I realize my home lab is a non critical learning device, but surprised to see #plex, #caddy x 2, #cloudflared, #minecraft running on less than 0.22% of CPU on #AMD Ryzen 7 5800H

I'll probably move from #Apache to #caddy for my Server. I'm using Apache mostly as a reverse proxy anyway, and the few HTML and PHP pages I can just move into containers too.

The built-in TLS handling might be easier for letsencrypt and I could stop using a custom DNS authentication.

I guess I'll give it a go next time I wake up at 4am.

Gemini realizing my nerd factor suggested the following text on my index.html : "This website is running on a #caddy server inside a #proxmox lxc ... Served securely through a #cloudflare tunnel." I found it silly, but used it.

Another short blog post on blocking #AI #LLM #Bots that slow down a website. Using #NGINX, but easily adaptable to #ApacheWebServer #Caddy etc

https://www.infosecworrier.dk/blog/2025/07/botblocker/

Switched this server to my new #Hetzner Object Storage backend. Also switched from #NGINX as reverse proxy to #Caddy.

Hello, I’m hosting a #Vaultwarden server behind #Caddy 2.10 and made the following test:

Tuning Caddy to allow only #PQC curves:

	tls {
		curves x25519mlkem768
	}

Trying to connect with #Firefox Mac -> OK
Trying to connect with #Bitwarden #android client -> Fail

Without the #TLS tuning, the Bitwarden Android client will happily connect to the server.

Is it a problem with the Bitwarden Android client or with Android, or both?

Alright, managed to make #Anubis + #Caddy + #Podman #Quadlets work.

I was having some issues, but those were caused by broken DNS resolution between containers because my VPS was still, somehow, using long deprecated CNI instead of Netavark.

This week I learned to deploy #Crowdsec in my #homelab:

- CrowdSec LAPI on an LXC in my private VLAN
- Caddy-bouncer to protect my public servives
- CrowdSec-firewall-bouncer-iptables on my 2 #Proxmox nodes
- CrowdSec agent for all my public VMs and important VMs/LXCs

Of course, I created an #Ansible role to deploy the agent on my multiple hosts/VMs/LXCs using a certificate and a custom port, 8080 is a busy port :-)

Yes, it’s overkill :-)
#infosec #selfhosting #cybersecurity #caddy

I'm in the process of porting over all OpenBSD related mini-sites to #httpd running on my TinyKVM VPS.

All other web projects will be migrated to Alpine #Linux, served through #Caddy on my other VPS.

It seems like today, #Caddy automatically stopped automatically renewing #SSL certificates.

Yes, you read that correctly. I will now scream into the void.

If I don't want to use #Ansible and I'll only use #Terraform if I'm being paid to, what are my other options if I want to say, deploy #Caddy plus some kind of Fedi server and have it repeatable?

It looks like Jet was an alternative but the creator ran out of steam.

#AskFedi

[I realise I am basically asking for #Docker but I would like to try something else]

Having a home server is so much fun. Can't scan because the scanning software doesn't run on #Linux? No problem, just set up the scanner to upload over SFTP to your server and serve the files using #Caddy!

I love this!

weird, I don't see any reverse proxy plugins (for #caddy #nginx or #apache ) that allow you to block user agent impersonations for known rDNS / CIDR blocks.

e.g.:

blocks.conf
SomeCrawler unless CIDR 8.8.8.8/8
OtherCrawler unless rDNS crawler.*.duckduckgo.com

Blog post about how FrankenPHP is now officially supported by the PHP Foundation les-tilleuls.coop/en/blog/fran... #PHP #FrankenPHP #Symfony #Drupal #Laravel #Wordpress #Caddy

RE: https://bsky.app/profile/did:plc:k3jkidzfkcdpsoxbisvuxz4f/post/3lpbmpak3pk2z