Want to leverage #MCP (Model Context Protocol) without the hassle? Learn how to set up a powerful #n8n server on #hostinger for #AI #automation with @tailscale and #caddyserver

Save $200+ over 2 years with this method 🔧
https://youtu.be/OmWJPJ1CR7M

@simsus für den Fall finde ich ja den Webserver #Caddyserver genial, der automatisch verlängert und auch automatisch beantragt:

https://caddyserver.com/

@caddy

#Caddy 2.10 with Encrypted ClientHello (#ECH)

https://github.com/caddyserver/caddy/releases/tag/v2.10.0
#caddyserver

Caddy Web Server 2.10 released with encrypted ClientHello (ECH) support, post-quantum key exchange, ACME profiles, libdns 1.0 APIs, global DNS config

https://github.com/caddyserver/caddy/releases/tag/v2.10.0

#caddyserver #caddyreverseproxy #webserver #reverseproxy #acme #postquantumcryptography

Hi all. Hoping someone in the #SelfHosting community can help. I'm trying to set up #Linkwarden in #Docker behind #Caddy. The service is running, but I'm unable to create a user account. This is what I see in my browser console when I try:

register:1 [Intervention] Images loaded lazily and replaced with placeholders. Load events are deferred. See https://go.microsoft.com/fwlink/?linkid=2048113
register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) 
<input data-testid=​"password-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">
register:1 [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) 
<input data-testid=​"password-confirm-input" type=​"password" placeholder=​"••••••••••••••" class=​"w-full rounded-md p-2 border-neutral-content border-solid border outline-none focus:​border-primary duration-100 bg-base-100" value=​"tyq5ghp!QVH-mva1agc">
Error
api/v1/users:1 Request unavailable in the network panel, try reloading the inspected page Failed to load resource: the server responded with a status of 400 () Failed to load resource: the server responded with a status of 400 ()

compose file:

services:
  postgres:
    image: postgres:16-alpine
    container_name: linkwarden_postgres
    env_file: .env
    restart: always
    volumes:
      - ./pgdata:/var/lib/postgresql/data
    networks:
      - linkwarden_net
  linkwarden:
    env_file: .env
    environment:
      - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@linkwarden_postgres:5432/postgres
    restart: always
    # build: . # uncomment this line to build from source
    image: ghcr.io/linkwarden/linkwarden:latest # comment this line to build from source
    container_name: linkwarden
    ports:
      - 3009:3000
    volumes:
      - ./data:/data/data
    networks:
      - linkwarden_net
    depends_on:
      - postgres

networks:
  linkwarden_net:
    driver: bridge

Relevant part of .env file:

NEXTAUTH_URL=https://bookmarks.laniecarmelo.tech/api/v1/auth
NEXTAUTH_SECRET=x8az9q9w8ofAxnrVcer2vsPHeMmKSPbf

# Manual installation database settings
# Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwarden
DATABASE_URL=

# Docker installation database settings
POSTGRES_PASSWORD=redacted

# Additional Optional Settings
PAGINATION_TAKE_COUNT=
STORAGE_FOLDER=
AUTOSCROLL_TIMEOUT=
NEXT_PUBLIC_DISABLE_REGISTRATION=false
NEXT_PUBLIC_CREDENTIALS_ENABLED=true

Caddyfile snippet

*.laniecarmelo.tech {
    tls redacted {
        dns cloudflare redacted
    }

    header {
        Content-Security-Policy "default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 
            img-src https: data:; 
            font-src 'self' https: data:; 
            frame-src 'self' https:; 
            object-src 'none'"
        Referrer-Policy "strict-origin-when-cross-origin"
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
        X-Xss-Protection "1; mode=block"
    }

    encode br gzip

    # Bookmarks
    @bookmarks host bookmarks.laniecarmelo.tech
    handle @bookmarks {
        reverse_proxy 127.0.0.1:3009
    }
}

Can anyone help? I have no idea how to fix this.
#SelfHosted #CaddyServer #Linux #Tech #Technology
@selfhost @selfhosted @selfhosting

Switching my Caddy server to use ZeroSSL for AMCE SSL certification, replacing LetsEncrypt, was as easy as adding this to my Caddyfile:

{
    acme_ca https://acme.zerossl.com/v2/DV90
}

#CaddyServer #Caddy #SSL #ACME #LetsEncypt #ZeroSSL

#Caddy v2.10.0-beta.1 with automated! Encrypted ClientHello (#ECH) support 🥳
https://github.com/caddyserver/caddy/releases/tag/v2.10.0-beta.1
#caddyserver

Hi everyone,

I'm encountering an issue with my self-hosted setup using Caddy 2.9.1 and Authelia 4.38.19. All domains except auth.laniecarmelo.tech return a 401 Unauthorized error. Journald logs suggest issues with insecure schemes ('') instead of https or wss.

Details:

• Setup: Caddy as reverse proxy, Authelia for authentication
• Domains: AdGuard Home, Forgejo, LinkAce, MiniFlux, TheLounge, Homepage, Beszel, Glances, Uptime Kuma, Tandoor Recipes, BookStack, Watchtower, Portainer
• Logs:
  Authelia:
  Feb 24 21:01:47 stormux authelia[2932]: level=error msg="Target URL '/' has an insecure scheme '', only 'https' and 'wss' are supported"Caddy:
  Feb 24 21:19:41 stormux caddy[48845]: {"msg":"handled request","method":"GET","host":"adguard.laniecarmelo.tech","status":200}

Configurations:

• Full Caddyfile and Authelia config: GitHub Gist

Curl Output:

HTTP Request:

$ curl home.laniecarmelo.tech -v
< HTTP/1.1 308 Permanent Redirect
< Location: https://home.laniecarmelo.tech/

HTTPS Request:

$ curl https://home.laniecarmelo.tech -v
< HTTP/2 401 
< content-type: text/plain; charset=utf-8
< server: Caddy
401 Unauthorized

Does anyone know what might be causing this? I suspect it could be related to forward_auth or trusted proxies.

Thanks in advance! 🙏

#SelfHosting #CaddyServer #Authelia #ReverseProxy #TechHelp #Linux #HomeLab
@selfhost @selfhosting @selfhosted

So, in the last times I started to self host various services on some #Fedora low end Virtual Private Servers around the world. For personal use.
In the next days I will post a list of services I've deployed.
I used rootless #podman containers. #Podlet in order to use dockerfiles whenever possible, and to create #systemd services. And #caddyserver as frontend.

🚨 Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup 🚨

Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:

Setup

• MiniFlux: Running in #Docker on a #RaspberryPi500 (#Stormux, based on #ArchLinuxARM).
• Nextflux: Hosted on Cloudflare Pages.
• Reverse Proxy: #Caddy (installed via AUR).
• Cloudflare Access: Enabled for security and SSO.
• Cloudflared: Also installed via AUR.
• CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.

What’s Working

• MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.
• Nextflux is properly deployed on Cloudflare Pages.

The Problem

Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:

1. CORS Error:Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

2. Cloudflare Access Redirection:

   Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.
   

3. Failed to Fetch:

   Failed to fetch: TypeError: Failed to fetch.
   

What I’ve Tried

1. Service Token Authentication:

   • Generated a service token in Cloudflare Access for Nextflux.
   • Added CF-Access-Client-Id and CF-Access-Client-Secret headers in Caddy for rss.laniecarmelo.tech.
   • Updated Cloudflare Access policies to include a bypass rule for this service token.

2. CORS Configuration:

   • Tried permissive settings (Access-Control-Allow-Origin: *) in both Caddy and MiniFlux.
   • Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.

3. Policy Adjustments:

   • Created a bypass policy for my home IP range and public IP.
   • Added an "Allow" policy for authenticated users via email/login methods.

4. Debugging Logs:

   • Checked Cloudflared logs, which show requests being blocked due to missing access tokens (AccessJWTValidator errors).

Current State

Despite these efforts:

• Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.
• The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.

Goals

1. Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).
2. Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).

My Environment

• Raspberry Pi 500 running Arch Linux ARM.
• Both Caddy and Cloudflared are installed via AUR packages.
• MiniFlux is running in Docker with the following environment variables:CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>

Relevant Logs

From cloudflared:

ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"

From the browser console:

Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.

Questions

1. Is there a better way to configure CORS for this setup?
2. Should I be handling authentication differently between Nextflux and MiniFlux?
3. How can I ensure that requests from Nextflux include valid access tokens?

Any help or advice would be greatly appreciated! 🙏

#SelfHosting #Cloudflare #CaddyServer #Docker #RSS #CORS #Linux #ArchLinuxARM #CloudflarePages #tech #technology

http://www.myproject.localhost:8080/
http://app.myproject.localhost:8080/
http://api.myproject.localhost:8080/

TIL you can add subdomains to localhost & it will just work!

Great for throwing a #CaddyServer in between you and your development containers, let it route to all the different services by domain.

#WebDev

Today I switched my web server from Apache httpd to Caddy on FreeBSD 14. I've never seen a simpler web server. All you need is one Caddyfile to manage Caddy itself and all websites.

#caddyserver #freebsd

@nshki that's something I've been telling everybody literally for years*: #CaddyServer is the best thing anyone can use for a web server.

https://caddyserver.com/

* I'd link to where I said that before, but my decency prohibits me do that, so here's an screenshot instead.

Made my personal website get the maximum amount of points of Mozilla's HTTP Observatory. Now, my static site delivers content as securely as it possibly can. I highly recommend anyone with a personal website to tweak it along with their webserver so that it gets at least a hundred points on HTTP Observatory.
https://developer.mozilla.org/en-US/observatory
The least you can do is add your site to the HSTS Preload list (https://hstspreload.org/).

#blog #personalwebsite #mozilla #mdn #http #caddyserver #hsts #webdev

Funny. I got some #spam from #salesforce and went to click the 'unsubscribe' link. Nice to know that #caddyserver is what they use. But, uh, not very effective at unsubscribing.

@IsoKiero I'm a happy user of #MailCow for years. It just works, simple to inslall and update. I'm using #CaddyServer as a reverse proxy to further simplify the setup. And it's made in #EU 😄

For anyone wanting to add custom plugins/modules to #caddyserver on #NixOS: @vbernat released a flake to do this via xcaddy in a fixed-output derivation. Switched to it on my server today and works perfectly! More details in his blog post:

https://vincent.bernat.ch/en/blog/2024-caddy-nix-plugins

https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666/15

#CaddyServer is able to alter cookies that are passed between a reverse proxy, removing pesky browser restriction

:hacker_u: :hacker_i:
#caddyserver #music

I retired NGINX for Caddy - and never looked back.

In my last blog post, I reported on a DoS attack and Docker's dangerous default behaviour regarding ufw and setting up NGINX locally.

@lil5 pointed me to the Caddy web server after my post, and I migrated everything to it shortly afterwards.

My latest blog post is about migrating from NGINX to Caddy and why I don't want to go back to NGINX.

https://lukasrotermund.de/posts/i-retired-nginx-for-caddy-and-never-looked-back/

#Caddy #CaddyServer #NGINX