shithub Public

Watch 1 Fork 0 Star 0

Caddyfile · 2445 bytes Raw Blame History

  
        1
        # Managed by Ansible.
      
        2
        #
      
        3
        # Caddy reverse-proxies shithubd-web (127.0.0.1:8080). Auto-cert
      
        4
        # from Let's Encrypt for {{ shithub_domain }}; HTTP→HTTPS redirect
      
        5
        # is automatic when a `https://` site is declared. Long-timeout
      
        6
        # overrides on the git smart-HTTP routes match the 30-minute
      
        7
        # upstream timeout from S12 so push of a large repo doesn't get
      
        8
        # guillotined by Caddy's defaults.
      
        9
        {
      
        10
            # Operator email used for Let's Encrypt account + expiry alerts.
      
        11
            email {{ shithub_admin_email | default("ops@" + shithub_domain) }}
      
        12
        
        13
            # Use staging during dry-runs to avoid LE rate limits.
      
        14
            # Comment the next line out for production cert.
      
        15
            # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
      
        16
        }
      
        17
        
        18
        {{ shithub_domain }} {
      
        19
            @compressible {
      
        20
                not path_regexp actions_log_stream_for_compression ^/[^/]+/[^/]+/actions/runs/[0-9]+/jobs/[0-9]+/steps/[0-9]+/log/stream$
      
        21
            }
      
        22
            encode @compressible gzip
      
        23
        
        24
            # Actions step-log SSE must flush each event immediately and must
      
        25
            # bypass gzip; buffering here makes logs appear in delayed chunks.
      
        26
            @actions_log_stream path_regexp actions_log_stream ^/[^/]+/[^/]+/actions/runs/[0-9]+/jobs/[0-9]+/steps/[0-9]+/log/stream$
      
        27
            handle @actions_log_stream {
      
        28
                reverse_proxy 127.0.0.1:8080 {
      
        29
                    transport http {
      
        30
                        read_timeout 30m
      
        31
                        write_timeout 30m
      
        32
                        response_header_timeout 30m
      
        33
                    }
      
        34
                    flush_interval -1
      
        35
                }
      
        36
            }
      
        37
        
        38
            # Long-timeout git smart-HTTP routes (S12). The fetch + push
      
        39
            # subprotocols stream and benefit from the buffer being off.
      
        40
            @git path_regexp gitp ^/[^/]+/[^/]+\.git/(info/refs|git-upload-pack|git-receive-pack)$
      
        41
            handle @git {
      
        42
                reverse_proxy 127.0.0.1:8080 {
      
        43
                    transport http {
      
        44
                        read_timeout 30m
      
        45
                        write_timeout 30m
      
        46
                        response_header_timeout 30m
      
        47
                    }
      
        48
                    flush_interval -1
      
        49
                }
      
        50
            }
      
        51
        
        52
            # Static assets: long cache.
      
        53
            @static path /static/*
      
        54
            handle @static {
      
        55
                header Cache-Control "public, max-age=86400"
      
        56
                reverse_proxy 127.0.0.1:8080
      
        57
            }
      
        58
        
        59
            handle {
      
        60
                reverse_proxy 127.0.0.1:8080 {
      
        61
                    transport http {
      
        62
                        read_timeout 60s
      
        63
                        write_timeout 60s
      
        64
                    }
      
        65
                }
      
        66
            }
      
        67
        
        68
            log {
      
        69
                output file /var/log/caddy/access.log {
      
        70
                    roll_size 100mb
      
        71
                    roll_keep 14
      
        72
                }
      
        73
                format json
      
        74
            }
      
        75
        }

1	# Managed by Ansible.
2	#
3	# Caddy reverse-proxies shithubd-web (127.0.0.1:8080). Auto-cert
4	# from Let's Encrypt for {{ shithub_domain }}; HTTP→HTTPS redirect
5	# is automatic when a `https://` site is declared. Long-timeout
6	# overrides on the git smart-HTTP routes match the 30-minute
7	# upstream timeout from S12 so push of a large repo doesn't get
8	# guillotined by Caddy's defaults.
9	{
10	# Operator email used for Let's Encrypt account + expiry alerts.
11	email {{ shithub_admin_email \| default("ops@" + shithub_domain) }}
12
13	# Use staging during dry-runs to avoid LE rate limits.
14	# Comment the next line out for production cert.
15	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
16	}
17
18	{{ shithub_domain }} {
19	@compressible {
20	not path_regexp actions_log_stream_for_compression ^/[^/]+/[^/]+/actions/runs/[0-9]+/jobs/[0-9]+/steps/[0-9]+/log/stream$
21	}
22	encode @compressible gzip
23
24	# Actions step-log SSE must flush each event immediately and must
25	# bypass gzip; buffering here makes logs appear in delayed chunks.
26	@actions_log_stream path_regexp actions_log_stream ^/[^/]+/[^/]+/actions/runs/[0-9]+/jobs/[0-9]+/steps/[0-9]+/log/stream$
27	handle @actions_log_stream {
28	reverse_proxy 127.0.0.1:8080 {
29	transport http {
30	read_timeout 30m
31	write_timeout 30m
32	response_header_timeout 30m
33	}
34	flush_interval -1
35	}
36	}
37
38	# Long-timeout git smart-HTTP routes (S12). The fetch + push
39	# subprotocols stream and benefit from the buffer being off.
40	@git path_regexp gitp ^/[^/]+/[^/]+\.git/(info/refs\|git-upload-pack\|git-receive-pack)$
41	handle @git {
42	reverse_proxy 127.0.0.1:8080 {
43	transport http {
44	read_timeout 30m
45	write_timeout 30m
46	response_header_timeout 30m
47	}
48	flush_interval -1
49	}
50	}
51
52	# Static assets: long cache.
53	@static path /static/*
54	handle @static {
55	header Cache-Control "public, max-age=86400"
56	reverse_proxy 127.0.0.1:8080
57	}
58
59	handle {
60	reverse_proxy 127.0.0.1:8080 {
61	transport http {
62	read_timeout 60s
63	write_timeout 60s
64	}
65	}
66	}
67
68	log {
69	output file /var/log/caddy/access.log {
70	roll_size 100mb
71	roll_keep 14
72	}
73	format json
74	}
75	}