nix/Caddyfile.example at main · malpercio.dev/atbb

malpercio.dev / atbb

fork atom

WIP! A BB-style forum, on the ATmosphere! We're still working... we'll be back soon when we have something to show off!

node typescript hono htmx atproto

fork atom

atbb / nix / Caddyfile.example

at main 82 lines 3.2 kB view raw

wrap content

Malpercio feat(nix): add NixOS flake for production deployment (#50) 1 week ago

7730ec8e

 1# atBB — Example Caddyfile for NixOS deployments
 2#
 3# Use this if you prefer Caddy over the built-in nginx reverse proxy.
 4#
 5# In your NixOS configuration, set:
 6#
 7#   services.atbb.enableNginx = false;
 8#
 9# Then configure Caddy to take over the routing, either via a raw Caddyfile:
10#
11#   services.caddy.configFile = ./Caddyfile;
12#
13# Or inline using the virtualHosts option (see the NixOS snippet below).
14#
15# Caddy will automatically obtain and renew a Let's Encrypt TLS certificate
16# for your domain — no ACME configuration needed beyond a valid DNS record
17# pointing to the server.
18
19# ── Routing overview ──────────────────────────────────────────────────────────
20#
21#   /.well-known/*  →  appview (default port 3000)
22#   /api/*          →  appview (default port 3000)
23#   /*              →  web UI  (default port 3001)
24#
25# IMPORTANT: /.well-known/ MUST be routed to appview, not the web UI.
26# The AT Protocol OAuth flow fetches {client_id}/.well-known/oauth-client-metadata
27# from your forum's domain to validate the OAuth client. If this request reaches
28# the web UI instead of appview, login will silently fail.
29#
30# ─────────────────────────────────────────────────────────────────────────────
31
32forum.example.com {
33
34    # AT Protocol well-known endpoints → appview
35    # Handles OAuth client metadata and any future AT Proto service discovery
36    handle /.well-known/* {
37        reverse_proxy localhost:3000
38    }
39
40    # REST API → appview
41    handle /api/* {
42        reverse_proxy localhost:3000
43    }
44
45    # Web UI — catch-all (must come last)
46    handle {
47        reverse_proxy localhost:3001
48    }
49
50}
51
52# ── NixOS integration snippet ─────────────────────────────────────────────────
53#
54# Equivalent configuration using services.caddy.virtualHosts in NixOS:
55#
56#   services.atbb = {
57#     enable     = true;
58#     domain     = "forum.example.com";
59#     enableNginx = false;   # disable the built-in nginx virtualHost
60#     # ... other options
61#   };
62#
63#   services.caddy = {
64#     enable = true;
65#     virtualHosts."forum.example.com".extraConfig = ''
66#       handle /.well-known/* {
67#         reverse_proxy localhost:${toString config.services.atbb.appviewPort}
68#       }
69#
70#       handle /api/* {
71#         reverse_proxy localhost:${toString config.services.atbb.appviewPort}
72#       }
73#
74#       handle {
75#         reverse_proxy localhost:${toString config.services.atbb.webPort}
76#       }
77#     '';
78#   };
79#
80# Caddy automatically provisions and renews a Let's Encrypt certificate for
81# the virtualHost — no security.acme configuration required.
82# ─────────────────────────────────────────────────────────────────────────────