mirrors/git-pages
1
0
Fork 0
mirror of https://codeberg.org/git-pages/git-pages.git synced 2026-05-18 13:11:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
94ec490ca5c8953368eb727f308dc12edccf9846
git-pages/conf/Caddyfile
Catherine 4c087278cb Fly.io: switch health check method to [[services.http_checks]]. 
More specifically, remove the dedicated HTTP datapath for health
checks and verify the entire stack, from TLS frontend to S3 backend.
Verifying too little has resulted in a small outage recently when
the pages listener got misconfigured but the health listener happily
accepted connections like normal. This would not happen now that
the health check uses port 443, too.
2025-09-23 02:34:55 +00:00

102 lines
1.5 KiB
Caddyfile
Raw Blame History

(proxy) {
listener_wrappers {
proxy_protocol {
timeout 1s
allow {$ALLOW_PROXY}
}
tls
}
}
{
storage s3 {
host "{env.PAGES_STORAGE_S3_ENDPOINT}"
access_id "{env.PAGES_STORAGE_S3_ACCESS_KEY_ID}"
secret_key "{env.PAGES_STORAGE_S3_SECRET_ACCESS_KEY}"
bucket "{env.PAGES_STORAGE_S3_BUCKET}"
prefix "ssl"
}
admin off
persist_config off
log {
output stderr
level WARN
exclude admin http.auto_https
format console {
time_key ""
}
}
metrics
email {env.ACME_EMAIL}
auto_https disable_redirects
on_demand_tls {
permission http http://localhost:3001
}
servers :80 {
name http
protocols h1 h2c
import proxy
}
servers :443 {
name https
protocols h1 h2
import proxy
}
servers {$UDP_BIND_TO:0.0.0.0}:443 {
name http3
protocols h3
}
servers :2019 {
name metrics
protocols h1
}
}
(backend) {
tls {
on_demand
}
@h2c `{env.PAGES_FEATURES}.matches(r"\bh2c\b")`
reverse_proxy @h2c h2c://{$GIT_PAGES_ADDRESS:localhost}:3000
reverse_proxy http://{$GIT_PAGES_ADDRESS:localhost}:3000
header Alt-Svc `h3=":443"; persist=1, h2=":443"; persist=1`
encode
}
http:// {
# initial PUT/POST for a new domain has to happen over HTTP;
# health check also has to reach the backend over HTTP
@upgrade `method('GET') && !header({'Health-Check': '*'})`
redir @upgrade https://{host}{uri} 301
import backend
}
https:// {
import backend
}
https:// {
# Fly.io requires UDP sockets to be bound to a different IP
bind {$UDP_BIND_TO:0.0.0.0}
import backend
}
http://:2019 {
metrics
}
Reference in New Issue View Git Blame Copy Permalink