Skip to content

Internet exposed instance render push. #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ninjeeter wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Internet exposed instance render push. #308

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
78e5b17
Internet exposed instance render push.
ninjeeter Dec 22, 2025
b73a0d9
Ready for review: Exposing an instance on the internet.
ninjeeter Dec 23, 2025
eecc7c1
Optimised images with calibre/image-actions
github-actions[bot] Dec 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .vitepress/sidebars/tutorials.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ export const tutorialsSidebar: DefaultTheme.SidebarItem[] = [
text: "Invisible Proxying",
link: "/tutorials/invisible_proxy",
},
{
text: "Exposing an Instance to the Internet",
link: "/tutorials/instance_internet",
},
],
},
{
Expand Down
Binary file added src/_images/internet_instance.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
149 changes: 149 additions & 0 deletions src/tutorials/instance_internet.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
# Exposing an Instance to the Internet

In this tutorial, you will learn how to expose a Caido instance to the internet.

::: warning NOTE
Ensure to replace `user` with your username, `example.com` with your domain, `user@example.com` with your email address, and account for any currently running processes by changing the ports.
:::

## Nginx Configuration

1. To logically separate the internet-exposed Caido instance from your existing setup, create a new subdomain by adding a A record for `caido.example.com` for the IP address of your server.

2. SSH into your server.

3. Create a new `sites-available` file and use the `proxy_pass` directive to route traffic to Caido: `sudo nano /etc/nginx/sites-available/caido.example.com`

```txt
server {
server_name caido.example.com;

location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

listen 80;
listen [::]:80;
}
```

4. Make the site available, test the configuration, and reload the web server:

```bash
sudo ln -s /etc/nginx/sites-available/caido.example.com /etc/nginx/sites-enabled/
```

```bash
sudo nginx -t
```

```bash
sudo systemctl reload nginx
```

5. Obtain a SSL/TLS certificate:

```bash
sudo certbot --nginx -d caido.example.com
```

6. Launch the Caido CLI:

```bash
caido-cli --ui-listen 0.0.0.0:8081 --proxy-listen 0.0.0.0:8082 --ui-domain caido.example.com --debug --no-renderer-sandbox --no-open
```

## Docker

The following Docker compose file runs two services: the Caido CLI and [Traefik](https://doc.traefik.io/traefik/).

::: warning NOTE
If Nginx/Apache is running, kill it with: `sudo systemctl stop nginx`/`sudo systemctl stop apache`
:::

1. Install [Docker](https://docs.docker.com/engine/install/) with the Docker Compose plugin.
2. SSH into your server.
3. Create a `docker-compose.yml` file with the following content:

```txt
services:
caido:
image: caido/caido:latest
container_name: caido
ports:
- "127.0.0.1:8082:8082" # Proxy port
volumes:
- /home/user/caido/data/:/home/caido/.local/share/caido
command: >
caido-cli
--no-renderer-sandbox
--debug
--no-open
--ui-listen 0.0.0.0:8081
--ui-domain example.com
--proxy-listen 0.0.0.0:8082
#--allow-guests
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.caido.rule=Host(`example.com`)"
- "traefik.http.routers.caido.entrypoints=websecure"
- "traefik.http.routers.caido.tls.certresolver=letsencrypt"
- "traefik.http.services.caido.loadbalancer.server.port=8081"

traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"

# Redirect HTTP → HTTPS
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"

# Let's Encrypt - HTTP challenge (works with standard ports 80/443)
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=user@example.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"

volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt

```

3. Create a data storage location for Caido:

```bash
mkdir -p /home/user/caido/data
```

4. Since the container runs as `uid=996(caido) gid=996(caido) groups=996(caido)`, set ownership of the host directory to match:

```bash
sudo chown -R 996:996 /home/user/caido/data
```

5. Make the directory writable:

```bash
sudo chmod 755 /home/user/caido/data
```

## Accessing Caido

Once Caido is running, access the instance at the configured domain and authenticate into your account.

<img alt="Login page." src="/_images/internet_instance.png" center>