§2024-06-05

This is mine /etc//etc/haproxy/haproxy.cfg running the https://munetaka.net

global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend http_80_front
    # bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/fullchain.pem key /etc/letsencrypt/live/munetaka.me/privkey.pem
    bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend http_8088_back

backend http_8088_back
    server nginx_server 127.0.0.1:8088 ssl verify none

# 2024-06-05 add nextCLoud 
frontend front__nextCloud_45101
    bind *:45101 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    http-request set-header X-Forwarded-Proto https
    default_backend back_nextCloud_45101

backend  back_nextCloud_45101
    server nextcloud_server hc4Noble.yushei.net:45101

# Caddy Server
frontend front_caddy_h2jammy_43889
    bind *:43889 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    # bind *:43889
    default_backend back_caddy_h2jammy_43889

backend back_caddy_h2jammy_43889
    # mode http
    # option http-server-close
    server h2jammy_server h2Jammy.yushei.net:43889 ssl verify none
    # server h2jammy_server h2Jammy.yushei.net:43889


# YsMeeting Service
frontend front_ysmeeting_43410
    bind *:43410 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend back_ysmeeting_43410

backend back_ysmeeting_43410
    # server ysmeeting_server h2nas03.yushei.com.tw:43410 ssl verify none
    # will cause 503 error
    server ysmeeting_server h2nas03.yushei.com.tw:43410

This is my /etc/systemd/system/Caddy.service running at h2Jammy.yushei.net:43889

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
WorkingDirectory=/home/alexlai/build/yushei-caddy-markdown/
ExecStart=/usr/bin/caddy run --environ --config /home/alexlai/build/yushei-caddy-markdown/Caddyfile
ExecReload=/usr/bin/caddy reload --config /home/alexlai/build/yushei-caddy-markdown/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateDevices=yes
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

My /home/alexlai/build/yushei-caddy-markdown/Caddyfile

h2Jammy.yushei.net:43889 {
    root * demo
    encode gzip
    file_server browse
    templates

    log {
        output file access.43115.log
    }

    @media {
        path /favicon.ico
        path /media/*
    }
    @templates {
        path /templates/*
        not path /templates/*.css /templates/*.js
    }
    @markdown {
        path_regexp \.md$
    }
    @markdown_exists {
        file {path}.md
    }

    handle @media {
        file_server
    }
    handle @templates {
        error 403
    }
    handle @markdown {
        rewrite * /templates/index.html
    }
    handle @markdown_exists {
        map {path} {caddy_markdown_site.append_to_path} {
            default extension
        }
        rewrite * /templates/index.html
    }

    handle_errors {
        file_server
        templates

        @markdown_index_exists_404 {
            file {path}/index.md
            expression `{http.error.status_code} == 404`
        }

        handle @markdown_index_exists_404 {
            map {path} {caddy_markdown_site.append_to_path} {
                default index
            }
            file_server {
                status 200
            }
            rewrite * /templates/index.html
        }
        handle {
            rewrite * /templates/error.html
        }
    }
}

and h2Jammy.yushei.net has certificat

ot@h2Jammy:/home/alexlai# ls /etc/letsencrypt/live/h2jammy.yushei.net/
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

How to stop Caddy server in h2Jammy.yushei.net not to serve in https