Guillaume Hérail

Ramblings in Frenglish


Jan 13, 2021
Prometheus metrics on Caddy Continuing with my Caddy experimentation, I wanted to get some metrics out of it. Caddy provides metrics out of the box on its admin API: https://localhost:2019/metrics This works well if you have prometheus running on the same server though in my case, prometheus is running on a different VM and on a private network. Caddy will enforce https on every vhost by default. For public domains, it’ll try to get a Let’s Encrypt certificate and for IP addresses and localhost, it’ll use an internal CA to sign certificates that it’ll serve for these.
Apr 2, 2018
Lets Encrypt Behind The Firewall Dehydrated is a client for getting certificates from an ACME server (think let’s encrypt). Being written in bash, its dependencies are quite simple: curl/sed/grep/mktemp. Dehydrated allows us to write simple hooks that, in this post, we’ll use to do dns validation against our authoritative bind server. That way, you can use let’s encrypt certificates even if your server is behind a firewall! (provided it has access to your dns authoritative server)