update

peter-mw · peter-mw · commit acb53c9a2d21 · 2025-06-19T12:24:19.000+03:00
diff --git a/web/Modules/Caddy/App/Filament/Pages/CaddySettings.php b/web/Modules/Caddy/App/Filament/Pages/CaddySettings.php
@@ -77,6 +77,20 @@ public function schema(): array
                                 ->default('443')
                                 ->numeric()
                                 ->helperText('Port for Caddy to listen on for HTTPS requests'),
+
+                            TextInput::make('caddy.cloudflare_api_token')
+                                ->label('Cloudflare API Token')
+                                ->password()
+                                ->helperText('API token for Cloudflare DNS challenge. Required for wildcard SSL certificates. Get one from https://dash.cloudflare.com/profile/api-tokens/'),
+
+                            Checkbox::make('caddy.enable_wildcard_ssl')
+                                ->label('Enable Wildcard SSL (Cloudflare)')
+                                ->helperText('Prefer wildcard SSL certificates for all domains if possible using Cloudflare DNS plugin.'),
+
+                            TextInput::make('caddy.wildcard_domain')
+                                ->label('Wildcard Base Domain')
+                                ->placeholder('example.com')
+                                ->helperText('Wildcard SSL will only be used for this domain and its subdomains.'),
                         ]),
 
                     Tabs\Tab::make('Apache Integration')
diff --git a/web/Modules/Caddy/App/Jobs/CaddyBuild.php b/web/Modules/Caddy/App/Jobs/CaddyBuild.php
@@ -170,6 +170,9 @@ protected function generateCaddyfile(): void
         // Get static file paths from settings
         $staticPaths = setting('caddy.static_paths') ?? '';
 
+        // Get Cloudflare API token for DNS challenges
+        $cloudflareApiToken = setting('caddy.cloudflare_api_token');
+
         foreach ($getAllDomains as $domain) {
             $isBroken = false;
 
@@ -230,6 +233,7 @@ protected function generateCaddyfile(): void
             'caddyBlocks' => $caddyBlocks,
             'caddyEmail' => $caddyEmail,
             'staticPaths' => $staticPaths,
+            'cloudflareApiToken' => $cloudflareApiToken,
         ])->render();
 
         $caddyfile = preg_replace('~(*ANY)\A\s*\R|\s*(?!\r\n)\s$~mu', '', $caddyfile);
@@ -250,6 +254,22 @@ private function createCaddyBlock(Domain $domain, $apacheHttpPort): ?array
             return null;
         }
 
+//        //gi matcth the wilcard use tls_cloudflare
+//
+//        $useWildcard = setting('caddy.enable_wildcard_ssl', false);
+//        $cloudflareApiToken = setting('caddy.cloudflare_api_token');
+//        $tls_cloudflare = false;
+//        $wildcardDomain = null;
+//        if ($useWildcard && $cloudflareApiToken && !empty($domain->domain)) {
+//            if(strpos($domain->domain, '*') === false && strpos($domain->domain, '.') !== false) {
+//                $tls_cloudflare = true;
+//                $wildcardDomain = "*." . $domain->domain;
+//            }
+//        }
+//
+//
+
+
         return [
             'domain' => $domain->domain,
             'proxy_to' => "127.0.0.1:{$apacheHttpPort}",
@@ -265,12 +285,29 @@ private function createMasterDomainCaddyBlock(MasterDomain $masterDomain, $apach
             return null;
         }
 
+        // Wildcard SSL logic only for master domain
+        $useWildcard = setting('caddy.enable_wildcard_ssl', false);
+        $cloudflareApiToken = setting('caddy.cloudflare_api_token');
+        $tls_cloudflare = false;
+        $wildcardDomain = null;
+
+        // Only use wildcard if enabled and token is set for master domain
+        if ($useWildcard && $cloudflareApiToken && !empty($masterDomain->domain)) {
+
+
+            $tls_cloudflare = true;
+            $wildcardDomain = "*." . $masterDomain->domain;
+        }
+
         return [
             'domain' => $masterDomain->domain,
+           // 'wildcardDomain' => $wildcardDomain,
+          //  'cloudflareApiToken' => $cloudflareApiToken,
             'proxy_to' => "127.0.0.1:{$apacheHttpPort}",
             'enable_ssl' => true,
             'enable_www' => true,
             'is_master' => true,
+        //    'tls_cloudflare' => $tls_cloudflare,
             'document_root' => $masterDomain->document_root ?? "/var/www/{$masterDomain->domain}/public_html",
         ];
     }
diff --git a/web/Modules/Caddy/resources/views/caddyfile-build.blade.php b/web/Modules/Caddy/resources/views/caddyfile-build.blade.php
@@ -6,6 +6,7 @@
     servers {
         protocols h1 h2 h3
     }
+
 }
 
 @foreach($caddyBlocks as $block)
@@ -31,7 +32,6 @@
         ETag
     }
 
-
     @endif
 
     # Proxy remaining requests to Apache
@@ -43,6 +43,8 @@
         }
     }
 
+
+
     # Enable compression
     encode zstd gzip
 
diff --git a/web/Modules/Caddy/shell-scripts/install-caddy.sh b/web/Modules/Caddy/shell-scripts/install-caddy.sh
@@ -55,6 +55,18 @@ sudo chmod 644 /etc/caddy/Caddyfile
 
 usermod -aG www-data caddy
 
+sudo add-apt-repository ppa:longsleep/golang-backports -y
+sudo apt update -y
+sudo apt install golang-go -y
+
+
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https -y
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-xcaddy.list
+sudo apt update -y
+sudo apt install xcaddy -y
+cd /usr/bin
+xcaddy build --with github.com/caddy-dns/cloudflare
 
 
 

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`servers {`
`7`	`7`	`protocols h1 h2 h3`
`8`	`8`	`}`
	`9`	`+`
`9`	`10`	`}`
`10`	`11`
`11`	`12`	`@foreach($caddyBlocks as $block)`
`@@ -31,7 +32,6 @@`
`31`	`32`	`ETag`
`32`	`33`	`}`
`33`	`34`
`34`		`-`
`35`	`35`	`@endif`
`36`	`36`
`37`	`37`	`# Proxy remaining requests to Apache`
`@@ -43,6 +43,8 @@`
`43`	`43`	`}`
`44`	`44`	`}`
`45`	`45`
	`46`	`+`
	`47`	`+`
`46`	`48`	`# Enable compression`
`47`	`49`	`encode zstd gzip`
`48`	`50`