use lego to renew certificates on vps

refactor caddy config
2026-02-23 20:35:57 +03:00
parent c308c5a8d2
commit 7106df52f1
7 changed files with 94 additions and 16 deletions
--- a/hosts/lab-by-02/docker/caddy/Caddyfile
+++ b/hosts/lab-by-02/docker/caddy/Caddyfile
@@ -3,6 +3,14 @@
    admin off
 }

+(tls_catmedved) {
+    tls /etc/caddy/certs/catmedved.com.crt /etc/caddy/certs/catmedved.com.key
+}
+
+(tls_kladovka52) {
+    tls /etc/caddy/certs/kladovka52.com.crt /etc/caddy/certs/kladovka52.com.key
+}
+
 (forward_to_home) {
    reverse_proxy 10.8.0.3:80 {
        header_up Host {host}
@@ -17,28 +25,26 @@
    }
 }

+# HTTP -> HTTPS
+http://*.catmedved.com, http://*.kladovka52.com {
+    redir https://{host}{uri} permanent
+}

-# catmedved.com
-
-beszel.catmedved.com,
-copypaste.kladovka52.com,
-gameyfin.catmedved.com,
-gitea.catmedved.com,
-music.catmedved.com,
-pdf-tools.catmedved.com,
-pdf-tools.kladovka52.com,
-photo.catmedved.com,
-recepies.catmedved.com {
+*.catmedved.com {
+    import tls_catmedved
    import forward_to_home
 }

-# kladovka52.com
-
-media.kladovka52.com,
-photo.kladovka52.com {
-    import forward_to_kladovka
+copypaste.kladovka52.com,
+pdf-tools.kladovka52.com {
+    import tls_kladovka52
+    import forward_to_home
 }

+*.kladovka52.com {
+    import tls_kladovka52
+    import forward_to_kladovka
+}

 # wg-easy
 vpnwg.ulakar.com {
--- a/hosts/lab-by-02/docker/caddy/docker-compose.yml
+++ b/hosts/lab-by-02/docker/caddy/docker-compose.yml
@@ -11,6 +11,7 @@ services:
    #      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
+      - /home/vk/docker/lego/certs/certificates:/etc/caddy/certs:ro
      - caddy_data:/data
      - caddy_config:/config
    environment: