Hosting: HTTPS Server

Pre-requisites

Domain Name is registered.
- Instructions assume "Cloudflare" as the registrar (Domains: Registration )
Server is provisioned with SSH access (Hosting: Hetzner Server )
- Copy the server public IPv6 address (ending in ::1)

Configure Cloudflare DNS for your domain

Configure DNS to Proxy HTTP/S

Log in to Cloudflare (https://dash.cloudflare.com/login)
Click Domains, select the domain (domain.xyz)
Navigate to DNS > Records
Delete A records (no IPv4), Type DELETE to confirm and click Delete
Click Add record
- Type: AAAA
- Name: @
- Target: Server public IP address
- Type a comment: top-level IPv6
- Click Save
Click + Add record
- Type CNAME, Name www, Target @
- Type a comment: www direct to top-level
Test by navigating your web browser to your domain (domain.xyz). The expected error message:

You: Browser Working; domain.gd Host Error

Configure SSL and DNS

Set the SSL mode

In Cloudflare click SSL/TLS, Overview
Click Configure
Under Custom SSL/TLS select Full (Strict) and click Save.

Create an API token for DNS updates

Navigate to Manage account > Account API tokens
Click Create token
Change "Custom" template to "Edit zone DNS"
Click on the policy and change "All Domains" to "Specified Domains" and select your domain
Under "Client IP address filtering" add the Server public IPv6 address and press Enter
Enter a token name such as "domain.gd DNS"
Click Review token
Click Create token
Copy the Account ID and Your API token to a secure file
Click Confirm

Turn off Cloudflare Analytics

In Cloudflare go to Analytics, Web Analytics

If it's not enabled, you are done. Otherwise, click Manage Site under the domain.

Select Disabled and click Update.

Return to the Domain Overview. Go to Caching , Configuration .

Click Purge Everything and again to confirm.

Installing Caddy web server

Install the Caddy repository and package

Connect SSH to your server and log in as username.

Install the debian keyring and nss3-util packages:

sudo apt install -y debian-keyring debian-archive-keyring libnss3-tools

Download the Caddy gpg key:
sudo wget -qO- 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' |
sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

Define the Caddy repository:

sudo vi /etc/apt/sources.list.d/caddy.sources

Types: deb

URIs: https://dl.cloudsmith.io/public/caddy/stable/deb/debian

Suites: any-version

Components: main

Signed-By: /usr/share/keyrings/caddy-stable-archive-keyring.gpg

Check for updates:

sudo apt update
apt list --upgradable

Apply any updates:

sudo apt upgrade -y

Install caddy, and then install the Cloudflare package from Github; caddy-dns automates SSL/TLS certificates, saving you a lot of trouble.

sudo apt install caddy

sudo caddy add-package github.com/caddy-dns/cloudflare

Create the folder for serving webpages

sudo mkdir /srv/www

sudo chown caddy:caddy /srv/www

Edit the Caddyfile, replacing it completely with a custom configuration

vi /etc/caddy/Caddyfile

domain.xyz {

root * /srv/www

file_server

# Cloudflare SSL automation

tls {

dns cloudflare YOUR_CLOUDFLARE_API_TOKEN_HERE

}

# Strict isolation headers

header {

Cross-Origin-Opener-Policy "same-origin"

Cross-Origin-Embedder-Policy "require-corp"

}

Add your user to "caddy" group [TODO: ask if there are any security problems! But it seems like the best method, if your user requires an SSH key to login]

sudo usermod -aG caddy username
sudo chmod ug+w /srv/www

Add a totally blank HTML file:

touch /srv/www/index.html

Restart Caddy to apply the changes:

sudo systemctl restart caddy

Review the caddy system logs, looking for errors:

sudo journalctl -u caddy

Open a web browser to domain.xyz ; instead of an error, you should see a completely blank page.

A command you can use to query Caddy on the local IPv6 address, without a browser:
curl -k --resolve domain.xyz:443:[::1] https://domain.xyz

Page updated

Google Sites

Report abuse