# Migrate from Zoraxy to Caddy
Hereβs a **step-by-step guide** to **migrate from Zoraxy to Caddy** as your reverse proxy, including HTTPS and domain-based routing.
---
#### π§ Assumptions
- Youβre currently using **Zoraxy** to proxy domains like `app1.greenhome.stream` and `auth.greenhome.stream`.
- You want to **replace Zoraxy with Caddy** on the same server (`172.17.1.15`).
- You already have:
- A domain with DNS records pointing to your server.
- Docker containers or apps running internally (e.g., `172.17.1.38:9091` for Authelia).
- Port **80** and **443** open on your public IP.
---
#### β
Step-by-Step Migration from Zoraxy to Caddy
---
##### π 1. Stop and Disable Zoraxy
```bash
sudo systemctl stop zoraxy
sudo systemctl disable zoraxy
```
If running via Docker:
```bash
docker stop zoraxy
docker rm zoraxy
```
---
##### π¦ 2. Install Caddy
#### π’ Option 1: Install via Package (Recommended)
```bash
sudo apt update
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/caddy.gpg > /dev/null
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy.list
sudo apt update
sudo apt install caddy
```
> Caddy runs as a service and listens on ports 80 and 443 by default.
---
##### π§Ύ 3. Create Your Caddyfile
```bash
sudo nano /etc/caddy/Caddyfile
```
Example:
```json
# Authelia login portal
auth.greenhome.stream {
reverse_proxy 172.17.1.38:9091
}
# App behind Authelia
app1.greenhome.stream {
reverse_proxy 172.17.1.40:3000
route {
forward_auth auth.greenhome.stream {
uri /api/verify?rd=https://auth.greenhome.stream
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 172.17.1.40:3000
}
}
```
##### π Notes:
- Replace `172.17.1.40:3000` with your actual app's internal IP and port.
- `auth.greenhome.stream` should point to your Authelia instance.
- The `forward_auth` directive checks auth before routing to the backend.
---
##### π 4. Reload Caddy to Apply Config
```bash
sudo caddy reload
```
If there's a syntax error:
```bash
sudo caddy validate
```
---
##### π 5. Ensure HTTPS Works (Auto Let's Encrypt)
Caddy will automatically:
- Fetch and renew Let's Encrypt certificates.
- Use HTTPS with HSTS, HTTP/2, etc.
Check certs:
```bash
sudo caddy list-certs
```
---
##### π¦ 6. Set DNS Records (If Not Already)
Make sure these A records are set:
| Subdomain | Value |
|---|
| `auth.greenhome.stream` | `your_public_ip` |
| `app1.greenhome.stream` | `your_public_ip` |
---
##### π§ͺ 7. Test the Setup
- Visit `https://auth.greenhome.stream` β should load Authelia.
- Visit `https://app1.greenhome.stream` β should redirect to login if not authenticated.
---
##### π§Ή 8. Optional: Remove Zoraxy Completely
If everything works:
```bash
sudo rm -rf /etc/zoraxy /var/lib/zoraxy
```
---
#### π Add More Apps?
Just extend your `Caddyfile`:
```json
nextcloud.greenhome.stream {
reverse_proxy 172.17.1.42:8080
route {
forward_auth auth.greenhome.stream {
uri /api/verify?rd=https://auth.greenhome.stream
}
reverse_proxy 172.17.1.42:8080
}
}
```
---
#### β
You're Done!
Caddy now:
- Proxies your apps with automatic HTTPS.
- Integrates with Authelia for forward authentication.
- Requires no web UI and minimal config.
---
**Ins0mniA**