OPNsense Forum

Plugin was merged into OPNsense Plugins, I won't post in this thread anymore.
https://github.com/opnsense/plugins/pull/3840

Latest plugin version is: v1.5.1_1
(built on 06.02.2024)
Changelog (https://github.com/Monviech/os-caddy-plugin/pulls?q=is%3Apr+is%3Aclosed)

- 1.5.1_1

Little warning: A lot of things changed, if you have problems, remove the plugin and reinstall it. Also you might need to restart your firewall. Maybe.

- More DNS Providers added: netlify, namesilo, njalla, vercel, googleclouddns, alidns, powerdns, tencentcloud, dinahosting, metaname, hexonet, ddnss, linode, mailinabox, ovh, namecheap, azure, openstack-designate.
- More input fields and better documentation added for the DNS Provider API Keys.
- Changed rc.d script to standard freebsd poudriere one packaged with the caddy-custom binary, included setup.sh script to rc.conf.d/caddy.
- Updated dependancy to caddy-custom instead of caddy.
- Removed +POST_DEINSTALL.post and +POST_INSTALL.post.
- Turned syslog-ng configuration from template to static file.
- A few typos in the general.volt and reverse_proxy.volt corrected.
- The RealInterfaceField custom Fieldtype was removed and replaced with an OPNsense integrated template function to read the interface name.
- Enable $internalModelUseSafeDelete in ReverseProxyController.php - Items can only be deleted when they are not referenced by other items, making deleting in the GUI safer since there can't be any orphaned configuration left behind.
- Migration script M1_1_3 from "Description" to "description" added. Lower case description is needed to be in line with some OPNsense integrated functions.

Big thank you for all the reviewers on github: @franco, @kulikov-a, @mimugmail

- 1.5.0 Omit vultr from DNS-Providers by @Monviech in #103, General view cleanup by @Monviech in #106, Add ACME-DNS Provider for custom ACME Server support by @Monviech in #107, Hint pressing apply by @Monviech in #108, Create ACL by @Monviech in #109, Code consistency by @Monviech in #110, Built os-caddy-1.5.0.pkg by @Monviech in #111

- 1.4.5 New validate api action + Validation model fix by @Monviech, Add configuration option to log HTTP access to plain JSON files by @pmhausen, Add backend path prepend feature to handler configuration by @pmhausen

- 1.4.4 Route53 DNS Provider added + Dark Mode GUI fix + New caddy binary built that includes more DNS Provider modules as preparation + os-caddy was built with 24.1.1 dev system and tested on new OPNsense release.

- 1.4.2 Added Basic Auth as additional access restriction, made views cleaner, fixed template for new DNS Providers (desec) and added Porkbun for GUI configuration, cleaned up some code and fixed some typos.

- 1.4.0 DynDNS (Dynamic DNS) Feature added, Logging refactored to Syslog-ng to integrate completely into the OPNsense, HTTP Access Logs can be enabled.
Supported DNS Providers:
cloudflare, duckdns, digitalocean, dnspod, hetzner, godaddy, gandi, vultr, ionos, desec, porkbun

- 1.3.4 Added support for "tls_server_name" and "abort" (Reject Unmatched Connections). Fixed a bug in the template with DNS Challenge, DNS-01 checkbox didn't work.

- 1.3.3 Small template bug fixed. Wildcard handles are always placed after their subdomain handles.

- 1.3.2 Small template improvement. Empty Handles are always placed last automatically.

- 1.3.1 Access list support to restrict which IP address can connect to a domain. This is useful for restricting access to local IPs only, or when a CDN and trusted proxy is used.

Latest caddy version is:
Current Built (https://github.com/Monviech/os-caddy-plugin/blob/main/usr/local/bin/README.md)
Caddy Releases (https://github.com/caddyserver/caddy/releases)

1. Link: How-To Install (https://github.com/Monviech/os-caddy-plugin#how-to-install)
2. Link: How-To Use Tutorials (https://forum.opnsense.org/index.php?topic=38714.0)

What is Caddy? Caddy (https://caddyserver.com/) is an easy to use powerful Web Server written in Go. It includes a production ready Reverse proxy that is easy to configure. It really does all the complex configurations and Let's Encrypt certificate management and just works automagically. If you have trouble configuring HA Proxy or NGINX, look at how easy you could have it with Caddy, it's literally just a few clicks. You can have a Reverse Proxy in under a minute

You might want to have a look at what already exists, first:
https://www.routerperformance.net/opnsense-repo/

You can also look at the source, its only compressed

Sure thanks, I will take a look for inspiration :)

Its open source :)

You can join IRC on work hours if you like to chat about plugin dev

I'll take on that offer once my research is complete. Thank you!

So far I'm making progress, but I am really confused about the... licensing.

caddy is under the apache2 license
opnsense under the BSD 2-Clause "simplified" License

When I include the compiled pkg of caddy and the complied pkg of a plugin in the same github folder structure, can I just include a license file in the root folder that states:


BSD 2-Clause License

[Full BSD License Text]
---
Apache 2.0 License for the Caddy binary
The binary named 'caddy' located in any directory of this project is licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

[Full Apache License Text]


And I'm good and nobody can call their laywers on me? xD

Quote from: Monviech on November 06, 2023, 07:15:03 PM
When I include the compiled pkg of caddy and the complied pkg of a plugin in the same github folder structure, can I just include a license file in the root folder that states:

IMHO you should not do that. Your plugin should contain only a reference to the Caddy package. It's in the FreeBSD repo.

I know its compiled in other repos, but if I put a dependency on caddy into the plugin manifest, and the freebsd repo (configured in the opnsense repo configuration) or the binary isn't included, the plugin won't do anything since caddy won't be installed.

It either has to be pulled from the repository I set up, or the mimugmail community repo, or it has to be added to the opnsense ports.

Because I dont control these other infrastructures and I wanted to rsa sign my work I wanted to just throw everything together in my own repository for the scope of this little project.

I'm just confused about the license because I want to create everything transparently in the open to follow the open source thought.

Yeah, so if you go to "packages" tab in the firmware you will see caddy has the correct license.

If you build a plugin (which is basically just system glue to configure caddy and not modify any of its files) you can license it however you want.


Cheers,
Franco

Thank you Franco that makes sense. Its really there with the right license, even when its self compiled, I didnt see that in the GUI.

EDIT: It's because I added the licenses": ["Apache-2.0"] to the manifest file while building the binary.

EDIT2:
I had to create the +MANIFEST exactly like this in order to get the license to show properly, and the license file to be viewable in the OPNsense GUI:


{
  "name": "caddy",
  "version": "2.7.5",
  "comment": "Caddy web server",
  "desc": "Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go",
  "www": "https://caddyserver.com",
  "maintainer": "maintainer@email",
  "arch": "freebsd.amd64",
  "origin": "www/caddy",
  "prefix": "/usr/local",
  "categories": ["www"],
  "licenselogic": "single",
  "licenses": ["APACHE20"],
  "files": {
    "/usr/local/bin/caddy": {
      "checksum": "f9eaa71690fe6ac1ce708ea1cfb6ce2a6df3d5d7ba5aa895efb9e700ffdf045a",
      "username": "root",
      "groupname": "wheel",
      "perm": "0555"
    },
    "/usr/local/share/licenses/caddy-2.7.5/APACHE20": {
      "checksum": "c07795dc0d0e17cc4b23566ddc05a508f14e8ce98bb7404963250039a2c1a811"
    },
    "/usr/local/share/licenses/caddy-2.7.5/LICENSE": {
      "checksum": "2dca659dc8846be25ab729554fe067dba90ca252314b73f6c6dbaa95bbb72d4e"
    },
    "/usr/local/share/licenses/caddy-2.7.5/catalog.mk": {
      "checksum": "dacb6125deafe8a4019f21ff0cac159626e3936870e76f9126a11e5327f39d4f"
    }
  }
}


Now it shows like this in the GUI and the license button is clickable and shows the license file:


caddy 2.7.5 39.1MiB os-caddy-plugin APACHE20 Caddy web server


I want to share some progress. After struggling for a few days I finally managed to get a front end working (in my own namespace). This front end doesn't do API calls yet, and it doesn't retrieve or write data back to the config.xml, but that will be the next part I struggle with. The api works already though, I've tested it with curl and an api key to write and retrieve data from it.

So far theres a "/ui/caddy/general", a "/ui/caddy/reverse_proxy" and a "/ui/caddy/reverse_proxy_form" view. When pressing the "+" button in "/ui/caddy/reverse_proxy" the reverse_proxy_form opens up.

Here's a few screenshots:
https://github.com/Monviech/os-caddy-plugin/issues/1


Now things are starting to get really challenging for me since I have never got too deeply involved with any backend. My progress will probably be a lot slower from now on.

And as usual when making it public there are more and more demands for special use cases. Welcome to open source :)

I've put the scope of the project into my readme.md file. I won't change the scope based on requests. I'm already dying with the SettingsController API and UUIDs I need for multiple entries.  :)

Quote from: mimugmail on November 11, 2023, 04:29:21 PM
And as usual when making it public there are more and more demands for special use cases. Welcome to open source :)

Wow no need to get hostile...

I'm the one who was asking on github. I had basically the same idea, but till now lacked the time to have a deeper look into it. I got some basic knowledge with opnsense plugin dev, see:
https://github.com/opnsense/plugins/pull/3593
https://github.com/mietzen/opnsense_leases_widget

If you widen your scope we could work together on this @Monviech.

@mietzen

Getting help sounds like a good idea. But before the scope is adjusted, the base functionality should be reached, I've created the MVC model and views in a way that adheres to other plugins so it can be extended later with more functionality. But don't forget, I don't have much experience, this is like a challenge to see if I can reach a goal with a small scope.

Also, since the caddy binary package will be a dependancy of the os-caddy-plugin package, other extensions could be probably compiled in?

-----

So far, all the additions I have made to other MVC parts in the OPNsense, have mostly been totally confined to the front end. I have adjusted models, views, controllers, but I have never actually layed my hands on the SettingsController. It's where I really struggle right now.

The Hello World example is easily reproducable with the "ApiMutableModelControllerBase", I can save my general settings and retrieve them properly from the config.xml.

But since I have to use a grid with multiple entries to allow for more than 1 reverse proxy entry, I have to write multiple uuids to the config.xml that are all in a big array.

I think once I have reached that first goal, I would be a little more confident. Then I'll commit my current front end to github and we could talk about it if you want.

Sounds great, just ping me on GitHub.

Oh yeah, finally making some progress with the API, by looking at the IPSEC implementation, especially the api/ConnectionsController.

Testing my api/ReverseProxyController:

Add one entry to the array:

/api/caddy/ReverseProxy/add


curl -v -k -X POST https://192.168.3.1/api/caddy/ReverseProxy/add \
     -H 'Content-Type: application/json' \
     -H "Authorization: Basic API-SECRET" \
     -d '{"reverse": {"Enabled": "1", "FromDomain": "example.com", "FromPort": "80", "ToDomain": "localhost", "ToPort": "8080", "Description": "Example reverse proxy entry"}}'


Get all entries as array:

/api/caddy/ReverseProxy/get

{"reverse":{"87936553-df1f-447e-8284-929daa40a6c1":{"Enabled":"1","FromDomain":"example.com","FromPort":"80","ToDomain":"localhost","ToPort":"8080","Description":"Example reverse proxy entry"},"14219e01-8545-41cb-8ae4-b0232f47a9e2":{"Enabled":"1","FromDomain":"example.com","FromPort":"80","ToDomain":"localhost","ToPort":"8080","Description":"Example reverse proxy entry2"}}}

Get one specific entry as array:

/api/caddy/ReverseProxy/get/87936553-df1f-447e-8284-929daa40a6c1


{"reverse":{"87936553-df1f-447e-8284-929daa40a6c1":{"Enabled":"1","FromDomain":"example.com","FromPort":"80","ToDomain":"localhost","ToPort":"8080","Description":"Example reverse proxy entry"}}}


Testing the api/GeneralController:

/api/caddy/General/get


{"general":{"enabled":"1"}}


I'm not sure if its a good idea to compare with complex core code.
Maybe first start with simple copy +paste .. most of it doesnt need any special Logik

https://www.routerperformance.net/opnsense/plugin-development/

I have managed to build a first alpha version that has basic functionality and can be installed via repository.

It works on the Opnsense community edition. I have also tested it on the Business edition, but there I can't seem to get it to work.

Problem: I have prepared the storage path of Caddy to write all files into /usr/local/etc/caddy/ via a directive in its /usr/local/rc.d/caddy service. In the CE the folders "acme" and "lock" are created and Caddy can start and begin to create certificate requests.

In the BE edition the "acme" and "lock" folders won't get created, which means Caddy can't work properly. Everything else does seem to work though. The template generates the Caddy file and all actions work (start/stop/restart), the scripts all work, the API works, the GUI works, everything. I don't find the difference and I'm stuck.

I have set the logging path into /var/log/caddy/caddy.log

If anybody can help me, the current alpha plugin can be installed with: (DISCLAIMER: NOT PRODUCTION READY. EARLY ALPHA. But it won't crash your firewall.)

fetch -o /usr/local/etc/pkg/repos/os-caddy-plugin.conf https://os-caddy-plugin.pischem.com/repo-config/os-caddy-plugin.conf
pkg update


Afterwards the "os-caddy" plugin can be installed from the GUI. Make sure the Firewall doesn't listen on port 80/443, since Caddy uses 80 for ACME, and you need 443 to create a proper Reverse Proxy entry.

Under "Services" you will then find "Caddy Web Server"

All source files are uploaded to my github. (Link at the start of the thread)

If you have feedback, please be kind, I am not a professional developer. It's just a hobby on the side. I am not experienced. I have just managed to get something working after a lot of work (probably +100 hours) and I'm rather proud at least something happens.

Thank you.  :)

You can adjust permissions here:
https://github.com/opnsense/plugins/blob/master/net/tayga/src/opnsense/scripts/OPNsense/Tayga/setup.sh

Execute via rc options:
https://github.com/opnsense/plugins/blob/master/net/tayga/src/opnsense/service/templates/OPNsense/Tayga/tayga

@mimugmail

Thank you, thats really helpful.  :)

- I found a little bug in my template and when to port is left empty.
- The Caddy on my firewall didnt start not due to CE or BE... I just had port 80 already occupied. Caddy hates that. I warned everywhere and then I forgot myself to deactivate lighttpd on port 80 by deactivating gui redirect, - Im such a goof.
-I still wrote a script that installs all folders.

The reverse proxy actually works. I'm so relieved. The GUI works and the reverse proxy works... Oh yes. The baseline is functional!!!

I would like to know the "secret sauce" that the service is picket up by this api:

/api/core/service/search

I want to have the caddy service in the "service widget" on the dashboard, and I would like if one of those service buttons (start/stop/restart) appear in my "views".

My ServiceController.php already extends the ApiMutableServiceControllerBase.php and I have made sure my service is named correctly in the internalService* properties.
https://github.com/Monviech/os-caddy-plugin/blob/main/usr/plugins/devel/caddy/src/opnsense/mvc/app/controllers/Pischem/Caddy/Api/ServiceController.php

I have overwritten the ApiMutableServiceControllerBase functions for restartAction, startAction and stopAction because when I used the inherited functions the "configdRun" somehow wasn't triggered and the "configctl template reload" action didn't trigger. And I didn't really find out why so I stopped looking deeper.

Thank you for any help or insight  :)

https://github.com/opnsense/plugins/blob/master/net/tayga/src/etc/inc/plugins.inc.d/tayga.inc

Interface section not needed

@mimugmail

Thank you, I got so much further with the service API stuff because of your help.

My service is shown in the widget now and can be controlled by it. Using the pluginctl as status action, I could also get the service status api working, using the base function provided by the ApiMutableServiceControllerBase:

/api/caddy/service/status
{"status":"running","widget":{"caption_stop":"stop service","caption_start":"start service","caption_restart":"restart service"}}
{"status":"stopped","widget":{"caption_stop":"stop service","caption_start":"start service","caption_restart":"restart service"}}
{"status":"disabled","widget":{"caption_stop":"stop service","caption_start":"start service","caption_restart":"restart service"}}

Now one of my last remaining mysteries (for now), I just can't find out how to get this to be populated:

<class="btn-group-container" id="service_status_container">

These are the buttons that appear in views directly to be able to control the service with. I have found the "service_status_container" in the base volt view, and I have checked that it is indeed in the source code of my own views. But it is not populated or showing. Are there special requirements? I thought I would have met them by now by having the service widget and the "/api/caddy/service/status" running.

Thank you so much for any suggestions.  ;D

Actually I dont know where you cloned the code, but it was a way old plugin, usually you dont need so much JS for basic stuff :)

TLDR; I really need help to clean this up to get it into a presentable state. I really want somebody with experience to help me.  :)

----------------------------------------------------------------------------------------------------------------------------------------------------

All code I have outright cloned and accustomed to my needs has the appropriate licenses maintained. I have followed the HelloWorld Example and looked at a lot of the other plugins whenever I got stuck. And because I really can't do Javascript I've used tools like ChatGPT and Github Copilot to gradually get it working. I have to say, the volt files consumed most of my time and they will be simplified over time. But my approach was mostly a learning experience to understand how things interact with each other. And this lead to a pretty good understanding of things I didn't have before, coming from the admin side of things.

Sure, a proper trained developer can do miles better than me. But I didn't give up, followed through, and now I have something actually working.

And I'm thankful for your help so far. Really. Please help me if you can clean the code up. I'd be so grateful, and we can have a nice little easy reverse proxy plugin for the community.

If not, I'll just leave it as it is and maintain it for myself. Wouldn't be a big loss since there are already multiple reverse proxies, and also your own caddy plugin.

I didn't intend this to sound like a rant by the way, I just try to be open about everything I do and use.

As I said, hop on to IRC during work hours and ping me ;)

I reworked almost everything and the plugin is in a good state.

I need a tester or two. I'd be really happy to get some general feedback if it works for you or not, and if you find any weird bugs. If you need a reverse proxy that's relatively easy to configure, try it today. :)

Released a few new versions and the plugin is in a state where I consider it stable. I use it productively on multiple firewalls.

It's pretty much feature complete, there won't be any major changes now. Just occasional fixes, maintanance and keeping the Caddy binary up to date.

So far around 15-20 people seemed to have installed it. I also created a forum post in the Caddy forum and got a little bit of feedback, generally there don't seem to be problems.

https://caddy.community/t/caddy-v2-as-reverse-proxy-with-gui-in-opnsense/22047/13

Thanks @everyone for your help. :)

New Version released:

v1.4.0

- DynDNS (Dynamic DNS) Feature added. (Yes that's right, choose your DNS Provider, and you have DNS-01 ACME Challenge AND Dynamic DNS neatly in the same plugin.) https://github.com/mholt/caddy-dynamicdns/
- Logging refactored to syslog-ng to integrate completely into the OPNsense.
- HTTP Access Logs can be enabled.
- DNS Provider Desec added into GUI
- DNS Provider Porkbun added (only configurable with custom configuration file in the ssh shell right now)

Supported DNS Providers in the GUI:

Cloudflare
Duck DNS
DigitalOcean
DNSPod
Hetzner
GoDaddy
Gandi
Vultr
IONOS
Desec

New Version released:

v1.4.2

- Added Basic Auth as additional access restriction, multiple users can be set per domain and subdomain.
- Made views cleaner (seperate General Settings and DNS Provider Settings) - (joined Access List and Basic Auth in new Access Tab)
- Fixed template generation of Caddyfile for new DNS Providers (desec)
- Added Porkbun DNS Provider for GUI configuration with additional DNS Secret Api Key input field
- cleaned up some code and fixed some typos.

This will be the last feature release for a while. Now I will only fix bugs, so if you find one please open an issue on github.

New Version released:

v1.4.4

- Route53 DNS Provider added - https://github.com/Monviech/os-caddy-plugin/issues/84
- Dark Mode GUI fix - https://github.com/Monviech/os-caddy-plugin/issues/85
- New caddy binary built that includes more DNS Provider modules as preparation - https://github.com/Monviech/os-caddy-plugin/blob/main/usr/local/bin/README.md#current-build
- os-caddy was built with 24.1.1 dev system and tested on new OPNsense release.

New Version released:

v1.4.5 (https://github.com/Monviech/os-caddy-plugin/releases/tag/v1.4.5)

This release is important because it fixes a bug with the validation model that can result in incorrect configurations being allowed and saved. Additionally, now there is a second validation method when pressing apply. "caddy validate --config /usr/local/etc/caddy/Caddyfile" is invoked, and the caddy service is only restarted if the configuration is valid. If not, a popup with the exact error message will show the validation error. Now, it is highly unlikely any user error can break Caddy. The new API can be tested additionally at
/api/caddy/service/validate

There are also a new logging feature added to integrate this Plugin more easily with Crowdsec. And a new feature to prepend paths in Handlers. Thank you a lot for contributing @pmhausen.

- New validate api action + Validation model fix by @Monviech in #98
- Add configuration option to log HTTP access to plain JSON files by @pmhausen in #90
- Add backend path prepend feature to handler configuration by @pmhausen in #95

New Version released:

v1.5.0 (https://github.com/Monviech/os-caddy-plugin/releases/tag/v1.5.0)

This release is mostly a cleanup to make the front end nicer, with more feedback when pressing Save or Apply.

ACME-DNS Provider has been added to support custom ACME Servers. Please note that only DNS-01 Challenge works with the custom ACME Server, no Dynamic DNS.

It also prepares the plugin to be included into the OPNsense. I've been working with Franco to prepare that. Here is the issue tracker on github. It might be included in 24.3 or 24.4 but no promises.

Status of OPNsense integration (https://github.com/Monviech/os-caddy-plugin/issues/102)

This will be the last version until the integration is over (if no major bugs are found that need a fast fix). So no more new features for a bit.

- Omit vultr from DNS-Providers by @Monviech in #103
- General view cleanup by @Monviech in #106
- Add ACME-DNS Provider for custom ACME Server support by @Monviech in #107
- Hint pressing apply by @Monviech in #108
- Create ACL by @Monviech in #109
- Code consistency by @Monviech in #110
- Built os-caddy-1.5.0.pkg by @Monviech in #111

New Version released:

v1.5.1 (https://github.com/Monviech/os-caddy-plugin/releases/tag/v1.5.1)

Small Hotfix released: 1.5.1_1 since there was a typo that prevented saving domains.

This release is another preparation for the OPNsense integration. Since I went through a review, I could make lots of changes that clean things up.

Big thank you for all the reviewers on github: @franco, @kulikov-a, @mimugmail

Little warning: A lot of things changed, if you have problems, remove the plugin and reinstall it. Also you might need to restart your firewall. Maybe.

- More DNS Providers added: netlify, namesilo, njalla, vercel, googleclouddns, alidns, powerdns, tencentcloud, dinahosting, metaname, hexonet, ddnss, linode, mailinabox, ovh, namecheap, azure, openstack-designate.
- More input fields and better documentation added for the DNS Provider API Keys.
- Changed rc.d script to standard freebsd poudriere one packaged with the caddy-custom binary, included setup.sh script to rc.conf.d/caddy.
- Updated dependancy to caddy-custom instead of caddy.
- Removed +POST_DEINSTALL.post and +POST_INSTALL.post.
- Turned syslog-ng configuration from template to static file.
- A few typos in the general.volt and reverse_proxy.volt corrected.
- The RealInterfaceField custom Fieldtype was removed and replaced with an OPNsense integrated template function to read the interface name.
- Enable $internalModelUseSafeDelete in ReverseProxyController.php - Items can only be deleted when they are not referenced by other items, making deleting in the GUI safer since there can't be any orphaned configuration left behind.
- Migration script M1_1_3 from "Description" to "description" added. Lower case description is needed to be in line with some OPNsense integrated functions.

I am happy to see this integrated into OpnSense as a plugin. I am currently using HAProxy plugin, but would like to move to this plugin and I have some questions.

• This seems to include DynDNS and Acme Certs. -- Does this mean that by using this plugin, I can get rid of the os-ddclient and the on-acme-client plugins altogether and simply set them up under this plugin?
• Currently for a few services like Omada, Nextcloud, I had to set up certain headers rules (http-request redirect, http-request header set, http-response replace-value etc etc) in HaProxy in order for it to work. How would the same headers be setup in this plugin?

Hello,

1. Thats correct. If your DNS Provider is supported you can use DynDNS from the plugin. You can get Lets Encrypt automatically too (even without DNS Provider, its standard with Caddy to get them automatically). The DNS Provider thing still is a little bit of an issue in maintainability that I try to solve: https://github.com/opnsense/plugins/issues/3867

2. I don't know, the standard in Caddy is to not mess with the headers, it does everything automatically. For that you have to try out how it reacts to your services.

Read the documentation in the OPNsense docs and decide if it has all the options you need, otherwise you can continue to use HA-Proxy because why change if it works?

Many thanks for this great plugin, this is the first time I'm dabbling with Caddy and maybe my question is trivial, but I do not completely understand how IPv4 vs IPv6 is handled.

If I configure the upstream IP in the handler as an IPv4 but the client connects to caddy using IPv6, is it expected to work, it will interwork IPv6 to IPv4? Do we expect performance issues because of this? (not that I have a lot of load on it, but just to know if I should expect the GUI to be slow or anything...)

The GUI shouldn't be slow. I have tested it on VMs and real Hardware. If you have high load, it might be slow? I don't know what your hardware is.

Regarding your question, Caddy can receive either IPv4 and IPv6 connections and reverse proxy them to either ipv4, or ipv6, - or also both at the same time when you input two or more IP addresses into the handler Upstream Destination and have a domain with a and aaaa record.

ipv4 - caddy - ipv4 ✓
ipv6 - caddy - ipv4 ✓
ipv4 - caddy - ipv6 ✓
ipv4/6 - caddy - ipv4/6 ✓

Thanks.

So far performance is good.

If I enter an IPv4 and an IPv6 as upstream in the handler, Caddy will simply load balance, the fact that the client is using IPv4 or IPv6 to connect to Caddy will not have any impact on this load balancing, is my understanding correct?

Yes you understand correct. Caddy doesn't care how a connection is made to it. Either side is independant from the other side.

Quote from: Monviech on November 04, 2023, 09:41:43 AM
Plugin was merged into OPNsense Plugins, I won't post in this thread anymore.
https://github.com/opnsense/plugins/pull/3840

- More DNS Providers added: netlify, namesilo, njalla, vercel, googleclouddns, alidns, powerdns, tencentcloud, dinahosting, metaname, hexonet, ddnss, linode, mailinabox, ovh, namecheap, azure, openstack-designate.
- More input fields and better documentation added for the DNS Provider API Keys.

Hi.

Is os-caddy working with Strato (DYNDNS) ?

Heres the current supported ones.

https://github.com/opnsense/plugins/issues/3872

Ionos is in there, its kinda the same company as strato. But there is no explicit strato provider upstream in the caddy-dns packages.