feat: add recommended Caddyfile and update usage guide for production configuration
This commit is contained in:
S
@@ -51,7 +51,23 @@ If local `caddy` is installed:
|
||||
./validate_caddy.sh --config=./output/Caddyfile.generated
|
||||
```
|
||||
|
||||
## 4) Canary migration (recommended)
|
||||
## 4) Use the recommended baseline
|
||||
|
||||
This toolkit now includes a hardened baseline at:
|
||||
- `setup/nginx-to-caddy/Caddyfile.recommended`
|
||||
|
||||
Use it when you want a production-style config instead of a raw 1:1 conversion.
|
||||
You can either:
|
||||
1. use it directly (if hostnames/upstreams already match your environment), or
|
||||
2. copy its common snippets and service patterns into your live Caddyfile.
|
||||
|
||||
Validate it before deployment:
|
||||
|
||||
```bash
|
||||
./validate_caddy.sh --config=./Caddyfile.recommended --docker
|
||||
```
|
||||
|
||||
## 5) Canary migration (recommended)
|
||||
|
||||
Migrate one low-risk subdomain first:
|
||||
1. Copy only one site block from generated Caddyfile to your live Caddy config.
|
||||
@@ -62,7 +78,7 @@ Migrate one low-risk subdomain first:
|
||||
- API/websocket calls work
|
||||
4. Keep Nginx serving all other subdomains.
|
||||
|
||||
## 5) Full migration after canary success
|
||||
## 6) Full migration after canary success
|
||||
|
||||
When the canary is stable:
|
||||
1. Add remaining site blocks.
|
||||
@@ -70,14 +86,14 @@ When the canary is stable:
|
||||
3. Keep Nginx config snapshots for rollback.
|
||||
4. Decommission Nginx only after monitoring period.
|
||||
|
||||
## 6) Rollback plan
|
||||
## 7) Rollback plan
|
||||
|
||||
If a site fails after cutover:
|
||||
1. Repoint affected DNS entry back to Nginx endpoint.
|
||||
2. Restore previous Nginx server block.
|
||||
3. Investigate conversion warnings for that block.
|
||||
|
||||
## 7) Domain/TLS note for your current setup
|
||||
## 8) Domain/TLS note for your current setup
|
||||
|
||||
You confirmed the domain is `privacyindesign.com`.
|
||||
|
||||
@@ -86,7 +102,7 @@ If you use `TLS_MODE=cloudflare` with Caddy, ensure:
|
||||
- Cloudflare token has DNS edit on the same zone.
|
||||
- DNS records point to the Caddy ingress path you intend (direct or via edge proxy).
|
||||
|
||||
## 8) Suggested next step for Phase 8
|
||||
## 9) Suggested next step for Phase 8
|
||||
|
||||
Given your current repo config:
|
||||
- keep Phase 8 Caddy focused on `source.privacyindesign.com`
|
||||
|
||||
Reference in New Issue
Block a user