Fast to Caddy

[iammattmartin]

Previously the fast-server could run on a different IP so we could block/lockdown the admin. From checking the Caddyfile, not sure that is possible?

What is confusing though is that in that file, the "click" domain appears to be manually set. Previously you'd just add via the GUI and the Fast server would auto configure and get a SSL certificate as required. Can anyone set out the expected working with v2 and if it has to be created, manually set and caddy restarted to pickup a new SSL?

[adamcooke]

Hi Matt,

Postal will no longer configure the SSL certificates for you. This was a fairly big piece of work and added a bunch of additional complexity that I didn't really want to support - for example, we had to run our own full SSL enabled web server.

There's no reason you can't keep your click/tracking domains on separate IPs though although, to save IPs, you could just implement an HTTP-level ACL to restrict access to your Postal instance. The actual configuration for this will depend on the web proxy itself - Postal doesn't really mind how this is done.

I hope that helps.

Adam

[iammattmartin]

That makes sense.

For now, we've put nginx in front of it using certbox linking in to rfc2136 valiation.

I wonder if this needs to be made clearer in the upgrade guide from 1.x or even new install as apart from the reference in the Caddy config, there isn't too much to go on especially if you're used to how this worked in v1. Might avoid what could be a common question as to why SSL isn't working as it used to.