| 1 | # Managed by Ansible. |
| 2 | # |
| 3 | # Caddy reverse-proxies shithubd-web (127.0.0.1:8080). Auto-cert |
| 4 | # from Let's Encrypt for {{ shithub_domain }}; HTTP→HTTPS redirect |
| 5 | # is automatic when a `https://` site is declared. Long-timeout |
| 6 | # overrides on the git smart-HTTP routes match the 30-minute |
| 7 | # upstream timeout from S12 so push of a large repo doesn't get |
| 8 | # guillotined by Caddy's defaults. |
| 9 | { |
| 10 | # Operator email used for Let's Encrypt account + expiry alerts. |
| 11 | email {{ shithub_admin_email | default("ops@" + shithub_domain) }} |
| 12 | |
| 13 | # Use staging during dry-runs to avoid LE rate limits. |
| 14 | # Comment the next line out for production cert. |
| 15 | # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory |
| 16 | } |
| 17 | |
| 18 | {{ shithub_domain }} { |
| 19 | encode gzip |
| 20 | |
| 21 | # Long-timeout git smart-HTTP routes (S12). The fetch + push |
| 22 | # subprotocols stream and benefit from the buffer being off. |
| 23 | @git path_regexp gitp ^/[^/]+/[^/]+\.git/(info/refs|git-upload-pack|git-receive-pack)$ |
| 24 | handle @git { |
| 25 | reverse_proxy 127.0.0.1:8080 { |
| 26 | transport http { |
| 27 | read_timeout 30m |
| 28 | write_timeout 30m |
| 29 | response_header_timeout 30m |
| 30 | } |
| 31 | flush_interval -1 |
| 32 | } |
| 33 | } |
| 34 | |
| 35 | # Static assets: long cache. |
| 36 | @static path /static/* |
| 37 | handle @static { |
| 38 | header Cache-Control "public, max-age=86400" |
| 39 | reverse_proxy 127.0.0.1:8080 |
| 40 | } |
| 41 | |
| 42 | handle { |
| 43 | reverse_proxy 127.0.0.1:8080 { |
| 44 | transport http { |
| 45 | read_timeout 60s |
| 46 | write_timeout 60s |
| 47 | } |
| 48 | } |
| 49 | } |
| 50 | |
| 51 | log { |
| 52 | output file /var/log/caddy/access.log { |
| 53 | roll_size 100mb |
| 54 | roll_keep 14 |
| 55 | } |
| 56 | format json |
| 57 | } |
| 58 | } |