Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

HTTPS and networking

The normal layout is:

clients → HTTPS :443 → Caddy → HTTP 127.0.0.1:7770 → vsync-server

Create a DNS record such as builds.example.com pointing at the VPS. Allow ports 80 and 443 through the firewall, but do not allow public access to port 7770.

Caddy configuration

builds.example.com {
    reverse_proxy 127.0.0.1:7770
    request_body {
        max_size 256MB
    }
}

Reload Caddy and verify the public endpoint:

sudo systemctl reload caddy
curl https://builds.example.com/healthz

Caddy obtains and renews the TLS certificate automatically when DNS and ports 80/443 are correct.

Private-network alternative

For a server that must not be reachable from the public internet, place the server and every client on a private network such as Tailscale. Bind Vsync to the private interface and use the private address as VSYNC_SERVER.

Tokens are still required. If you use plain HTTP on a trusted private network, remember that production desktop updater and browser security features may still require HTTPS for their own endpoints.

Webhooks

When webhook is configured, the server posts build publications and stream moves to that incoming webhook. Treat the webhook URL like a credential: limit who can read the server configuration and rotate the URL if it leaks.