Simplify Caddy infrastructure to use file-based configuration instead of complex API registration system

2025-11-15 00:11:46 +01:00
parent 7788410bfc
commit 8162e789ee
13 changed files with 706 additions and 216 deletions
--- a/roles/caddy/templates/Caddyfile.j2
+++ b/roles/caddy/templates/Caddyfile.j2
@@ -3,24 +3,30 @@

 # Global configuration
 {
-    admin {{ caddy_admin_listen }}
-    
    {% if caddy_tls_enabled and caddy_tls_email %}
    # ACME configuration for Let's Encrypt
    email {{ caddy_tls_email }}
    acme_ca {{ caddy_acme_ca }}
    {% endif %}
    
+    {% if caddy_dns_provider == "cloudflare" and cloudflare_api_token %}
+    # DNS challenge for wildcard certificates
+    acme_dns cloudflare {{ cloudflare_api_token }}
+    {% endif %}
+    
    {% if not caddy_auto_https %}
    auto_https off
    {% endif %}
 }

+# Import service configurations
+import {{ caddy_sites_enabled_dir }}/*
+
 # Primary domain: {{ caddy_domain }}
 {{ caddy_domain }} {
    {% if caddy_tls_enabled %}
        {% if caddy_dns_provider == "cloudflare" and cloudflare_api_token %}
-    # DNS challenge for automatic TLS (secure: no environment files)
+    # DNS challenge for automatic TLS 
    tls {
        dns cloudflare {{ cloudflare_api_token }}
        resolvers {{ caddy_dns_resolvers | join(' ') }}
@@ -29,8 +35,6 @@
    # HTTP challenge for automatic TLS  
    tls {{ caddy_tls_email }}
        {% endif %}
-    {% else %}
-    # TLS disabled
    {% endif %}
    
    # Serve static content
@@ -57,83 +61,3 @@
        {% endif %}
    }
 }
-
-# Additional configured sites
-{% for site in caddy_sites %}
-{{ site.domain }}{% if site.port is defined %}:{{ site.port }}{% endif %} {
-    {% if caddy_tls_enabled and site.tls != "off" %}
-        {% if site.dns_challenge | default(false) and caddy_dns_provider == "cloudflare" and cloudflare_api_token %}
-    # DNS challenge for this site (secure: direct variable substitution)
-    tls {
-        dns cloudflare {{ cloudflare_api_token }}
-        resolvers {{ caddy_dns_resolvers | join(' ') }}
-    }
-        {% elif caddy_tls_email and site.tls != "off" %}
-    # HTTP challenge for this site
-    tls {{ caddy_tls_email }}
-        {% endif %}
-    {% elif site.tls == "off" %}
-    # TLS explicitly disabled for this site
-    tls off
-    {% endif %}
-
-    {% if site.root is defined %}
-    # Static file serving
-    root * {{ site.root }}
-    file_server
-    {% endif %}
-
-    {% if site.backend is defined %}
-    # Reverse proxy
-    reverse_proxy {{ site.backend }} {
-        # Standard proxy headers
-        header_up Host {upstream_hostport}
-        header_up X-Real-IP {remote_host}
-        header_up X-Forwarded-For {remote_host}
-        header_up X-Forwarded-Proto {scheme}
-        header_up X-Forwarded-Host {host}
-    }
-    {% endif %}
-
-    # Logging for this site
-    log {
-        {% if caddy_log_format == "json" %}
-        output file {{ caddy_log_dir }}/{{ site.domain | replace('.', '_') }}.log {
-            roll_size 100mb
-            roll_keep 5
-        }
-        format json {
-            time_format "2006-01-02T15:04:05.000Z07:00"
-        }
-        level {{ caddy_log_level }}
-        {% else %}
-        output file {{ caddy_log_dir }}/{{ site.domain | replace('.', '_') }}.log {
-            roll_size 100mb
-            roll_keep 5
-        }
-        level {{ caddy_log_level }}
-        {% endif %}
-    }
-
-    {% if site.extra_config is defined %}
-    # Additional site configuration
-    {{ site.extra_config | indent(4) }}
-    {% endif %}
-}
-
-{% endfor %}
-
-{% if caddy_tls_enabled %}
-# HTTP to HTTPS redirects
-http://{{ caddy_domain }} {
-    redir https://{host}{uri} permanent
-}
-
-{% for site in caddy_sites %}
-{% if site.tls != "off" %}
-http://{{ site.domain }} {
-    redir https://{host}{uri} permanent
-}
-{% endif %}
-{% endfor %}
-{% endif %}