runner: Caddy service for cache HTTPS frontend (router-PAT-friendly ports)
This commit is contained in:
43
runner/Caddyfile
Normal file
43
runner/Caddyfile
Normal file
@@ -0,0 +1,43 @@
|
||||
# Caddy config for the cargoxx binary cache.
|
||||
#
|
||||
# The router does PAT (port forwarding) so the *external* world reaches
|
||||
# us at the standard 80/443 but the *internal* ports are different.
|
||||
# `http_port` and `https_port` below must match the internal ports the
|
||||
# router forwards to. Override via runner/.env:
|
||||
#
|
||||
# CADDY_HTTP_PORT=8080
|
||||
# CADDY_HTTPS_PORT=8443
|
||||
#
|
||||
# (Those env vars are picked up by compose.yml to publish the ports
|
||||
# AND injected into this Caddyfile via the {$VAR:default} substitution
|
||||
# below — Caddy expands env vars natively.)
|
||||
{
|
||||
# Internal ports — must equal whatever the router forwards 80/443 to.
|
||||
http_port {$CADDY_HTTP_PORT:8080}
|
||||
https_port {$CADDY_HTTPS_PORT:8443}
|
||||
# ACME's HTTP-01 challenge probe still arrives at host:80 → router
|
||||
# → :8080; Caddy answers it on the internal port. Auto cert works
|
||||
# as long as the PAT maps 80 → CADDY_HTTP_PORT and 443 → CADDY_HTTPS_PORT.
|
||||
email vorontsov@amadey.xyz
|
||||
}
|
||||
|
||||
cache.cargoxx.amadey.xyz {
|
||||
root * /srv/cache
|
||||
file_server
|
||||
|
||||
# narinfo / nar are immutable per content hash → cache aggressively.
|
||||
@cache_immutable path *.narinfo *.nar.xz *.nar
|
||||
header @cache_immutable Cache-Control "public, immutable, max-age=31536000"
|
||||
|
||||
# Substituter probe; short cache so new entries land quickly.
|
||||
@cache_info path /nix-cache-info
|
||||
header @cache_info Cache-Control "public, max-age=300"
|
||||
|
||||
log {
|
||||
output file /data/access.log {
|
||||
roll_size 50MiB
|
||||
roll_keep 5
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user