Remove caddy configuration, localhost is secure if port-forwarded

2025-05-24 01:12:58 -04:00 · 2025-03-15 23:12:35 +00:00 · 2025-03-15 23:12:35 +00:00 · bbbe23c74f
commit bbbe23c74f
parent 9bb2ddc1a7
8 changed files with 0 additions and 102 deletions
--- a/docker/caddy/Caddyfile
+++ b/docker/caddy/Caddyfile
@ -1,24 +0,0 @@
-{
-    # debug
-    local_certs
-    log {
-		format console
-    }
-    pki {
-		ca local {
-           name "Immich Local CA - TESTING ONLY"
-           intermediate_lifetime 3599d
-		}
-	}
-    grace_period 0
-    shutdown_delay 0
-    skip_install_trust
-    auto_https disable_redirects
-}
-
-{$IMMICH_HOST}:3443 {
-    tls internal {
-        on_demand
-    }
-    reverse_proxy {$IMMICH_INTERNAL_URL}
-}
--- a/docker/caddy/certs/README.md
+++ b/docker/caddy/certs/README.md
@ -1,15 +0,0 @@
-## What is in this folder? 
-
-These are Caddy certificates necessary for local development using the service-worker, clipboard access, etc. 
-
-This folder contains certs root and intermediate CAs. Caddy uses this to sign its server certs.
-
-These certificates have a 10yr expiration date. They should NOT be used in production. 
-
-## How to use?
-1. You should import these into your system keychain or truststore. (OS-specific)
-2. Ensure 'immich-dev' resolves to the docker host.
-    *  i.e. add entry in /etc/hosts that points to the host running the immich docker container. 
-
-## Permissions
-Caddy runs as root user. These files must be owned by root with 600 permissions. You make need to temporarily make these 644 so you can copy/import them into your trust store. 
--- a/docker/caddy/certs/intermediate.crt
+++ b/docker/caddy/certs/intermediate.crt
@ -1,12 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIB2TCCAX+gAwIBAgIQaofX+uLl1ohUu1tDEoKbdjAKBggqhkjOPQQDAjA5MTcw
-NQYDVQQDEy5JbW1pY2ggTG9jYWwgQ0EgLSBURVNUSU5HIE9OTFkgLSAyMDI1IEVD
-QyBSb290MB4XDTI1MDMxNTE1MTMxOVoXDTM1MDEyMTE1MTMxOVowPDE6MDgGA1UE
-AxMxSW1taWNoIExvY2FsIENBIC0gVEVTVElORyBPTkxZIC0gRUNDIEludGVybWVk
-aWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDIDN4PR36WU+XZYaUxzdRpd
-R5PUJ34oeqnthRIvxz5k1v324pYvk/unKkr4/73+YiQgbGJYoXuS1RosMh6+J4aj
-ZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
-BBSgTH3mPyuKmXKSfUn/XC9Ag69trTAfBgNVHSMEGDAWgBRjdUoajCqc0KfFvLbw
-sdJQqL6iCjAKBggqhkjOPQQDAgNIADBFAiEA2zQBXgof4D7pk9RF/J5MKCMi+mGq
-s8I8MQM0X0PWv6wCIG8R0KOvwiYPxsX+TDUtG4F2rYdSb6OHbcoYg0UEwMVZ
-----END CERTIFICATE-----
--- a/docker/caddy/certs/intermediate.key
+++ b/docker/caddy/certs/intermediate.key
@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIPO0Ao4ha+T3Op2UljmdroXbvsDrKYMqGvu9762W+mZqoAoGCCqGSM49
-AwEHoUQDQgAEMgM3g9HfpZT5dlhpTHN1Gl1Hk9Qnfih6qe2FEi/HPmTW/fbili+T
-+6cqSvj/vf5iJCBsYlihe5LVGiwyHr4nhg==
-----END EC PRIVATE KEY-----
--- a/docker/caddy/certs/root.crt
+++ b/docker/caddy/certs/root.crt
@ -1,12 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIBtzCCAVygAwIBAgIRAMd1v26Z7/BEBZVgNeUSPD8wCgYIKoZIzj0EAwIwOTE3
-MDUGA1UEAxMuSW1taWNoIExvY2FsIENBIC0gVEVTVElORyBPTkxZIC0gMjAyNSBF
-Q0MgUm9vdDAeFw0yNTAzMTUxNTEzMTlaFw0zNTAxMjIxNTEzMTlaMDkxNzA1BgNV
-BAMTLkltbWljaCBMb2NhbCBDQSAtIFRFU1RJTkcgT05MWSAtIDIwMjUgRUNDIFJv
-b3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATcZGmAJUrSce1rOvNPcSAM9hDS
-/9NopYW9833n52kqrC+ArUZsMHC2BxN5Ndlu+ac288oSrUKLOxzes0Lr+Jeto0Uw
-QzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU
-Y3VKGowqnNCnxby28LHSUKi+ogowCgYIKoZIzj0EAwIDSQAwRgIhAOQMD95mhs6G
-qxzoMXbYgjw5S5cF4HP4yYBYcvrmuypVAiEAlG//Ayx9kicVHVeOchm4RyRCm1hU
-zEBhaqC33ivd4D8=
-----END CERTIFICATE-----
--- a/docker/caddy/certs/root.key
+++ b/docker/caddy/certs/root.key
@ -1,5 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIDrpG22VrpagAKo7dPL16RihojPr7MgYcKwZA5jSMrXioAoGCCqGSM49
-AwEHoUQDQgAE3GRpgCVK0nHtazrzT3EgDPYQ0v/TaKWFvfN95+dpKqwvgK1GbDBw
-tgcTeTXZbvmnNvPKEq1Cizsc3rNC6/iXrQ==
-----END EC PRIVATE KEY-----
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -14,21 +14,6 @@
 name: immich-dev

 services:
-  immich-caddy:
-    container_name: immich_caddy
-    image: caddy:2.9.1-alpine
-    restart: unless-stopped
-    ports:
-      - "2019:2019"
-      - "3443:3443"
-      - "3443:3443/udp"
-    environment:
-      IMMICH_HOST: immich-dev
-      IMMICH_INTERNAL_URL: http://immich-web:3000
-    volumes:
-      - ./caddy:/etc/caddy
-      - ./caddy/certs:/data/caddy/pki/authorities/local
-    command: ["/bin/sh", "-c", "chown 0:0 /data/caddy/pki/authorities/local/*; chmod 600 /data/caddy/pki/authorities/local/*; caddy run --config /etc/caddy/Caddyfile --adapter caddyfile"]
  immich-server:
    container_name: immich_server
    command: ['/usr/src/app/bin/immich-dev']
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@ -10,20 +10,6 @@
 name: immich-prod

 services:
-  immich-caddy:
-    container_name: immich_caddy
-    image: caddy:2.9.1-alpine
-    restart: unless-stopped
-    ports:
-      - "3443:3443"
-      - "3443:3443/udp"
-    environment:
-      IMMICH_HOST: immich-dev
-      IMMICH_INTERNAL_URL: http://immich-server:2283
-    volumes:
-      - ./caddy:/etc/caddy
-      - ./caddy/certs:/data/caddy/pki/authorities/local
-    command: ["/bin/sh", "-c", "chown 0:0 /data/caddy/pki/authorities/local/*; chmod 600 /data/caddy/pki/authorities/local/*; caddy run --config /etc/caddy/Caddyfile --adapter caddyfile"]
  immich-server:
    container_name: immich_server
    image: immich-server:latest