Vick's Hangout

Following Part 3 of the series, the final component to be set up is the Caddy reverse proxy. I previously used traefik and while it worked, there were a few hiccups I encountered. I can’t recall the exact issues I ran into, but they were enough for me to switch things up this time. On this particular VPS, I won’t be running many services so auto-discovery is irrelevant. I’m binding each service to a specific IP and port, then using Caddy to reverse proxy to them, which simplifies a lot of the management and admin. Caddy also handles automatic certificate renewal with my custom CA using the ACME endpoint I set up earlier, so that’s an added bonus.

Following Part 2 of the series, the second component to be set up is the Smallstep Certificate Authority server. Smallstep is a lightweight CA I use to issue and manage TLS certificates for my internal services. It makes it easy to automate cert handling without relying on external CAs such as Let’s Encrypt, nor do I have to reveal details about my domain names to the public.

The Docker Compose file and configuration of Smallstep is located in /containers/smallstep base folder.

Following Part 1 of the series, the first component to be set up is the AdGuard Home DNS server. I chose this because it also blocks ads and unwanted services which enables my VPN clients to have a better web browsing experience. Aside from this, I get a useful GUI to view resolutions requests and to configure custom domains in an easy-to-use manner. I did contemplate utilizing dnsmasq but finally decided on AdGuard Home.

I am in the process of rebuilding my personal Certificate Authority using Smallstep on a cloud VPS. My previous VPS was running for a few years but I didn’t document how I got the whole concept working. This time around, I decided to jot my notes down so I can replicate this back in the future if needed. This time, I also decided to make a little change to my setup, that is changing from traefik to caddy, not because traefik doesn’t work but I just wanted consistency across all my public-facing web servers.