polpetta/desktop-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(navidrome): migrate to DNS challenge with automated SSL

Browse Source 
- Add caddy.env to gitignore for sensitive DNS credentials
- Replace manual SSL certificates with Let's Encrypt DNS challenge using
Namecheap
- Build custom Caddy image with namecheap DNS plugin
- Configure wildcard SSL for *.lan.poldebra.me domain
- Update docker-compose to use custom Caddy build and environment file

Note: we had to downgrade to Caddy 2.9, see
https://github.com/caddy-dns/namecheap/issues/14 for more information
This commit is contained in:
Davide Polonio 2025-08-23 14:12:38 +02:00
parent 9ec5361e40
commit d5f9890dc8
4 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -49,3 +49,4 @@ flycheck_*.el
/network-security.data /network-security.data
*.env

21
navidrome/Caddyfile
View File

@ -1,6 +1,19 @@
https://music.lan.poldebra.me { {
tls /cert.crt /key.key email {env.LETSENCRYPT_EMAIL}
reverse_proxy 172.20.0.5:4533 {
}
} }
*.lan.poldebra.me {
tls {
dns namecheap {
api_key {env.NAMECHEAP_API_KEY}
user {env.NAMECHEAP_API_USER}
api_endpoint https://api.namecheap.com/xml.response
}
resolvers 1.1.1.1 8.8.8.8
}
@music host music.lan.poldebra.me
handle @music {
reverse_proxy 172.20.0.5:4533
}
}

7
navidrome/Dockerfile.caddy Normal file
View File

@ -0,0 +1,7 @@
from caddy:2.9-builder-alpine as builder
run xcaddy build \
--with github.com/caddy-dns/namecheap
from caddy:alpine
copy --from=builder /usr/bin/caddy /usr/bin/caddy

10
navidrome/docker-compose.yml
View File

@ -22,13 +22,15 @@ services:
- internal - internal
reverse_proxy: reverse_proxy:
image: caddy:alpine build:
context: .
dockerfile: Dockerfile.caddy
restart: unless-stopped restart: unless-stopped
network_mode: service:tailscale network_mode: service:tailscale
volumes: volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro - ./Caddyfile:/etc/caddy/Caddyfile:ro
- /srv/docker/navidrome/certs/fullchain.pem:/cert.crt:ro env_file:
- /srv/docker/navidrome/certs/key.pem:/key.key:ro - caddy.env
healthcheck: healthcheck:
test: ["CMD", "wget", "--spider", "-q", "https://music.lan.poldebra.me"] test: ["CMD", "wget", "--spider", "-q", "https://music.lan.poldebra.me"]
interval: 5s interval: 5s
@ -40,7 +42,7 @@ services:
tailscale: tailscale:
condition: service_healthy condition: service_healthy
app: app: # TODO rename me in navidrome!
image: deluan/navidrome:latest image: deluan/navidrome:latest
user: 1000:1000 # should be owner of volumes user: 1000:1000 # should be owner of volumes
hostname: app hostname: app