I found that I cannot access the administration interface from _utils. Attempting to navigate to, for instance, example.com/e=_/_utils, would result in the URI being stripped to just example.com/_utils, and being given an "Access denied", meaning it was being caught by the Caddy path handler for all non e=_ access.

I was eventually able to figure out that simply adding an additional / to the URI, such as example.com/e=_/_utils/, would give me access, but I'd be interested to know if this is replicable, and if so, perhaps the documentation should be updated to mention it.

Of note, I am using a native Caddy server, with the headers from the example docker-compose translated into a Caddyfile configuration, as mentioned in #8.

With this header set, I get CORS violations. Remove that line and all is fine.

Hi. What could be the equivalent of the instructions in the docker-compose.yml file to include in my Caddyfile?

¿From docker-compose.yml:

            caddy.handle_path: /*
            caddy.handle_path.0_respond: "\"\" 403"
            caddy.handle_path.0_header.-Server: ""
            caddy.handle_path_1: /e=_/* 
            caddy.handle_path_1.0_reverse_proxy: "{{upstreams 5984}}"

To Caddyfile?:

domain {
        handle_path /* {
                header {
                        -server
                }
                respond 403
        }
        handle_path /e=_/* {
                reverse_proxy IP:5984
        }
}

Thanks

I tried to set it up but there seems to be something wrong with my setup. I am not sure what are the steps to reproduce.

caddy          | {"level":"warn","ts":1665956012.1612883,"logger":"http.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
caddy          | {"level":"error","ts":1665956012.1613786,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"%%MY_DOMAIN%%","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [] with server: provisioning client: performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
caddy          | {"level":"warn","ts":1665956012.1617622,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
caddy          | {"level":"error","ts":1665956042.1630282,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"%%MY_DOMAIN%%","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": dial tcp 52.20.126.123:443: i/o timeout"}
caddy          | {"level":"error","ts":1665956042.163131,"logger":"tls.obtain","msg":"will retry","error":"[%%MY_DOMAIN%%] Obtain: account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": dial tcp 52.20.126.123:443: i/o timeout","attempt":3,"retrying_in":120,"elapsed":541.517983873,"max_duration":2592000}

It is running on a fresh installation of ubuntu 22.04.
I tired to find what is causing it. If I run sudo nc -l 0.0.0.0 80 on the machine and try to access it trough my domain it connects. Same for port 443.
While nc is active when I run nmap -P0 my_domain it shows

PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  closed https

When the up script is active no ports are seen (again ran with the domain not ip).
If I try to run nmap with the local ip(from a machine on the same network) the ports are shown but the state is "filtered"
Does anybody have an idea what is happening? Can't think of anything.

运行 docker-compose -f docker-compose.yml up 报错

Are there any recommendations how to detect and block malicious access to the self hosted instance?

Is anybody using fail2ban or other method and would like to share the setup ? :-)

Where do i set environmental variables?

seems that caddy needs port 80 and 443 and that conflicts with nginx. Is it possible to host the couchdb server and a nginx based website on the same server?