add caddy as http option to support h2c for redirect/dep updates/some fixes

Update zoeyvid/nginx-quic Docker tag to v113
Signed-off-by: Zoey <zoey@z0ey.de>

.github/workflows/caddy-fmt.yml

@@ -0,0 +1,29 @@
+name: caddy-fmt
+on:
+  push:
+    branches:
+      - develop
+    paths:
+      - .github/workflows/caddy-fmt.yml
+      - Caddy.Dockerfile
+      - Caddyfile
+  workflow_dispatch:
+jobs:
+  caddy-fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Read version
+        id: version
+        run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:||g")" >> $GITHUB_OUTPUT
+      - name: caddy-fmt
+        run: |
+          docker run --rm -v ${{ github.workspace }}/Caddyfile:/etc/caddy/Caddyfile caddy:${{ steps.version.outputs.version }} caddy fmt --overwrite /etc/caddy/Caddyfile
+      - name: push changes
+        run: |
+          git add -A
+          git config user.name "GitHub"
+          git config user.email "noreply@github.com"
+          git diff-index --quiet HEAD || git commit -sm "caddy-fmt"
+          git push

.github/workflows/caddy.yml

@@ -0,0 +1,50 @@
+name: Build Caddy Image
+on:
+  push:
+    branches:
+      - develop
+    paths:
+      - .github/workflows/caddy.yml
+      - Caddy.Dockerfile
+      - Caddyfile
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: arm64 #all
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1
+      - name: Login to DockerHub
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Convert Username
+        id: un
+        run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ steps.un.outputs.un }}
+          password: ${{ github.token }}
+      - name: Build
+        uses: docker/build-push-action@v4
+        if: ${{ github.event_name != 'pull_request' }}
+        with:
+          context: .
+          file: ./Caddy.Dockerfile
+          platforms: linux/amd64,linux/arm64 #,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4 #,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: |
+            ${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:caddy
+            ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:caddy

.github/workflows/docker.yml

@@ -1,9 +1,5 @@
 name: Build Docker Image
 on:
-  workflow_run:
-    workflows: ["Build frontend"]
-    types:
-      - completed
   push:
     branches:
       - develop

Caddy.Dockerfile

@@ -0,0 +1,3 @@
+FROM caddy:2.6.4-alpine
+RUN apk add --no-cache ca-certificates tzdata
+COPY Caddyfile /etc/caddy/Caddyfile

Caddyfile

@@ -0,0 +1,8 @@
+{
+	servers :80 {
+		protocols h1 h2c
+	}
+}
+http://:80 {
+	redir https://{host}{uri}
+}

Dockerfile

@@ -35,7 +35,7 @@ RUN apk add --no-cache build-base libffi-dev && \
     . /usr/local/certbot/bin/activate && \
     pip install --no-cache-dir certbot
 
-FROM zoeyvid/nginx-quic:112
+FROM zoeyvid/nginx-quic:113
 RUN apk add --no-cache ca-certificates tzdata \
     nodejs-current \
     openssl apache2-utils \

compose.override.yaml

@@ -0,0 +1,15 @@
+version: "3"
+services:
+  caddy:
+    container_name: nginx-proxy-manager-caddy
+    image: zoeyvid/nginx-proxy-manager:caddy
+    restart: always
+    network_mode: bridge
+    ports:
+      - "80:80"
+    environment:
+      - "TZ=Europe/Berlin"
+
+    nginx-proxy-manager:
+        environment:
+        - "DISABLE_HTTP=true" # disables nginx to listen on port 80, default false

rootfs/bin/healthcheck.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 export HC_IP="localhost"
+export NPM_PORT="${NPM_PORT:-81}"
 
 if [ "$NPM_LISTEN_LOCALHOST" = "true" ]; then
     export NPM_IPV4_BINDING="127.0.0.1"
@@ -13,7 +14,7 @@ elif [ -n "$NPM_IPV4_BINDING" ]; then
     export HC_IP="$NPM_IPV4_BINDING"
 fi
 
-if (if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /dev/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /dev/php82.sock > /dev/null 2>&1; fi && [ "$(curl -sk https://"$HC_IP":81/api/ | jq --raw-output .status)" = "OK" ]); then
+if (if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /dev/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /dev/php82.sock > /dev/null 2>&1; fi && [ "$(curl -sk https://"$HC_IP":"$NPM_PORT"/api/ | jq --raw-output .status)" = "OK" ]); then
 	echo "OK"
 	exit 0
 else

rootfs/bin/start.sh

@@ -408,6 +408,15 @@ else
     fi
 fi
 
+if [ "$NPM_CERT" = "/data/tls/dummycert.pem" ] || [ "$NPM_KEY" = "/data/tls/dummykey.pem" ]; then
+    if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
+        openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem
+    fi
+else
+    rm -vrf /data/tls/dummycert.pem \
+            /data/tls/dummykey.pem
+fi
+
 ns="$(tr "[:upper:]" "[:lower:]" < /etc/resolv.conf | grep -P "^nameserver ((?:[0-9.]+)|(?:[0-9a-f:]+))$" | awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' | sed "s| *$||")"
 export ns
 if [ "$DISABLE_IPV6" = "true" ]; then
@@ -509,15 +518,6 @@ if [ "$NGINX_LOG_NOT_FOUND" = "true" ]; then
     sed -i "s|log_not_found off;|log_not_found on;|g" /usr/local/nginx/conf/nginx.conf
 fi
 
-if [ -z "$NPM_CERT_ID" ]; then
-    if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
-        openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem
-    fi
-else
-    rm -vrf /data/tls/dummycert.pem \
-            /data/tls/dummykey.pem
-fi
-
 if [ ! -f /data/nginx/default.conf ]; then
     mv -vn /usr/local/nginx/conf/conf.d/include/default.conf /data/nginx/default.conf
 fi