diff --git a/roles/vhosts/caddy/handlers/main.yml b/roles/vhosts/caddy/handlers/main.yml new file mode 100644 index 0000000..3fb4335 --- /dev/null +++ b/roles/vhosts/caddy/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Reload caddy + ansible.builtin.service: + name: caddy + state: reloaded diff --git a/roles/vhosts/caddy/tasks/main.yml b/roles/vhosts/caddy/tasks/main.yml new file mode 100644 index 0000000..860d918 --- /dev/null +++ b/roles/vhosts/caddy/tasks/main.yml @@ -0,0 +1,67 @@ +- name: Ensure Caddy repo prerequisites + ansible.builtin.apt: + name: + - ca-certificates + - gnupg + state: present + update_cache: true + when: + - "(ansible_facts['distribution'] == 'Debian' and (ansible_facts['distribution_version'] is version('13', '=='))) or (ansible_facts['distribution'] == 'Ubuntu' and (ansible_facts['distribution_version'] is version('24.04', '==')))" + +- name: Ensure apt keyring directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + owner: root + group: root + mode: '0755' + +- name: Download Caddy GPG key + ansible.builtin.get_url: + url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key + dest: /etc/apt/keyrings/caddy-stable.asc + mode: '0644' + +- name: Dearmor Caddy GPG key + ansible.builtin.command: + cmd: gpg --dearmor -o /etc/apt/keyrings/caddy-stable.gpg /etc/apt/keyrings/caddy-stable.asc + creates: /etc/apt/keyrings/caddy-stable.gpg + +- name: Add Caddy repository (Debian) + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main" + filename: caddy-stable + state: present + when: + - ansible_facts['distribution'] == 'Debian' + - ansible_facts['distribution_version'] is version('13', '==') + +- name: Add Caddy repository (Ubuntu) + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/ubuntu any-version main" + filename: caddy-stable + state: present + when: + - ansible_facts['distribution'] == 'Ubuntu' + - ansible_facts['distribution_version'] is version('24.04', '==') + +- name: Install Caddy + ansible.builtin.apt: + name: caddy + state: present + update_cache: true + when: + - "(ansible_facts['distribution'] == 'Debian' and (ansible_facts['distribution_version'] is version('13', '=='))) or (ansible_facts['distribution'] == 'Ubuntu' and (ansible_facts['distribution_version'] is version('24.04', '==')))" + +- name: Deploy Caddyfile + ansible.builtin.template: + src: Caddyfile.j2 + dest: /etc/caddy/Caddyfile + mode: '0644' + notify: Reload caddy + +- name: Ensure Caddy is running + ansible.builtin.service: + name: caddy + state: started + enabled: true diff --git a/roles/vhosts/caddy/templates/Caddyfile.j2 b/roles/vhosts/caddy/templates/Caddyfile.j2 new file mode 100644 index 0000000..4057986 --- /dev/null +++ b/roles/vhosts/caddy/templates/Caddyfile.j2 @@ -0,0 +1,86 @@ +{ + # debug +} + +############################ +# portal.onwalk.net +# Next.js yarn dev +############################ +{{ caddy_portal_domains | join(', ') }} { + + # dev 阶段:禁止浏览器缓存 + header { + Cache-Control "no-store" + } + + # health check + @health { + path /health + } + handle @health { + respond 200 + } + + # 所有请求 → Next.js dev server + handle { + reverse_proxy {{ caddy_portal_proxy }} { + # WebSocket / HMR 必需 + header_up Connection {>Connection} + header_up Upgrade {>Upgrade} + + transport http { + read_timeout 0 + } + } + } +} + +############################ +# dl.onwalk.net +# 静态下载站 +############################ +{{ caddy_download_domain }} { + + root * {{ caddy_download_root }} + + # 禁止访问 dotfiles + @dotfiles { + path_regexp hidden (^|/)\. + } + handle @dotfiles { + respond 403 + } + + # well-known 直出 + @wellknown { + path /.well-known/* + } + handle @wellknown { + file_server + } + + # JSON 文件(轻缓存) + @json { + path *.json + } + handle @json { + header { + Content-Type application/json + Cache-Control "public, max-age=60" + } + file_server + } + + # 大文件(允许 Range) + @bigfiles { + path *.dmg *.zip *.tar.gz *.deb *.rpm *.exe *.pkg *.appimage *.apk *.ipa + } + handle @bigfiles { + file_server + } + + # 默认:目录浏览 + handle { + file_server browse + } +} diff --git a/setup-caddy.yml b/setup-caddy.yml new file mode 100644 index 0000000..625eba8 --- /dev/null +++ b/setup-caddy.yml @@ -0,0 +1,13 @@ +- name: Setup Caddy + hosts: all + become: true + vars: + caddy_portal_domains: + - portal.onwalk.net + - www.onwalk.net + - cn-portal.onwalk.net + caddy_portal_proxy: 127.0.0.1:3000 + caddy_download_domain: dl.onwalk.net + caddy_download_root: /var/www/media + roles: + - roles/vhosts/caddy