runner: Caddy service for cache HTTPS frontend (router-PAT-friendly ports)

This commit is contained in:
2026-05-18 20:49:31 +00:00
parent fcecc1e5b0
commit 3da73147dc
4 changed files with 106 additions and 20 deletions

43
runner/Caddyfile Normal file
View File

@@ -0,0 +1,43 @@
# Caddy config for the cargoxx binary cache.
#
# The router does PAT (port forwarding) so the *external* world reaches
# us at the standard 80/443 but the *internal* ports are different.
# `http_port` and `https_port` below must match the internal ports the
# router forwards to. Override via runner/.env:
#
# CADDY_HTTP_PORT=8080
# CADDY_HTTPS_PORT=8443
#
# (Those env vars are picked up by compose.yml to publish the ports
# AND injected into this Caddyfile via the {$VAR:default} substitution
# below — Caddy expands env vars natively.)
{
# Internal ports — must equal whatever the router forwards 80/443 to.
http_port {$CADDY_HTTP_PORT:8080}
https_port {$CADDY_HTTPS_PORT:8443}
# ACME's HTTP-01 challenge probe still arrives at host:80 → router
# → :8080; Caddy answers it on the internal port. Auto cert works
# as long as the PAT maps 80 → CADDY_HTTP_PORT and 443 → CADDY_HTTPS_PORT.
email vorontsov@amadey.xyz
}
cache.cargoxx.amadey.xyz {
root * /srv/cache
file_server
# narinfo / nar are immutable per content hash → cache aggressively.
@cache_immutable path *.narinfo *.nar.xz *.nar
header @cache_immutable Cache-Control "public, immutable, max-age=31536000"
# Substituter probe; short cache so new entries land quickly.
@cache_info path /nix-cache-info
header @cache_info Cache-Control "public, max-age=300"
log {
output file /data/access.log {
roll_size 50MiB
roll_keep 5
}
}
}
}