Site to Site WireGuard: HTTPS Services

[Xe]

• Caddy
  • Installing Caddy with systemd
  • Simple page at aloha.pele
    • tls directive
    • markdown directive
    • internal directive
    • ext directive
  • URL shortener
    • Install surl
    • Create DNS entry
    • Create certificate

[Xe]

WireGuard Site to Site VPN Part 4 - HTTPS Services

And in that folder create a script called fixperms.sh:

#!/bin/sh
chmod -R 750 .
chown -R root:www-data .
chmod 600 minica-key.pem

Then mark it executable:

chmod +x fixperms.sh

These permissions are set as such:

Facet	Read	Write	Execute/Directory Listing
User (root)	Yes	Yes	Yes
Group (www-data)	Yes	No	Yes
Others	No	No	No

This will allow Caddy to be able to read the certificates later in the post.

HTTPS

Caddy is a general-purpose HTTP server. One of its main features is automatic Let's Encrypt support. We are using it here to serve HTTPS because it has a very, very simple configuration file format.

• Caddy
  • Setup Caddy
    • Systemd
    • Certificate permissions
  • Configure Caddy for static file serving for aloha.pele
    • root directive
    • browse directive
  • Link to Caddy documentation
• URL shortener
  • Decide domain
    • suggest
  • Install surl in Docker
    • Configuration
    • Create Docker volume
    • docker volume create surl
    • docker run --name surl -v surl:/data --restart always -dit xena/surl:v0.4.0
  • Create DNS entry
    • g.o. IN CNAME oho.pele.
  • Create TLS certificate
    • cd ~/backups/CA && minica -domains 'g.o'
  • Configure Caddy
    • g.o:80 {
    • tls off
    • redir / https://g.o
    • }
    • g.o:443 {

    •     tls /srv/within/certs/g.o/cert.pem /srv/within/certs/g.o/key.pem
      

    •     proxy / http://10.77.0.1:5000
      

    • }
  • Test
    • cURL
    • Safari
      ​