Remove the tls { dns cloudflare ... } directive and fall back to
Caddy's default automatic HTTPS (HTTP-01 / TLS-ALPN). The
Cloudflare DNS plugin was causing issues during cert provisioning;
standard ACME works fine as long as port 80/443 reach the server.
Also drop the now-unused cloudflare_token variable from group_vars.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The target server uses /etc/caddy/sites/ (plural) for per-site
config files, not /etc/caddy/site/.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Self-contained playbook intended to be run locally on the target
server, where this repo is already cloned (typically at
/var/www/e-auth). No SSH / inventory needed — hosts: localhost
with connection: local.
What it does:
- Installs Docker Engine + compose plugin from the official repo
(idempotent, no-op if already present).
- Ensures /etc/caddy/site exists and templates the vhost file at
/etc/caddy/site/e-auth.conf with the Cloudflare DNS-01 token for
caddy-dns/cloudflare, reverse-proxying to 127.0.0.1:9450.
- Validates the Caddy config and reloads the service on change.
- Runs `docker compose pull` and `docker compose up -d` from the
repo root.
Assumes Caddy is already installed with the caddy-dns/cloudflare
plugin and loads per-site files from /etc/caddy/site/*.conf.
Usage (on the server):
cd /var/www/e-auth/ansible && ansible-playbook deploy.yml
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
