From cd30d45fbfaa05b7b06222204c8dc204c84eb0d3 Mon Sep 17 00:00:00 2001
From: Stephen Klein <skier@Stephens-Mac-mini.local>
Date: Fri, 18 Jul 2025 05:29:25 -0400
Subject: [PATCH] Add Caddy reverse proxy support to HOPS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### New Features
- Added Caddy reverse proxy as a service option
- Proper Docker container configuration with ports 80, 443, 2019
- Health check monitoring via Caddy admin API
- Volume mounts for Caddyfile, site content, and data persistence
- Integration with existing service selection and categorization

### Configuration Scope
- HOPS provides: Container setup, volume mounts, networking, health checks
- User provides: Caddyfile configuration, routing rules, SSL settings
- Clear documentation about configuration responsibilities
- Example Caddyfile provided in README

### Documentation Updates
- Updated README.md with Caddy service listing and configuration guide
- Updated CLAUDE.md with Caddy in supported services
- Added comprehensive configuration scope documentation
- Updated version references to 3.2.0

### Technical Implementation
- Added generate_caddy() function to services file
- Integrated Caddy into service selection switch
- Added port mapping for conflict detection (80, 443, 2019)
- Categorized under proxy & security services
- Added to available services listing

This addition provides users with another reverse proxy option while
maintaining HOPS' philosophy of providing infrastructure while allowing
users to maintain control over their specific configuration needs.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 README.md       | 31 +++++++++++++++++++++++++++++++
 install         |  2 +-
 lib/security.sh |  2 +-
 lib/system.sh   |  2 +-
 services        | 43 +++++++++++++++++++++++++++++++++++++++----
 5 files changed, 73 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 827a514..d2ef79f 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,9 @@
 - **🚀 Docker Desktop Integration**: Improved Docker Desktop startup and management
 - **⚡ Better Error Handling**: Enhanced error messages and troubleshooting for macOS
 
+### New Features
+- **🌐 Caddy Support**: Added Caddy reverse proxy as a service option (configuration not included)
+
 ### Bug Fixes
 - **🔧 Fixed password generation**: Resolved `shuf` command and encoding issues on macOS
 - **🐳 Fixed container creation**: Resolved Docker Compose working directory issues
@@ -114,6 +117,7 @@ HOPS (Homelab Orchestration Provisioning Script) automates the deployment of a c
 ### 🔒 Reverse Proxy & Security
 - **Traefik** - Modern reverse proxy with automatic SSL
 - **Nginx Proxy Manager** - Easy-to-use reverse proxy
+- **Caddy** - Automatic HTTPS web server (*configuration not included*)
 - **Authelia** - Authentication and authorization server
 
 ### 📈 Monitoring & Management
@@ -322,6 +326,33 @@ DOMAIN=yourdomain.com
 ACME_EMAIL=admin@yourdomain.com
 ```
 
+### Service-Specific Configuration
+
+#### Caddy Configuration
+**Important**: HOPS provides the Caddy container but **does not include Caddyfile configuration**. Users must provide their own Caddyfile.
+
+```bash
+# Create Caddy configuration directory
+mkdir -p ~/hops/config/caddy
+
+# Create your Caddyfile (example)
+cat > ~/hops/config/caddy/Caddyfile << 'EOF'
+# Example Caddyfile - customize as needed
+example.com {
+    reverse_proxy jellyfin:8096
+}
+
+api.example.com {
+    reverse_proxy overseerr:5055
+}
+EOF
+
+# Caddy will automatically handle HTTPS certificates
+# Documentation: https://caddyserver.com/docs/
+```
+
+**Configuration Scope**: HOPS installs and runs the Caddy container with proper volume mounts, but all routing, SSL, and proxy configuration is the user's responsibility.
+
 ### Service Management Commands
 ```bash
 # NEW: User operations script (runs without sudo)
diff --git a/install b/install
index 255082e..b64f2bb 100755
--- a/install
+++ b/install
@@ -8,7 +8,7 @@ install_hops() {
     set -e
 
     # Script version for update tracking
-    local SCRIPT_VERSION="3.1.0-beta"
+    local SCRIPT_VERSION="3.2.0"
     local SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
     # Load system utilities
diff --git a/lib/security.sh b/lib/security.sh
index 18fb324..7048f49 100644
--- a/lib/security.sh
+++ b/lib/security.sh
@@ -2,7 +2,7 @@
 
 # HOPS - Security Functions
 # Password generation, validation, and security utilities
-# Version: 3.1.0-beta
+# Version: 3.2.0
 
 # Source common functions
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
diff --git a/lib/system.sh b/lib/system.sh
index 1ecd951..2ef83e2 100644
--- a/lib/system.sh
+++ b/lib/system.sh
@@ -2,7 +2,7 @@
 
 # HOPS - System Validation Functions
 # Functions for system checks, OS detection, and requirements validation
-# Version: 3.1.0-beta
+# Version: 3.2.0
 
 # Source common functions
 LIB_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
diff --git a/services b/services
index 8351689..f8e2f84 100755
--- a/services
+++ b/services
@@ -2,7 +2,7 @@
 
 # HOPS Service Definitions
 # Contains all Docker Compose service configurations
-# Version: 3.1.0-beta
+# Version: 3.2.0
 
 # This script provides functions to generate Docker Compose service definitions
 # Usage: Source this script and call generate_service_definition <service_name>
@@ -722,6 +722,39 @@ $(get_homelab_network)
 EOF
 }
 
+generate_caddy() {
+    cat <<EOF
+  # Caddy Reverse Proxy
+  # NOTE: HOPS provides the container only - Caddyfile configuration is user responsibility
+  # Place your Caddyfile in \${CONFIG_ROOT}/caddy/Caddyfile
+  # Documentation: https://caddyserver.com/docs/
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+$(get_restart_policy)
+    ports:
+      - "80:80"
+      - "443:443"
+      - "2019:2019" # Admin API
+    environment:
+      - TZ=\${TZ}
+    volumes:
+      - \${CONFIG_ROOT}/caddy/Caddyfile:/etc/caddy/Caddyfile
+      - \${CONFIG_ROOT}/caddy/site:/srv
+      - \${CONFIG_ROOT}/caddy/data:/data
+      - \${CONFIG_ROOT}/caddy/config:/config
+$(get_web_healthcheck 2019 "/config/")
+$(get_homelab_network)
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.caddy.rule=Host(\`caddy.\${DOMAIN:-localhost}\`)"
+      - "traefik.http.routers.caddy.entrypoints=websecure"
+      - "traefik.http.routers.caddy.tls.certresolver=letsencrypt"
+      - "traefik.http.services.caddy.loadbalancer.server.port=2019"
+
+EOF
+}
+
 generate_authelia() {
     cat <<EOF
   authelia:
@@ -924,6 +957,7 @@ generate_service_definition() {
         # Reverse Proxy & Security
         "traefik") generate_traefik ;;
         "nginx-proxy-manager") generate_nginx-proxy-manager ;;
+        "caddy") generate_caddy ;;
         "authelia") generate_authelia ;;
         
         # Monitoring & Management
@@ -1199,6 +1233,7 @@ get_service_ports() {
         "ombi") echo "3579" ;;
         "traefik") echo "80 443 8080" ;;
         "nginx-proxy-manager") echo "80 443 81" ;;
+        "caddy") echo "80 443 2019" ;;
         "authelia") echo "9091" ;;
         "portainer") echo "9000 9443" ;;
         "uptime-kuma") echo "3001" ;;
@@ -1237,7 +1272,7 @@ print_service_summary() {
                 media_servers+=("$service") ;;
             overseerr|jellyseerr|ombi)
                 request_mgmt+=("$service") ;;
-            traefik|nginx-proxy-manager|authelia)
+            traefik|nginx-proxy-manager|caddy|authelia)
                 proxy_security+=("$service") ;;
             portainer|watchtower|uptime-kuma)
                 monitoring+=("$service") ;;
@@ -1302,7 +1337,7 @@ list_available_services() {
     echo "  overseerr jellyseerr ombi"
     echo
     echo "🔒 PROXY & SECURITY:"
-    echo "  traefik nginx-proxy-manager authelia"
+    echo "  traefik nginx-proxy-manager caddy authelia"
     echo
     echo "📈 MONITORING:"
     echo "  portainer watchtower uptime-kuma"
@@ -1314,7 +1349,7 @@ list_available_services() {
 # Usage information
 show_usage() {
     cat <<EOF
-HOPS Service Definitions Script v3.1.0
+HOPS Service Definitions Script v3.2.0
 
 Usage:
   source services