821f954200
- Create INFRASTRUCTURE-COMPLETE.md: Comprehensive infrastructure overview * Network architecture and DNS configuration * Storage architecture for Nextcloud (1.4TB warm storage via LVM) * Kopia backup setup with Backblaze B2 integration * Caddy reverse proxy configuration (CT 202) * Security configuration and capacity planning - Add Caddy reverse proxy configurations: * caddy-kopia-integration.md: Integration steps for CT 202 * caddy-kopia-reverse-proxy.md: Complete configuration reference * caddy/Caddyfile: Production-ready configuration * caddy/docker-compose.yml: Docker deployment spec - Add Kopia backup documentation: * kopia-nextcloud-backblaze-setup.md: Complete Kopia setup guide * Backup strategy, retention policies, and restore procedures - Update related documentation with consolidated references Status: Infrastructure documented and ready for deployment
3.8 KiB
3.8 KiB
Caddy Integration for Kopia.jgitta.com - CT 202
Date: April 27, 2026
Status: Configuration Ready for CT 202
Purpose: Add kopia.jgitta.com reverse proxy to existing Caddy setup
Quick Integration
Caddy is already running on CT 202. To add kopia.jgitta.com reverse proxy:
Step 1: Access CT 202
# SSH to CT 202 (adjust IP if needed)
ssh root@[CT-202-IP]
# Or via Proxmox container access
pct enter 202
Step 2: Find Caddy Configuration Location
# Find Caddyfile location
find /etc/caddy -name "Caddyfile" -o -name "*.caddy" 2>/dev/null
# Or check docker/systemd
ps aux | grep -i caddy
Step 3: Add Kopia Configuration Block
Add this to your existing Caddyfile:
# Kopia Web UI Reverse Proxy
kopia.jgitta.com {
# Reverse proxy to Kopia on siklos
reverse_proxy http://192.168.88.27:51515 {
# WebSocket support for real-time updates
header_upstream Connection {http.request.header.Connection}
header_upstream Upgrade {http.request.header.Upgrade}
# Long timeout for backup operations
timeout 300s
}
# Security headers
header {
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
}
# HTTP to HTTPS redirect
http://kopia.jgitta.com {
redir https://kopia.jgitta.com{uri} permanent
}
Step 4: Reload Caddy
# If running as systemd service
sudo systemctl reload caddy
# If running as Docker container
docker-compose -f /path/to/docker-compose.yml restart caddy
# or
docker restart caddy
# Verify configuration
curl -k https://kopia.jgitta.com/
Step 5: Verify DNS and Access
# Check DNS resolution
nslookup kopia.jgitta.com
# Test from another machine
curl -k https://kopia.jgitta.com/
# Access in browser
# https://kopia.jgitta.com (ignore certificate warning for self-signed)
Expected Result
After configuration:
- ✅
https://kopia.jgitta.com/→ Caddy (443) → Kopia Web UI (51515 on siklos) - ✅
http://kopia.jgitta.com/→ Redirects to HTTPS - ✅ SSL/TLS encryption end-to-end
- ✅ Security headers applied
- ✅ WebSocket support for real-time Kopia updates
Troubleshooting
Can't connect to kopia.jgitta.com
-
Verify Caddy is running on CT 202
ps aux | grep caddy docker ps | grep caddy -
Check DNS resolution
nslookup kopia.jgitta.com # Should return 192.168.88.27 (pointing to CT 202 IP or Caddy host) -
Verify kopia.jgitta.com points to Caddy
- On MikroTik: kopia.jgitta.com → [CT-202-IP]
- Not to 192.168.88.27 directly (unless CT 202 is on that IP)
-
Test Caddy directly
# From CT 202 curl http://localhost/ # From another host curl https://[CT-202-IP]/ -k -
Check Caddy configuration syntax
caddy validate
Kopia backend unreachable
-
Verify Kopia is running on siklos:
ssh jgitta@192.168.88.27 "docker ps | grep kopia" -
Test connectivity from Caddy to Kopia:
curl http://192.168.88.27:51515/ (from CT 202) -
Check firewall allows port 51515 on siklos
Certificate errors
- For internal use, self-signed certificates are normal
- Browser will show warning — click "Advanced" and "Proceed"
- Or use
curl -kto skip certificate verification - For production public access, configure Let's Encrypt in Caddy
Complete Caddyfile Reference
If you need the full Caddyfile structure, see: caddy-kopia-reverse-proxy.md
Status: Ready for integration on CT 202
Next: Apply configuration to Caddy, verify HTTPS access, then push to Gitea