Skip to content

Replace Caddy with Nginx#2225

Draft
ObadaS wants to merge 9 commits into
developfrom
nginx
Draft

Replace Caddy with Nginx#2225
ObadaS wants to merge 9 commits into
developfrom
nginx

Conversation

@ObadaS

@ObadaS ObadaS commented Mar 2, 2026

Copy link
Copy Markdown
Collaborator

A brief description of the purpose of the changes contained in this PR.

  • Replace Caddy with Nginx, allowing us to route every connection through it (like rabbit, minio, postgres) instead of only HTTP(S) connections
  • Add anti-scrapping measures
  • Add robots.txt file
  • Closed all the external ports of the containers except Nginx. Everything must go through Nginx now.
  • Made all containers (except Nginx, Django, Compute Worker and Builder) unable to access the outside world.
  • Add rate limit

Manual Intervention

There are some new environment variable that will be needed in the .env file

HTTPS=False # Or True
RATE_LIMIT=5

If your DOMAIN_NAME contains : you will need to remove it.
For example, localhost:80 becomes localhost

Checklist

  • Code review by me
  • Hand tested by me
  • I'm proud of my work
  • Code review by reviewer
  • Hand tested by reviewer
  • CircleCi tests are passing
  • Ready to merge

@ObadaS ObadaS force-pushed the nginx branch 2 times, most recently from 4f4265c to 01f2f1d Compare March 18, 2026 15:39
@ckravit

ckravit commented Jul 2, 2026

Copy link
Copy Markdown

I'm pretty sure Caddy can do this. Why force nginx? Caddy works really well especially for the SSL cert renewals. Can also easily customize Caddy to restrict some of the admin pages (rabbit, django, etc) to certain subnets.

@ObadaS

ObadaS commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator Author

I'm pretty sure Caddy can do this. Why force nginx? Caddy works really well especially for the SSL cert renewals. Can also easily customize Caddy to restrict some of the admin pages (rabbit, django, etc) to certain subnets.

While Caddy can do some of the new features in this PR, the main problem is that Caddy can only handle HTTP(S) connections. We can not use it to re-route AMQP connections for Rabbit.

However, we are also discussing internally about removing Caddy from the docker compose since it's not really related to Codabench, allowing people to use whatever reverse proxy they want to use, and giving an example configuration of what could be used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants