Skip to content

improve Caddy config docs#65

Merged
gantoine merged 1 commit intorommapp:mainfrom
mohammed90:patch-1
Mar 23, 2026
Merged

improve Caddy config docs#65
gantoine merged 1 commit intorommapp:mainfrom
mohammed90:patch-1

Conversation

@mohammed90
Copy link
Contributor

@mohammed90 mohammed90 commented Mar 21, 2026

TLS with Caddy does not require providing the cert and key files. Also, the removal of Server header does not add any security nor is it being does for other servers.

gantoine
gantoine requested changes Mar 21, 2026
View reviewed changes
Copy link
Member

@gantoine gantoine left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah neither of those are strictly true. the tls directive in caddy allows you to provide cert files, since some servers (like mine) don't support a flow to "specify an ACME account email address". and removing -x-powered-by is good practice in general, though not required obviously.

@mohammed90
Copy link
Contributor Author

mohammed90 commented Mar 21, 2026

yeah neither of those are strictly true. the tls directive in caddy allows you to provide cert files, since some servers (like mine) don't support a flow to "specify an ACME account email address".

I'm aware of the function of the tls directive, but presenting it in the documentation gives the impression it's required and discourages reliance on automation, where the latter is more critical than the former.

and removing -x-powered-by is good practice in general, though not required obviously.

It's not about requirement, rather about security benefit. If you believe it adds security benefit, that's fine. I'll concede. But the same isn't applied in the sample nginx config.

Do you prefer to keep the sample config as-is? If yes, the PR can be closed.

@gantoine
Copy link
Member

gantoine commented Mar 21, 2026

seeing as none of the other entries list TLS certs let's remove that line but keep the -server and -x-powered-by?

@mohammed90
improve Caddy config docs
f0763df 
TLS with Caddy does not require providing the cert and key files. Also, the removal of `Server` header does not add any security nor is it being does for other servers.
@mohammed90
Copy link
Contributor Author

mohammed90 commented Mar 23, 2026

seeing as none of the other entries list TLS certs let's remove that line but keep the -server and -x-powered-by?

Done

@gantoine gantoine merged commit 0bd7bab into rommapp:main Mar 23, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gantoine gantoine gantoine approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mohammed90 @gantoine