update

peter-mw · peter-mw · commit e24a701713bc · 2025-06-19T14:23:39.000+03:00
diff --git a/web/Modules/Caddy/App/Jobs/CaddyBuild.php b/web/Modules/Caddy/App/Jobs/CaddyBuild.php
@@ -162,6 +162,7 @@ protected function generateCaddyfile(): void
     {
         $getAllDomains = Domain::whereNot('status', '<=>', 'broken')->get();
         $caddyBlocks = [];
+        $wildcardGroups = [];
 
         // Get Apache port settings (non-SSL ports for proxying)
         $apacheHttpPort = setting('caddy.apache_proxy_port') ?? setting('general.apache_http_port') ?? '8080';
@@ -174,45 +175,60 @@ protected function generateCaddyfile(): void
         $cloudflareApiToken = setting('caddy.cloudflare_api_token');
         $zeroSSlApiToken = setting('caddy.zerossl_api_token');
 
-        foreach ($getAllDomains as $domain) {
-            $isBroken = false;
+        // Check if wildcard is enabled
+        $useWildcard = setting('caddy.enable_wildcard_ssl', false);
+        $wildcardDomainSetting = setting('caddy.wildcard_domain');
 
+        // First pass - create regular blocks and identify wildcard subdomains
+        foreach ($getAllDomains as $domain) {
             if ($domain->status === 'broken') {
                 continue;
             }
 
             // Check if domain is valid
             if (!filter_var($domain->domain, FILTER_VALIDATE_DOMAIN)) {
-                $isBroken = true;
-            }
-
-            if ($isBroken) {
                 continue;
             }
+
             $domainLog = '/var/log/caddy/' . $domain->domain . '.log';
             shell_exec("chown caddy:caddy '/var/log/caddy/");
             shell_exec("chmod -R 777 /var/log/caddy/");
 
-
             shell_exec("sudo setfacl -R -m u:caddy:rx " . $domain->document_root);
             shell_exec("sudo setfacl -R -m u:caddy:rx " . $domain->domain_public);
             shell_exec("sudo setfacl -R -m u:caddy:rx " . $domain->home_root);
 
-
             // Set permissions for Caddy to access user directories
             shell_exec("chmod o+x {$domain->home_root}");
             shell_exec("chmod -R o+rX {$domain->document_root}");
 
-
             if (!file_exists($domainLog)) {
                 // Create log file for the domain if it doesn't exist
                 touch($domainLog);
                 shell_exec("chown caddy:caddy {$domainLog}");
                 shell_exec("chmod 777 {$domainLog}");
             }
 
+            // Check if this domain belongs under a wildcard
+            $isWildcardSubdomain = false;
+            $parentDomain = null;
+
+            if ($useWildcard && $cloudflareApiToken && !empty($wildcardDomainSetting)) {
+                if (strpos($domain->domain, '.' . $wildcardDomainSetting) !== false &&
+                    substr_count($domain->domain, '.') > substr_count($wildcardDomainSetting, '.')) {
+                    $isWildcardSubdomain = true;
+                    $parentDomain = $wildcardDomainSetting;
+
+                    // Add to wildcard group
+                    if (!isset($wildcardGroups[$parentDomain])) {
+                        $wildcardGroups[$parentDomain] = [];
+                    }
+                    $wildcardGroups[$parentDomain][] = $this->createCaddyBlock($domain, $apacheHttpPort);
+                    continue;
+                }
+            }
 
-            // Create Caddy block for SSL termination and proxy to Apache
+            // Non-wildcard domain, create regular block
             $caddyBlock = $this->createCaddyBlock($domain, $apacheHttpPort);
             if ($caddyBlock) {
                 $caddyBlocks[] = $caddyBlock;
@@ -228,6 +244,16 @@ protected function generateCaddyfile(): void
             }
         }
 
+        // Add wildcard groups to the blocks list
+        foreach ($wildcardGroups as $parentDomain => $subdomains) {
+            $caddyBlocks[] = [
+                'is_wildcard_group' => true,
+                'parent_domain' => $parentDomain,
+                'subdomains' => $subdomains,
+                'cloudflareApiToken' => $cloudflareApiToken
+            ];
+        }
+
         // Generate Caddyfile
         $caddyfile = view('caddy::caddyfile-build', [
             'caddyBlocks' => $caddyBlocks,
@@ -255,25 +281,19 @@ private function createCaddyBlock(Domain $domain, $apacheHttpPort): ?array
             return null;
         }
 
-        //gi matcth the wilcard use tls_cloudflare
-
         $useWildcard = setting('caddy.enable_wildcard_ssl', false);
         $cloudflareApiToken = setting('caddy.cloudflare_api_token');
         $wildcardDomainSettings = setting('caddy.wildcard_domain');
         $tls_cloudflare = false;
         $use_wildcard = false;
-        $wildcardDomain = null;
-        if ($useWildcard && $cloudflareApiToken && !empty($domain->domain)) {
 
+        if ($useWildcard && $cloudflareApiToken && !empty($domain->domain)) {
             if (!empty($wildcardDomainSettings) && strpos($domain->domain, $wildcardDomainSettings) !== false) {
                 $tls_cloudflare = true;
                 $use_wildcard = true;
             }
-
-
         }
 
-
         return array(
             'domain' => $domain->domain,
             'proxy_to' => "127.0.0.1:{$apacheHttpPort}",
diff --git a/web/Modules/Caddy/resources/views/caddyfile-build.blade.php b/web/Modules/Caddy/resources/views/caddyfile-build.blade.php
@@ -3,22 +3,15 @@
     admin off
 
     @if(isset($cloudflareApiToken) && $cloudflareApiToken)
-
     # Set the ACME DNS challenge provider to use Cloudflare for all sites
     acme_dns cloudflare {{ $cloudflareApiToken }}
-
-
     @endif
-    @if(isset($zeroSSlApiToken) && $zeroSSlApiToken)
 
+    @if(isset($zeroSSlApiToken) && $zeroSSlApiToken)
     cert_issuer zerossl {{ $zeroSSlApiToken }}
-
-
     @endif
 
     cert_issuer acme
-
-
     auto_https prefer_wildcard
 
     # Global options
@@ -28,42 +21,93 @@
 }
 
 @foreach($caddyBlocks as $block)
+@if(isset($block['is_wildcard_group']) && $block['is_wildcard_group'])
+# Wildcard domain configuration for *.{{ $block['parent_domain'] }}
+*.{{ $block['parent_domain'] }} {
+    tls {
+        dns cloudflare {{ $cloudflareApiToken }}
+    }
+
+@foreach($block['subdomains'] as $subdomain)
+@php
+    $hostname = $subdomain['domain'];
+    $matcherName = str_replace('.', '_', $hostname);
+@endphp
+    @matchername_{!! $matcherName !!} host {{ $hostname }}
+    handle @matchername_{!! $matcherName !!} {
+@if(setting('caddy.enable_static_files', false) && !empty($staticPaths) && isset($subdomain['document_root']))
+        root * {{ $subdomain['document_root'] }}
+
+
+        @staticfiles_{!! $matcherName !!} {
+@foreach(explode("\n", trim($staticPaths)) as $path)
+            path {{ trim($path) }}
+@endforeach
+        }
+
+        # Handle static files first
+        handle @staticfiles_{!! $matcherName !!} {
+            file_server
+        }
+        header @staticfiles_{!! $matcherName !!} {
+            Cache-Control max-age=5184000
+            ETag
+        }
+@endif
+
+        # Proxy to Apache
+        reverse_proxy {{ $subdomain['proxy_to'] }} {
+            header_up Host {host}
+            header_up X-Real-IP {remote_host}
+            header_up X-Forwarded-Proto {scheme}
+        }
+
+        # Enable compression
+        encode zstd gzip
+
+        # Security headers
+        header {
+            -Server
+            -X-Powered-By
+        }
+
+
+    }
+@endforeach
+
+    # Fallback for otherwise unhandled domains
+    handle {
+        respond "Subdomain not configured" 404
+    }
+}
+@else
 # {{ $block['domain'] }} configuration
 {{ $block['domain'] }} {
-
-    @if(setting('caddy.enable_static_files', false) && !empty($staticPaths) and isset($block['document_root']))
+@if(setting('caddy.enable_static_files', false) && !empty($staticPaths) && isset($block['document_root']))
     # Static file paths for domain
     root * {{ $block['document_root'] ?? '/var/www/html' }}
 
-    @static_files {
-        @foreach(explode("\n", trim($staticPaths)) as $path)
+    @staticfiles {
+@foreach(explode("\n", trim($staticPaths)) as $path)
         path {{ trim($path) }}
-        @endforeach
+@endforeach
     }
 
     # Handle static files first
-    handle @static_files {
+    handle @staticfiles {
         file_server
     }
-    header @static_files {
+    header @staticfiles {
         Cache-Control max-age=5184000
         ETag
     }
+@endif
 
-
-    @endif
-
-
-
-    @if(isset($block['use_wildcard']) && $block['use_wildcard'] && isset($block['tls_cloudflare']) && $block['tls_cloudflare'] && isset($block['cloudflareApiToken']) && $block['cloudflareApiToken'])
-
+@if(isset($block['use_wildcard']) && $block['use_wildcard'] && isset($block['tls_cloudflare']) && $block['tls_cloudflare'])
     tls {
-        dns cloudflare {
-            api_token {{ $cloudflareApiToken }}
-        }
+        dns cloudflare
     }
-
-    @endif
+@endif
 
     # Proxy remaining requests to Apache
     handle {
@@ -102,6 +146,7 @@
     redir https://{{ $block['domain'] }}{uri} permanent
 }
 @endif
+@endif
 @endforeach
 
 # Catch-all for undefined domains
