os-caddy plugin

[Monviech (Cedrik)]

Plugin was merged into OPNsense Plugins, I won't post in this thread anymore.
https://github.com/opnsense/plugins/pull/3840

Latest plugin version is:

Code Select Expand

v1.5.1_1
(built on 06.02.2024)
Changelog

- 1.5.1_1

Little warning: A lot of things changed, if you have problems, remove the plugin and reinstall it. Also you might need to restart your firewall. Maybe.

- More DNS Providers added: netlify, namesilo, njalla, vercel, googleclouddns, alidns, powerdns, tencentcloud, dinahosting, metaname, hexonet, ddnss, linode, mailinabox, ovh, namecheap, azure, openstack-designate.
- More input fields and better documentation added for the DNS Provider API Keys.
- Changed rc.d script to standard freebsd poudriere one packaged with the caddy-custom binary, included setup.sh script to rc.conf.d/caddy.
- Updated dependancy to caddy-custom instead of caddy.
- Removed +POST_DEINSTALL.post and +POST_INSTALL.post.
- Turned syslog-ng configuration from template to static file.
- A few typos in the general.volt and reverse_proxy.volt corrected.
- The RealInterfaceField custom Fieldtype was removed and replaced with an OPNsense integrated template function to read the interface name.
- Enable $internalModelUseSafeDelete in ReverseProxyController.php - Items can only be deleted when they are not referenced by other items, making deleting in the GUI safer since there can't be any orphaned configuration left behind.
- Migration script M1_1_3 from "Description" to "description" added. Lower case description is needed to be in line with some OPNsense integrated functions.

Big thank you for all the reviewers on github: @franco, @kulikov-a, @mimugmail

- 1.5.0 Omit vultr from DNS-Providers by @Monviech in #103, General view cleanup by @Monviech in #106, Add ACME-DNS Provider for custom ACME Server support by @Monviech in #107, Hint pressing apply by @Monviech in #108, Create ACL by @Monviech in #109, Code consistency by @Monviech in #110, Built os-caddy-1.5.0.pkg by @Monviech in #111

- 1.4.5 New validate api action + Validation model fix by @Monviech, Add configuration option to log HTTP access to plain JSON files by @pmhausen, Add backend path prepend feature to handler configuration by @pmhausen

- 1.4.4 Route53 DNS Provider added + Dark Mode GUI fix + New caddy binary built that includes more DNS Provider modules as preparation + os-caddy was built with 24.1.1 dev system and tested on new OPNsense release.

- 1.4.2 Added Basic Auth as additional access restriction, made views cleaner, fixed template for new DNS Providers (desec) and added Porkbun for GUI configuration, cleaned up some code and fixed some typos.

- 1.4.0 DynDNS (Dynamic DNS) Feature added, Logging refactored to Syslog-ng to integrate completely into the OPNsense, HTTP Access Logs can be enabled.
Supported DNS Providers:
cloudflare, duckdns, digitalocean, dnspod, hetzner, godaddy, gandi, vultr, ionos, desec, porkbun

- 1.3.4 Added support for "tls_server_name" and "abort" (Reject Unmatched Connections). Fixed a bug in the template with DNS Challenge, DNS-01 checkbox didn't work.

- 1.3.3 Small template bug fixed. Wildcard handles are always placed after their subdomain handles.

- 1.3.2 Small template improvement. Empty Handles are always placed last automatically.

- 1.3.1 Access list support to restrict which IP address can connect to a domain. This is useful for restricting access to local IPs only, or when a CDN and trusted proxy is used.

Latest caddy version is:
Current Built
Caddy Releases

1. Link: How-To Install
2. Link: How-To Use Tutorials

What is Caddy? Caddy is an easy to use powerful Web Server written in Go. It includes a production ready Reverse proxy that is easy to configure. It really does all the complex configurations and Let's Encrypt certificate management and just works automagically. If you have trouble configuring HA Proxy or NGINX, look at how easy you could have it with Caddy, it's literally just a few clicks. You can have a Reverse Proxy in under a minute

[Patrick M. Hausen]

You might want to have a look at what already exists, first:
https://www.routerperformance.net/opnsense-repo/

[mimugmail]

You can also look at the source, its only compressed

[Monviech (Cedrik)]

Sure thanks, I will take a look for inspiration :)

[mimugmail]

Its open source :)

You can join IRC on work hours if you like to chat about plugin dev

[Monviech (Cedrik)]

I'll take on that offer once my research is complete. Thank you!

[Monviech (Cedrik)]

So far I'm making progress, but I am really confused about the... licensing.

caddy is under the apache2 license
opnsense under the BSD 2-Clause "simplified" License

When I include the compiled pkg of caddy and the complied pkg of a plugin in the same github folder structure, can I just include a license file in the root folder that states:

Code Select Expand


BSD 2-Clause License

[Full BSD License Text]
---
Apache 2.0 License for the Caddy binary
The binary named 'caddy' located in any directory of this project is licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

[Full Apache License Text]


And I'm good and nobody can call their laywers on me? xD

[Patrick M. Hausen]

When I include the compiled pkg of caddy and the complied pkg of a plugin in the same github folder structure, can I just include a license file in the root folder that states:

IMHO you should not do that. Your plugin should contain only a reference to the Caddy package. It's in the FreeBSD repo.

[Monviech (Cedrik)]

I know its compiled in other repos, but if I put a dependency on caddy into the plugin manifest, and the freebsd repo (configured in the opnsense repo configuration) or the binary isn't included, the plugin won't do anything since caddy won't be installed.

It either has to be pulled from the repository I set up, or the mimugmail community repo, or it has to be added to the opnsense ports.

Because I dont control these other infrastructures and I wanted to rsa sign my work I wanted to just throw everything together in my own repository for the scope of this little project.

I'm just confused about the license because I want to create everything transparently in the open to follow the open source thought.

[franco]

Yeah, so if you go to "packages" tab in the firmware you will see caddy has the correct license.

If you build a plugin (which is basically just system glue to configure caddy and not modify any of its files) you can license it however you want.


Cheers,
Franco

[Monviech (Cedrik)]

Thank you Franco that makes sense. Its really there with the right license, even when its self compiled, I didnt see that in the GUI.

EDIT: It's because I added the licenses": ["Apache-2.0"] to the manifest file while building the binary.

EDIT2:
I had to create the +MANIFEST exactly like this in order to get the license to show properly, and the license file to be viewable in the OPNsense GUI:

Code Select Expand


{
  "name": "caddy",
  "version": "2.7.5",
  "comment": "Caddy web server",
  "desc": "Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go",
  "www": "https://caddyserver.com",
  "maintainer": "maintainer@email",
  "arch": "freebsd.amd64",
  "origin": "www/caddy",
  "prefix": "/usr/local",
  "categories": ["www"],
  "licenselogic": "single",
  "licenses": ["APACHE20"],
  "files": {
    "/usr/local/bin/caddy": {
      "checksum": "f9eaa71690fe6ac1ce708ea1cfb6ce2a6df3d5d7ba5aa895efb9e700ffdf045a",
      "username": "root",
      "groupname": "wheel",
      "perm": "0555"
    },
    "/usr/local/share/licenses/caddy-2.7.5/APACHE20": {
      "checksum": "c07795dc0d0e17cc4b23566ddc05a508f14e8ce98bb7404963250039a2c1a811"
    },
    "/usr/local/share/licenses/caddy-2.7.5/LICENSE": {
      "checksum": "2dca659dc8846be25ab729554fe067dba90ca252314b73f6c6dbaa95bbb72d4e"
    },
    "/usr/local/share/licenses/caddy-2.7.5/catalog.mk": {
      "checksum": "dacb6125deafe8a4019f21ff0cac159626e3936870e76f9126a11e5327f39d4f"
    }
  }
}


Now it shows like this in the GUI and the license button is clickable and shows the license file:

Code Select Expand


caddy 2.7.5 39.1MiB os-caddy-plugin APACHE20 Caddy web server


[Monviech (Cedrik)]

I want to share some progress. After struggling for a few days I finally managed to get a front end working (in my own namespace). This front end doesn't do API calls yet, and it doesn't retrieve or write data back to the config.xml, but that will be the next part I struggle with. The api works already though, I've tested it with curl and an api key to write and retrieve data from it.

So far theres a "/ui/caddy/general", a "/ui/caddy/reverse_proxy" and a "/ui/caddy/reverse_proxy_form" view. When pressing the "+" button in "/ui/caddy/reverse_proxy" the reverse_proxy_form opens up.

Here's a few screenshots:
https://github.com/Monviech/os-caddy-plugin/issues/1


Now things are starting to get really challenging for me since I have never got too deeply involved with any backend. My progress will probably be a lot slower from now on.

[mimugmail]

And as usual when making it public there are more and more demands for special use cases. Welcome to open source :)

[Monviech (Cedrik)]

I've put the scope of the project into my readme.md file. I won't change the scope based on requests. I'm already dying with the SettingsController API and UUIDs I need for multiple entries.  :)

[mietzen]

And as usual when making it public there are more and more demands for special use cases. Welcome to open source :)

Wow no need to get hostile...

I'm the one who was asking on github. I had basically the same idea, but till now lacked the time to have a deeper look into it. I got some basic knowledge with opnsense plugin dev, see:
https://github.com/opnsense/plugins/pull/3593
https://github.com/mietzen/opnsense_leases_widget

If you widen your scope we could work together on this @Monviech.