1. Install Caddy
caddyserver.com/docs/install#debian-ubuntu-raspbian
2. Configure and format Caddy conf
echo "mail.domain.com, autodiscover.domain.com { reverse_proxy :17017 }" >/etc/caddy/Caddyfile
caddy fmt --overwrite /etc/caddy/Caddyfile3. Disable Kestrel
systemctl stop smartermail && rm /opt/smartermail/run-webserver.txt && systemctl start smartermail
4. Restart Caddy
systemctl restart caddy
5. Use Caddy obtained cert in SmarterMail
crt=`find /var/lib/caddy/.local/share/caddy/certificates -type f -name "mail.domain.com.crt"`
key=`find /var/lib/caddy/.local/share/caddy/certificates -type f -name "mail.domain.com.key"`
openssl pkcs12 -export -out /var/lib/smartermail/Certificates/mail.domain.com.pfx -inkey $key -in $crt -passout pass:PASSWORD
Bonus info:
- to use RSA cert instead EC (Caddy default), add to Caddyfile global option block
key_type rsa4096
- to use HSTS add to Caddyfile site block
header / Strict-Transport-Security "max-age=31536000"
- to block Documentation and About, add to Caddyfile site block
@blocked path /Documentation /About
rewrite @blocked /
- direct Caddy access log to file, add to Caddyfile site block
log { output file /var/log/caddy/access.log }* after changing Caddyfile, use fmt subcommand to format it properly
caddy fmt --overwrite /etc/caddy/Caddyfile
+ view more human readable access.log
apt install jq
cat >> ~/.bashrc << "EOT"
weblog() {
jq -j '.ts |= strflocaltime("%Y-%m-%dT%H:%M:%S") | .ts, " ", .request.host, " ", .status," ", .request.client_ip," ", .request.method, " ", .request.uri,"\n"'
}
EOT
source ~/.bashrc
tail -f /var/log/caddy/access.log |weblog
cat /var/log/caddy/access.log |weblog