Skip to content

Dev Tier: Enable wildcard certificates in Caddy#2740

Merged
emmiegit merged 33 commits intodevelopfrom
wikijump-dev
Mar 9, 2026
Merged

Dev Tier: Enable wildcard certificates in Caddy#2740
emmiegit merged 33 commits intodevelopfrom
wikijump-dev

Conversation

@emmiegit
Copy link
Member

@emmiegit emmiegit commented Mar 8, 2026

This brings us closer to having our new dev (and prod) tiers by fixing some issues with Caddy as our front reverse proxy.

This PR is primarily concerned with enabling wildcard certificates, which requires a DNS-based ACME challenge. So there is a new option which allows passing in credential information to permit this type of challenge. If it's disabled, then the Caddyfile works to ensure there are no *.domain.tld patterns that Caddy would try to request wildcard certificates for. For wjfiles this means requesting each known subdomain separately, and for unknown domains means using only HTTP. (This would be for the "this site does not exist" error message - we'd like that to be HTTPS but it's much less crucial).

I also switched CaddyService to use askama (jinja2) templates since making some of these changes using simple string buffer manipulation was getting annoying. I spent too long trying to get the newline spacing perfect but it's just not worth it, so there are a few spots where there are two newlines instead of one for some cases.

emmiegit added 30 commits March 7, 2026 12:38
@emmiegit
Install amazon-ecr-credential-helper inside periphery.
bc06f9b 
See moghtech/komodo#378
@emmiegit
Upgrade to docker-compose v2.
bac4e6b
@emmiegit
Add AWS credentials for Periphery if using ECR.
9878918
@emmiegit
Update instructions for ecr-login.
a8a9bc8 
It works!
@emmiegit
Narrow volume scope for for Periphery.
c39358b
@emmiegit
Add DNS and DNS challenge-related names to site filter.
023402d
@emmiegit
Add rust docs for each field in CaddyfileOptions.
d7f1f8f
@emmiegit
Add new wildcart_cert option to CaddyfileOptions.
8e74cca
@emmiegit
Add trailing comma.
c633665
@emmiegit
Add DigitalOcean provider to caddy dev/prod Dockerfiles.
234c2c7
@emmiegit
Add missing_domain_scheme.
ed8a7d0
@emmiegit
Add tls dns option to server options.
5bab23e
@emmiegit
Address unused binding warning.
5e84100
@emmiegit
Partially implement wildcard_cert logic.
4f57446
@emmiegit
Rename Caddyfile method.
546a23a
@emmiegit
Adjust port types in structs.
bda17bb
@emmiegit
Add askama to dependencies.
1ac3e0a
@emmiegit
Clarify cloud host in dev doc.
fc6a332
@emmiegit
Add in-progress Caddyfile jinja2 template.
f0dce2b
@emmiegit
Finish Caddyfile jinja2 template.
b9b3850
@emmiegit
Move hard tab notice to jinja2 template file.
4cc793e
@emmiegit
Remove old Caddyfile templating system.
217b585
@emmiegit
Remove unused field.
a3d0ae2
@emmiegit
Fix caddy unit test failure output.
7537aa7
@emmiegit
Fix template bugs.
510c1ec
@emmiegit
Use wildcard rules for local too.
81b2e9a 
Since those certificates are fake, we don't need to worry about
splitting rules to be per-domain like when we cannot do the DMS ACME
challenge.
@emmiegit
Add should_use_wildcard context variable.
aa1a1b8 
This way the if condition makes more sense and we don't need to repeat
the condition expression multiple times.
@emmiegit
Update test outputs.
f6aa242
@emmiegit
Update Caddyfile template formatting.
50f9219
@emmiegit
Write final newline when updating test files.
8ccf2f0
@emmiegit emmiegit requested a review from Zokhoi March 8, 2026 19:54
@emmiegit emmiegit self-assigned this Mar 8, 2026
@codecov
Copy link

codecov bot commented Mar 8, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 73.07692% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 2.12%. Comparing base (8475d28) to head (62556fc).
⚠️ Report is 34 commits behind head on develop.

Files with missing lines Patch % Lines
deepwell/src/services/caddy/service.rs 76.00% 6 Missing ⚠️
deepwell/src/services/caddy/test.rs 0.00% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           develop   #2740      +/-   ##
==========================================
- Coverage     2.27%   2.12%   -0.16%     
==========================================
  Files          170     170              
  Lines        10378   10367      -11     
==========================================
- Hits           236     220      -16     
- Misses       10142   10147       +5
Files with missing lines Coverage Δ
deepwell/src/services/caddy/test.rs 92.30% <0.00%> (-1.81%) ⬇️
deepwell/src/services/caddy/service.rs 37.09% <76.00%> (-12.91%) ⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@emmiegit emmiegit changed the title Dev tier updates: wildcard certificates in Caddy Dev Tier: Enable wildcard certificates in Caddy Mar 8, 2026
@emmiegit emmiegit merged commit 2a3c1f1 into develop Mar 9, 2026
11 checks passed
@emmiegit emmiegit deleted the wikijump-dev branch March 9, 2026 02:06
@emmiegit emmiegit mentioned this pull request Mar 9, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Zokhoi Zokhoi Zokhoi approved these changes

Assignees

@emmiegit emmiegit

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@emmiegit @Zokhoi