Update with caddy instead nginx

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

Caddyfile

@@ -0,0 +1,35 @@
+bensuperpc.org {
+    root * /var/www/html
+    php_fastcgi wordpress:9000
+    file_server
+    encode gzip
+    
+    @disallowed {
+        path /xmlrpc.php
+        path *.sql
+        path /wp-content/uploads/*.php
+    }
+    rewrite @disallowed '/index.php'
+
+    respond /uploads/*.php 404
+}
+
+www.bensuperpc.org {
+    redir https://{host}{uri}
+}
+
+bensuperpc.fr {
+    redir https://{host}{uri}
+}
+
+www.bensuperpc.fr {
+    redir https://{host}{uri}
+}
+
+bensuperpc.com {
+    redir https://{host}{uri}
+}
+
+www.bensuperpc.com {
+    redir https://{host}{uri}
+}

Makefile

@@ -7,9 +7,9 @@
 #//                             |_|             |_|          //
 #//////////////////////////////////////////////////////////////
 #//                                                          //
-#//  Script, 2022                                            //
+#//  Infrastructur, 2022                                     //
 #//  Created: 14, April, 2022                                //
-#//  Modified: 17, March, 2023                               //
+#//  Modified: 10, April, 2023                               //
 #//  file: -                                                 //
 #//  -                                                       //
 #//  Source:                                                 //
@@ -20,7 +20,7 @@
 
 DOCKER := docker
 
-PROFILES := wp_db wordpress webserver certbot phpmyadmin qbittorrent jellyfin
+PROFILES := webserver database wordpress
 PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
 
 
@@ -68,6 +68,7 @@ state:
 
 .PHONY: update
 update:
+	git submodule update --init --recursive --remote
 	git pull --recurse-submodules --all --progress
 	docker compose $(COMPOSE_FILES) $(PROFILES_CMD) pull
 

README.md

@@ -2,23 +2,24 @@
 
 _My personal infrastructure for my servers and services._
 
+**I moved to caddy inetead of nginx, you can find the old version before this commit:**b98fca7af8954770feec0cd962d35f47bde0d5d2**
+
 ## About
 
 This is my infrastructure. It's a collection of scripts and configuration files that I use to manage my servers and services.
-It uses Nginx and docker-compose to run my services (And many other things).
+It uses ~~Nginx ~~ caddy and docker-compose to run my services (And many other things).
 It's a **work in progress**, and I'm still learning a lot about it.
 If you have any **questions** or **suggestions**, feel free to open an issue or a pull request.
 
 ## Features
 
-- [x] Nginx reverse proxy
+- [x] caddy 2 reverse proxy
 - [x] Docker / docker-compose
-- [x] Letsencrypt / Certbot
+- [x] ~~Letsencrypt / Certbot~~ (Caddy)
-- [x] Wordpress (Via FASTCGI/NGINX)
+- [x] Wordpress (Via FASTCGI/caddy)
 - [x] PHPMyAdmin (MariaDB)
-- [x] PGAdmin (PostgreSQL)
+- [ ] Qbittorrent
-- [x] Qbittorrent
+- [ ] Jellyfin
-- [x] Jellyfin
 - [ ] Gitea
 - [ ] Mastodon
 - [ ] Minecraft server (Hyperworld v2)
@@ -58,94 +59,18 @@ For all **bensuperpc.org**, you need to replace it with your domain, example: **
 find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/bensuperpc.com/g'
 ```
 
-Keep original config file
+And then, caddy will generate the certificate for you and renew it automatically :D (It's easier than certbot and nginx)
+
+### Configure the infrastructure
+
+You must create a file named `.env` with the following content:
 
 ```sh
-cp -r nginx/conf.d nginx/conf.d-original
+MARIADB_ROOT_PASSWORD=<your_root_password>
+MARIADB_USER=<your_user>
+MARIADB_PASSWORD=<your_password>
 ```
 
-Remove the old config file
-
-```sh
-rm -fr nginx/nginx-conf
-```
-
-Copy _nginx-conf-cert_ to _nginx-conf_, for temporary use to get the SSL certificate
-
-```sh
-cp -r nginx/conf.d-cert nginx/conf.d
-```
-
-Replace certbot commands in _docker-compose.yml_, and replace _bensuperpc.org_ by your domain
-
-```yaml
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-```
-
-With to get the SSL certificate
-
-```yaml
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
-```
-
-Run the docker-compose and exit with CTRL+C and when you have the SSL certificate
-
-```sh
-make start-at
-```
-
-Replace certbot commands in _docker-compose.yml_ to update and renew the SSL certificate
-
-```sh
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
-```
-
-Run the docker-compose to update and renew the SSL certificate and exit with CTRL+C when you have the SSL certificate
-
-```sh
-make start-at
-```
-
-Now you can replace the certbot commands in _docker-compose.yml_ with the original one
-
-```yaml
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-```
-
-Remove the cert config file
-
-```sh
-rm -fr nginx/conf.d
-```
-
-Copy _nginx-conf-original_ to _nginx-conf_, for definitive use
-
-```sh
-cp -r nginx/conf.d-original nginx/conf.d
-```
-
-Now you start services
-
-```sh
-make start-at
-```
-
-### Flask website
-
-You can follow the [README.md](bensuperpc_website/README.md) to install the Flask website.
-
 ### Wordpress website
 
 For the Wordpress website, you can configure in GUI when you go to the website.
@@ -169,9 +94,6 @@ make stop
 You can access to the website with:
 
 - [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) (Wordpress for now)
-- [phpmyadmin.bensuperpc.org](http://phpmyadmin.bensuperpc.org) and [www.phpmyadmin.bensuperpc.org](http://www.phpmyadmin.bensuperpc.org) (PHPMyAdmin for MariaDB)
-- [pgadmin.bensuperpc.org](http://pgadmin.bensuperpc.org) and [www.pgadmin.bensuperpc.org](http://www.pgadmin.bensuperpc.org) (PGAdmin for PostgreSQL)
-- [qbittorrent.bensuperpc.org](http://qbittorrent.bensuperpc.org) and [www.qbittorrent.bensuperpc.org](http://www.qbittorrent.bensuperpc.org) (Qbittorrent)
 
 ## Build with
 
@@ -182,8 +104,8 @@ You can access to the website with:
 - [Docker](https://www.docker.com/)
 - [Docker Compose](https://docs.docker.com/compose/)
 - [Docker Hub](https://hub.docker.com/)
-- [Digital Ocean](https://www.digitalocean.com/)
+- [How To Start WordPress with Caddy using Docker Compose](https://minhcung.me/how-to-start-wordpress-with-caddy-using-docker-compose-3d31bb9ef88b)
-- [Digital Ocean - How To Install WordPress with Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
+- [Digital Ocean - How To Install WordPress with Docker Compose (nginx)](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
 - [PGAmin](https://www.pgadmin.org/)
 - [Qbittorrent](https://www.qbittorrent.org/)
 - [Jellyfin](https://jellyfin.org/)

docker-compose.yml

@@ -0,0 +1,89 @@
+version: '3.7'
+# https://minhcung.me/how-to-start-wordpress-with-caddy-using-docker-compose-3d31bb9ef88b
+services:
+  database:
+    image: mariadb:latest
+    container_name: database
+    profiles:
+      - database
+    volumes:
+      - database:/var/lib/mysql:rw
+    restart: always
+    env_file:
+      - env/mariadb.env
+    environment:
+      MYSQL_DATABASE: blog_wp
+    command: '--default-authentication-plugin=mysql_native_password'
+    networks:
+      - blog-network
+  # Wordpress
+  wordpress:
+    depends_on:
+      - database
+    image: wordpress:6.2-fpm-alpine
+    container_name: wordpress
+    profiles:
+      - wordpress
+    restart: always
+    user: "root:root"
+    env_file:
+      - env/wordpress.env
+    volumes:
+      - ./php.ini:/usr/local/etc/php/conf.d/custom.ini:ro
+      - wordpress:/var/www/html:rw
+    networks:
+      - blog-network
+  # Webserver
+  caddy:
+    image: caddy:alpine
+    container_name: webserver
+    profiles:
+      - webserver
+    ports:
+      - 80:80/tcp
+      - 80:80/udp
+      - 443:443/tcp
+      - 443:443/udp
+    volumes:
+      - wordpress:/var/www/html:rw
+      - caddy_data:/data:rw
+      - caddy_config:/config:rw
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+    networks:
+      - blog-network
+#  phpmyadmin:
+#    image: phpmyadmin:5.2.0
+#    container_name: phpmyadmin
+#    profiles:
+#      - phpmyadmin
+#    restart: always
+#    env_file: 
+#      - env/phpmyadmin.env
+#    ports:
+#      - 8080:80
+#    depends_on:
+#      - database
+#    networks:
+#      - blog-network
+#    security_opt:
+#      - no-new-privileges:true
+#      - seccomp:unconfined
+#      - apparmor:unconfined
+#    cap_drop:
+#      - ALL
+#    cap_add:
+#      - CHOWN
+networks:
+  blog-network:
+    driver: bridge
+    name: blog-network
+
+volumes:
+  database:
+    name: database
+  wordpress:
+    name: wordpress
+  caddy_data:
+    name: caddy_data
+  caddy_config:
+    name: caddy_config

php.ini

@@ -0,0 +1,3 @@
+memory_limit = 512M
+upload_max_filesize = 128M
+post_max_size = 128M