Services:Best Practices

Best practices when adding hostnames to the Caddy reverse proxy.

• Validate the Caddyfile before reload: caddy validate --config /etc/caddy/Caddyfile

• Use clear subdomain names and document them in Services:Current Services

• Back up /etc/caddy/Caddyfile before changes

• Check journalctl -u caddy after adding a site

• Use HTTPS for all public services (Caddy handles certificates automatically)

• Test VPS backends with curl on 127.0.0.1 before testing the public URL

• [ ] DNS A record points to 87.106.61.62

• [ ] Backend running and reachable from VPS (127.0.0.1 or 10.8.0.2 via VPN)

• [ ] Site block added to /etc/caddy/Caddyfile

• [ ] caddy validate succeeds

• [ ] systemctl reload caddy completed

• [ ] curl -I https://newservice.jb-vpn.uk succeeds

• [ ] Browser test with valid certificate

• [ ] Entry added to Services:Current Services

• Prefer VPN-backed NAS services over exposing the NAS to the internet

• Restrict sensitive admin UIs where possible (e.g. phpMyAdmin basic auth in Caddyfile)

• Keep OpenVPN and VPS packages updated

• [Step By Step Step-by-Step Process]

• [Prerequisites Prerequisites]