caddy-stable
+    state: present
+  when:
+    - ansible_facts['distribution'] == 'Debian'
+    - ansible_facts['distribution_version'] is version('13', '==')
+
+- name: Add Caddy repository (Ubuntu)
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/ubuntu any-version main"
+    filename: caddy-stable
+    state: present
+  when:
+    - ansible_facts['distribution'] == 'Ubuntu'
+    - ansible_facts['distribution_version'] is version('24.04', '==')
+
+- name: Install Caddy
+  ansible.builtin.apt:
+    name: caddy
+    state: present
+    update_cache: true
+  when:
+    - "(ansible_facts['distribution'] == 'Debian' and (ansible_facts['distribution_version'] is version('13', '=='))) or (ansible_facts['distribution'] == 'Ubuntu' and (ansible_facts['distribution_version'] is version('24.04', '==')))"
+
+- name: Deploy Caddyfile
+  ansible.builtin.template:
+    src: Caddyfile.j2
+    dest: /etc/caddy/Caddyfile
+    mode: '0644'
+  notify: Reload caddy
+
+- name: Ensure Caddy is running
+  ansible.builtin.service:
+    name: caddy
+    state: started
+    enabled: true
--- a/roles/vhosts/caddy/templates/Caddyfile.j2
+++ b/roles/vhosts/caddy/templates/Caddyfile.j2
@ -0,0 +1,86 @@
+{
+	# debug
+}
+
+############################
+# portal.onwalk.net
+# Next.js yarn dev
+############################
+{{ caddy_portal_domains | join(', ') }} {
+
+	# dev 阶段：禁止浏览器缓存
+	header {
+		Cache-Control "no-store"
+	}
+
+	# health check
+	@health {
+		path /health
+	}
+	handle @health {
+		respond 200
+	}
+
+	# 所有请求 → Next.js dev server
+	handle {
+		reverse_proxy {{ caddy_portal_proxy }} {
+			# WebSocket / HMR 必需
+			header_up Connection {>Connection}
+			header_up Upgrade {>Upgrade}
+
+			transport http {
+				read_timeout 0
+			}
+		}
+	}
+}
+
+############################
+# dl.onwalk.net
+# 静态下载站
+############################
+{{ caddy_download_domain }} {
+
+	root * {{ caddy_download_root }}
+
+	# 禁止访问 dotfiles
+	@dotfiles {
+		path_regexp hidden (^|/)\.
+	}
+	handle @dotfiles {
+		respond 403
+	}
+
+	# well-known 直出
+	@wellknown {
+		path /.well-known/*
+	}
+	handle @wellknown {
+		file_server
+	}
+
+	# JSON 文件（轻缓存）
+	@json {
+		path *.json
+	}
+	handle @json {
+		header {
+			Content-Type application/json
+			Cache-Control "public, max-age=60"
+		}
+		file_server
+	}
+
+	# 大文件（允许 Range）
+	@bigfiles {
+		path *.dmg *.zip *.tar.gz *.deb *.rpm *.exe *.pkg *.appimage *.apk *.ipa
+	}
+	handle @bigfiles {
+		file_server
+	}
+
+	# 默认：目录浏览
+	handle {
+		file_server browse
+	}
+}
--- a/setup-caddy.yml
+++ b/setup-caddy.yml
@ -0,0 +1,13 @@
+- name: Setup Caddy
+  hosts: all
+  become: true
+  vars:
+    caddy_portal_domains:
+      - portal.onwalk.net
+      - www.onwalk.net
+      - cn-portal.onwalk.net
+    caddy_portal_proxy: 127.0.0.1:3000
+    caddy_download_domain: dl.onwalk.net
+    caddy_download_root: /var/www/media
+  roles:
+    - roles/vhosts/caddy