Switch to Caddy for local routing

NuckChorris · NuckChorris · commit 21647d8e4559 · 2023-12-01T19:37:48.000-08:00
diff --git a/bin/trust b/bin/trust
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+cd "$(dirname "$0")/../"
+
+./bin/check_for_updates
+
+docker compose cp router:/data/caddy/pki/authorities/local/root.crt ./router/root.crt
+
+case "$(uname -sr)" in
+   Darwin*)
+     echo 'Installing root certificate for macOS...'
+      sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./router/root.crt
+     ;;
+
+   *)
+      echo 'Cannot automatically install root certificate for your OS. Please install it manually. The certificate is located at $(realpath ./router/root.crt)'
+     ;;
+esac
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,6 +7,8 @@ volumes:
     driver: local
   typesense:
     driver: local
+  caddy_data:
+    driver: local
 
 services:
   # Databases
@@ -49,10 +51,24 @@ services:
   # Web server, routing /api and / to server, client respectively
   router:
     build: ./router
-    depends_on: [web, api, minio, mailcatcher]
+    command: [caddy, run, --watch, --config, /etc/caddy/Caddyfile]
+    develop:
+      watch:
+        - action: sync
+          path: ./router/Caddyfile
+          target: /etc/caddy/Caddyfile
+    ports:
+      - target: 80
+        published: 7580
+        protocol: tcp
+      - target: 443
+        published: 7543
+        protocol: tcp
+      - target: 443
+        published: 7543
+        protocol: udp
     volumes:
-      - uploads:/srv/www/uploads/system
-    ports: ["42069:80"]
+      - caddy_data:/data
 
   # Application
   api: &rails
diff --git a/router/Caddyfile b/router/Caddyfile
@@ -0,0 +1,49 @@
+{
+	debug
+	local_certs
+	auto_https disable_redirects
+}
+
+(tls) {
+	tls internal {
+		on_demand
+	}
+}
+
+(log) {
+	log {
+		output stdout
+		format console
+	}
+}
+
+(api) {
+	handle /api/* {
+		request_body {
+			max_size 100MB
+		}
+		encode zstd gzip
+		reverse_proxy http://api
+	}
+}
+
+media.kitsu.dev {
+	import tls
+	reverse_proxy http://minio:9000
+}
+
+admin.media.kitsu.dev {
+	import tls
+	reverse_proxy http://minio:9001
+}
+
+mail.kitsu.dev {
+	import tls
+	reverse_proxy http://mailcatcher:1080
+}
+
+kitsu.dev, http://localhost {
+	import tls
+	import api
+	reverse_proxy http://client
+}
diff --git a/router/Dockerfile b/router/Dockerfile
@@ -1,6 +1,5 @@
-FROM nginx:1.9
-MAINTAINER Kitsu, Inc.
+FROM caddy:latest
 
-RUN rm /etc/nginx/conf.d/default.conf
-COPY ./nginx.conf /etc/nginx/conf.d/kitsu.conf
-COPY ./*.include.conf /etc/nginx/
+COPY private.pem /etc/caddy/private.pem
+COPY public.pem /etc/caddy/public.pem
+COPY Caddyfile /etc/caddy/Caddyfile
