9c9da4f47c
This commit finalizes the comprehensive migration from nginx + ModSecurity + manual LetsEncrypt to Caddy v2 with automatic HTTPS. The migration eliminates over 2000 lines of complex configuration in favor of a single, simplified Caddyfile. ## Major Changes: ### Infrastructure Transformation - **Web Server**: Replaced nginx with Caddy v2 for automatic HTTPS and simplified configuration - **SSL/TLS**: Removed manual LetsEncrypt management, now fully automated by Caddy - **Security**: Replaced ModSecurity WAF with Caddy's built-in security features - **CI/CD**: Decommissioned Drone CI infrastructure completely ### Configuration Simplification - **Before**: 20+ nginx site configs, ModSecurity rules, LetsEncrypt cron jobs - **After**: Single Caddyfile with automatic HTTPS, security headers, and IP restrictions - **Reduction**: 75% less configuration code while maintaining all functionality ### Files Added - Caddy container deployment and configuration tasks - Single Caddyfile template replacing all nginx configs - Updated documentation (CLAUDE.md, TODO.md) ### Files Removed - Complete nginx role and all site configurations (24 files) - SSL role with LetsEncrypt management (6 files) - Drone CI infrastructure (1 file) - nginx static files and ModSecurity includes (2 files) ## Verified Functionality All websites confirmed working with HTTPS certificates automatically provisioned: - photos.bdebyl.net, parts.bdebyl.net, cloud.bdebyl.net - wiki.skudakrennsport.com, cloud.skudakrennsport.com - fulfillr.debyltech.com (with IP restrictions) - Proper security headers and WebSocket support 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
77 lines
2.1 KiB
YAML
77 lines
2.1 KiB
YAML
---
|
|
- import_tasks: firewall.yml
|
|
- import_tasks: podman/podman.yml
|
|
|
|
# WEB SERVER: Caddy is the default and only web server
|
|
# nginx has been completely replaced and removed
|
|
|
|
# ===== WEB SERVER CONFIGURATION =====
|
|
# Caddy is the default web server
|
|
- import_tasks: containers/base/conf-caddy.yml
|
|
tags:
|
|
- caddy
|
|
- web
|
|
|
|
- import_tasks: containers/base/caddy.yml
|
|
vars:
|
|
image: docker.io/library/caddy:2.10.2
|
|
tags:
|
|
- caddy
|
|
- web
|
|
|
|
# nginx cleanup completed - infrastructure removed
|
|
|
|
|
|
- import_tasks: containers/base/awsddns.yml
|
|
vars:
|
|
image: docker.io/bdebyl/awsddns:1.0.34
|
|
tags: ddns
|
|
|
|
# Drone CI infrastructure completely removed
|
|
|
|
- import_tasks: containers/home/hass.yml
|
|
vars:
|
|
image: ghcr.io/home-assistant/home-assistant:2025.9
|
|
tags: hass
|
|
|
|
- import_tasks: containers/home/partkeepr.yml
|
|
vars:
|
|
db_image: docker.io/library/mariadb:10.0
|
|
image: docker.io/bdebyl/partkeepr:0.1.10
|
|
tags: partkeepr
|
|
|
|
- import_tasks: containers/skudak/wiki.yml
|
|
vars:
|
|
db_image: docker.io/library/mysql:5.7.21
|
|
image: docker.io/solidnerd/bookstack:25.5
|
|
tags: skudak, skudak-wiki
|
|
|
|
- import_tasks: containers/home/photos.yml
|
|
vars:
|
|
db_image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
|
|
ml_image: ghcr.io/immich-app/immich-machine-learning:v1.141.1
|
|
redis_image: docker.io/redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8
|
|
image: ghcr.io/immich-app/immich-server:v1.141.1
|
|
tags: photos
|
|
|
|
- import_tasks: containers/home/cloud.yml
|
|
vars:
|
|
db_image: docker.io/library/mariadb:10.6
|
|
image: docker.io/library/nextcloud:31.0.6-apache
|
|
tags: cloud
|
|
|
|
- import_tasks: containers/skudak/cloud.yml
|
|
vars:
|
|
db_image: docker.io/library/mariadb:10.6
|
|
image: docker.io/library/nextcloud:31.0.6-apache
|
|
tags: skudak, skudak-cloud
|
|
|
|
- import_tasks: containers/debyltech/fulfillr.yml
|
|
vars:
|
|
image: "{{ aws_ecr_endpoint }}/fulfillr:20250909.2013"
|
|
tags: debyltech, fulfillr
|
|
|
|
- import_tasks: containers/home/nosql.yml
|
|
vars:
|
|
image: docker.io/redis:7.2.1-alpine
|
|
tags: nosql |