docs: add geo blocking docs and refresh screenshots
- Add Geo Blocking section to README with rule types and GeoIP setup - Add Geo Blocking card to landing page (site/index.html) - Refresh all 4 screenshots from current UI Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
38
README.md
@@ -20,6 +20,7 @@ This project provides a web UI for Caddy Server, eliminating the need to manuall
|
||||
- OAuth2/OIDC authentication support
|
||||
- Automatic HTTPS via Caddy's ACME (Let's Encrypt) with Cloudflare DNS-01 support
|
||||
- Optional upstream DNS pinning (resolve upstream hostnames on config apply)
|
||||
- Geo blocking per proxy host — block/allow by country, continent, ASN, CIDR, or IP
|
||||
- Custom certificate import (internal CA, wildcards, etc.)
|
||||
- Audit logging of all configuration changes
|
||||
- Built with Next.js 16, React 19, Drizzle ORM, and TypeScript
|
||||
@@ -45,6 +46,7 @@ Data persists in Docker volumes (caddy-manager-data, caddy-data, caddy-config, c
|
||||
## Features
|
||||
|
||||
- **Proxy Hosts** - Reverse proxies with custom headers and upstream pools
|
||||
- **Geo Blocking** - Block or allow traffic by country, continent, ASN, CIDR range, or exact IP per proxy host
|
||||
- **Access Lists** - HTTP basic auth
|
||||
- **Certificates** - Custom SSL/TLS import (automatic Let's Encrypt via Caddy)
|
||||
- **Settings** - ACME email, Cloudflare DNS-01, and upstream DNS pinning defaults
|
||||
@@ -115,6 +117,42 @@ Caddy automatically obtains Let's Encrypt certificates for all proxy hosts.
|
||||
|
||||
---
|
||||
|
||||
## Geo Blocking
|
||||
|
||||
Geo blocking is configured per proxy host. It requires MaxMind GeoLite2 databases (see [GeoIP Setup](#geoip-setup)).
|
||||
|
||||
### Rule types
|
||||
|
||||
| Type | Example | Description |
|
||||
|------|---------|-------------|
|
||||
| Country | `DE` | ISO 3166-1 alpha-2 country code |
|
||||
| Continent | `EU` | `AF`, `AN`, `AS`, `EU`, `NA`, `OC`, `SA` |
|
||||
| ASN | `24940` | Autonomous System Number |
|
||||
| CIDR | `91.98.150.0/24` | IP range in CIDR notation |
|
||||
| IP | `91.98.150.103` | Exact IP address |
|
||||
|
||||
Rules can be **block** or **allow**. Allow rules take precedence over block rules — you can block an entire continent and then allow specific IPs or ASNs through.
|
||||
|
||||
### GeoIP Setup
|
||||
|
||||
Geo blocking requires MaxMind GeoLite2 Country and/or ASN databases. Use the bundled `geoipupdate` service:
|
||||
|
||||
1. Register for a free MaxMind account at [maxmind.com](https://www.maxmind.com/)
|
||||
2. Generate a license key with `GeoLite2-Country` and `GeoLite2-ASN` permissions
|
||||
3. Add to your `.env`:
|
||||
```
|
||||
GEOIPUPDATE_ACCOUNT_ID=your-account-id
|
||||
GEOIPUPDATE_LICENSE_KEY=your-license-key
|
||||
```
|
||||
4. Start with the `geoipupdate` profile:
|
||||
```bash
|
||||
docker compose --profile geoipupdate up -d
|
||||
```
|
||||
|
||||
The databases are stored in the `geoip-data` Docker volume and shared between the web and Caddy containers.
|
||||
|
||||
---
|
||||
|
||||
## Upstream DNS Pinning
|
||||
|
||||
You can enable upstream DNS pinning globally (**Settings → Upstream DNS Pinning**) and override per host (**Proxy Host → Upstream DNS Pinning**).
|
||||
|
||||
|
Before Width: | Height: | Size: 172 KiB After Width: | Height: | Size: 159 KiB |
|
Before Width: | Height: | Size: 204 KiB After Width: | Height: | Size: 199 KiB |
|
Before Width: | Height: | Size: 952 KiB After Width: | Height: | Size: 232 KiB |
|
Before Width: | Height: | Size: 161 KiB After Width: | Height: | Size: 96 KiB |
@@ -54,7 +54,7 @@
|
||||
<section class="hero container">
|
||||
<h1>Control Every Edge.</h1>
|
||||
<p>The modern, secure context for your reverse proxy. Manage Caddy with an intuitive interface, automatic HTTPS,
|
||||
and detailed audit logging.</p>
|
||||
geo blocking, and detailed audit logging.</p>
|
||||
|
||||
<div class="btn-group">
|
||||
<a href="#deployment" class="btn btn-primary">Get Started</a>
|
||||
@@ -86,6 +86,10 @@
|
||||
out of the
|
||||
box.</p>
|
||||
</div>
|
||||
<div class="card">
|
||||
<h3>Geo Blocking</h3>
|
||||
<p>Block or allow traffic by country, continent, ASN, CIDR range, or exact IP — per proxy host, with allow-override rules.</p>
|
||||
</div>
|
||||
<div class="card">
|
||||
<h3>Access Control</h3>
|
||||
<p>Secure your endpoints with basic auth, IP access lists, or valid OAuth2/OIDC sessions.</p>
|
||||
|
||||