Added custom systemd service file for Caddy

Added markdown guide for installing Nextcloud Snap behind Caddy
Added config file for locking sshd down to only allow key-based authentication
2025-07-04 20:58:28 -04:00 · 2025-07-04 20:54:08 -04:00 · 2025-07-04 20:50:17 -04:00
3 changed files with 112 additions and 0 deletions
--- a/caddy-webserver.service
+++ b/caddy-webserver.service
@@ -0,0 +1,24 @@
 [Unit]
 Description=Caddy webserver
 After=network-online.target
 Wants=network-online.target
 [Service]
 Type=forking
 User=caddy
 Group=caddy
 ExecStartPre=/usr/bin/caddy validate --config /srv/www/Caddyfile
 ExecStart=/usr/bin/caddy start --config /srv/www/Caddyfile
 ExecReload=/usr/bin/caddy reload --config /srv/www/Caddyfile
 ExecStop=/usr/bin/caddy stop
 TimeoutStopSec=5s
 LimitNOFILE=1048576
 LimitNPROC=512
 PrivateTmp=true
 ProtectHome=full
 ProtectSystem=full
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 #RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
--- a/nextcloud-snap-caddy-setup.md
+++ b/nextcloud-snap-caddy-setup.md
@@ -0,0 +1,85 @@
 1. Install snapd & a web server (caddy in this guide)
 ```
 sudo apt update && sudo apt install --yes snapd caddy
 ```
 2. Start snapd systemd unit
 ```
 sudo systemctl start snapd
 ```
 3. Install Nextcloud snap
 ```
 sudo snap install nextcloud
 ```
 4. Initialize Nextcloud snap and create admin account
 ```
 sudo /snap/bin/nextcloud.manual-install USER PASSWORD
 ```
 5. Set trusted domains in Nextcloud
 ```
 sudo /snap/bin/nextcloud.occ config:system:set trusted_domains NUMBER --value=DOMAIN
 ```
 6. Set Nextcloud HTTP & HTTPS ports to 8080 & 4443
 ```
 sudo snap set nextcloud ports.http=8080
 ```
 ```
 sudo snap set nextcloud ports.https=4443
 ```
 7. Create (or add to) a Caddyfile to reverse proxy to Nextcloud
 ```
 nano /path/to/Caddyfile
 ```
 ```
 DOMAIN {
 reverse_proxy   localhost:8080
 rewrite /.well-known/carddav    /remote.php/dav
 rewrite /.well-known/caldav     /remote.php/dav
 rewrite /.well-known/webfinger  /public.php?service=webfinger
 }
 ```
 8. Stop Caddy systemd service & change Caddyfile path
 ```
 sudo systemctl stop caddy
 ```
 ```
 cat /usr/lib/systemd/system/caddy,service | \
 sed "s|/etc/caddy/Caddyfile|/path/to/Caddyfile|g" | \
 sudo tee /usr/lib/systemd/system/caddy.service &> /dev/null
 ```
 9. Reload systemd daemon and restart Caddy
 ```
 sudo systemctl daemon-reload
 ```
 ```
 sudo systemctl start caddy
 ```
--- a/sshd_lockdown.conf
+++ b/sshd_lockdown.conf
@@ -0,0 +1,3 @@
 PermitRootLogin no
 PasswordAuthentication no
 PermitEmptyPasswords no
Author	SHA1	Message	Date
Jean (east-high-Nerd)	9510d10139	Added custom systemd service file for Caddy	2025-07-04 20:58:28 -04:00
Jean (east-high-Nerd)	da387f0f2b	Added markdown guide for installing Nextcloud Snap behind Caddy	2025-07-04 20:54:08 -04:00
Jean (east-high-Nerd)	2ee73798a0	Added config file for locking sshd down to only allow key-based authentication	2025-07-04 20:50:17 -04:00