Merge pull request #85 from fabriziosalmi/copilot/add-caddy-waf-plugin-installation

fabriziosalmi · web-flow · commit e973c0212ac8 · 2026-01-06T11:41:02.000+01:00
Document caddy add-package installation method
diff --git a/CADDY_MODULE_REGISTRATION.md b/CADDY_MODULE_REGISTRATION.md
@@ -43,6 +43,7 @@ This document outlines the requirements and steps for successfully registering t
 - [x] **Test Suite**: Comprehensive test coverage across multiple files
 - [x] **CI/CD Pipeline**: GitHub Actions workflows for testing and building
 - [x] **Module Import**: Can be imported and used with `xcaddy build`
+- [x] **caddy add-package**: Compatible with `caddy add-package` command
 
 ## 🔍 Potential Issues and Solutions
 
@@ -101,11 +102,17 @@ go doc -short
 # Test module import
 go list -m github.com/fabriziosalmi/caddy-waf
 
-# Verify with xcaddy (if available)
+# Test with caddy add-package (recommended)
+caddy add-package github.com/fabriziosalmi/caddy-waf
+
+# Verify with xcaddy (alternative method)
 xcaddy build --with github.com/fabriziosalmi/caddy-waf
 
 # Check latest version/tag
 git describe --tags --abbrev=0
+
+# Verify module is loaded
+caddy list-modules | grep waf
 ```
 
 ## 📞 Support Information
diff --git a/README.md b/README.md
@@ -62,7 +62,25 @@ curl -fsSL -H "Pragma: no-cache" https://raw.githubusercontent.com/fabriziosalmi
 
 ## 🚀 Installation
 
-### Prerequisites
+### Option 1: Using `caddy add-package` (Recommended)
+
+If you already have Caddy installed, you can add this plugin directly using the `caddy add-package` command:
+
+```bash
+caddy add-package github.com/fabriziosalmi/caddy-waf
+```
+
+This command will:
+- Download a new Caddy binary with the WAF module included
+- Keep your existing modules intact
+- Safely replace your current Caddy binary
+- Create a backup of your previous binary (use `--keep-backup` to retain it)
+
+**Note:** This is an experimental Caddy feature. The command uses Caddy's remote build service to compile and download a custom binary with the module included.
+
+### Option 2: Build from Source
+
+#### Prerequisites
 
 - [Go](https://golang.org/dl/) **1.25** or higher
 - [Caddy](https://caddyserver.com/docs/install) **v2.10.x** or higher (for building with this plugin)
@@ -158,19 +176,20 @@ For complete documentation, including configuration options, rule format details
 ### 📑 Table of Contents
 
 1.  [**Installation**](docs/installation.md) - *Instructions for installing the Caddy WAF middleware.*
-2.  [**Configuration Options**](docs/configuration.md) - *Detailed explanation of all available configuration settings.*
-3.  [**Rules Format (`rules.json`)**](docs/rules.md) - *A comprehensive guide to defining custom rules using the JSON format.*
-4.  [**Blacklist Formats**](docs/blacklists.md) - *Documentation of the formats used for defining IP and DNS blacklists.*
-5.   [**Rate Limiting**](docs/ratelimit.md) - *How to configure rate limiting, including parameters and usage.*
-6.  [**Country Blocking and Whitelisting**](docs/geoblocking.md) - *Details on how to configure country-based blocking and whitelisting.*
-7.  [**Protected Attack Types**](docs/attacks.md) - *An overview of the wide range of web-based threats that the Caddy WAF is designed to protect against.*
-8.  [**Dynamic Updates**](docs/dynamicupdates.md) - *How to dynamically update the WAF rules and other settings without downtime.*
-9.  [**Metrics**](docs/metrics.md) - *Details about the WAF's metrics endpoint and the different metrics collected.*
-10. [**Prometheus Metrics**](docs/prometheus.md) - *Instructions on how to expose WAF metrics using the Prometheus format.*
-11. [**ELK Observability**](https://github.com/fabriziosalmi/caddy-waf/blob/main/docs/caddy-waf-elk.md) - *Instructions on how to configure caddy-waf ELK stack observability.*
-12. [**Rule/Blacklist Population Scripts**](docs/scripts.md) - *Documentation on the provided scripts to automatically fetch, update and generate rules and blacklists.*
-13. [**Testing**](docs/testing.md) - *Guidance on how to test the WAF's effectiveness using the provided testing tools.*
-14.  [**Docker Support**](docs/docker.md) - *Instructions on how to build and run the WAF using Docker.*
+2.  [**Using `caddy add-package`**](docs/add-package-guide.md) - *Quick guide for installing with the `caddy add-package` command.*
+3.  [**Configuration Options**](docs/configuration.md) - *Detailed explanation of all available configuration settings.*
+4.  [**Rules Format (`rules.json`)**](docs/rules.md) - *A comprehensive guide to defining custom rules using the JSON format.*
+5.  [**Blacklist Formats**](docs/blacklists.md) - *Documentation of the formats used for defining IP and DNS blacklists.*
+6.   [**Rate Limiting**](docs/ratelimit.md) - *How to configure rate limiting, including parameters and usage.*
+7.  [**Country Blocking and Whitelisting**](docs/geoblocking.md) - *Details on how to configure country-based blocking and whitelisting.*
+8.  [**Protected Attack Types**](docs/attacks.md) - *An overview of the wide range of web-based threats that the Caddy WAF is designed to protect against.*
+9.  [**Dynamic Updates**](docs/dynamicupdates.md) - *How to dynamically update the WAF rules and other settings without downtime.*
+10.  [**Metrics**](docs/metrics.md) - *Details about the WAF's metrics endpoint and the different metrics collected.*
+11. [**Prometheus Metrics**](docs/prometheus.md) - *Instructions on how to expose WAF metrics using the Prometheus format.*
+12. [**ELK Observability**](https://github.com/fabriziosalmi/caddy-waf/blob/main/docs/caddy-waf-elk.md) - *Instructions on how to configure caddy-waf ELK stack observability.*
+13. [**Rule/Blacklist Population Scripts**](docs/scripts.md) - *Documentation on the provided scripts to automatically fetch, update and generate rules and blacklists.*
+14. [**Testing**](docs/testing.md) - *Guidance on how to test the WAF's effectiveness using the provided testing tools.*
+15.  [**Docker Support**](docs/docker.md) - *Instructions on how to build and run the WAF using Docker.*
 
 ---
 
diff --git a/doc.go b/doc.go
@@ -16,6 +16,12 @@
 //
 // Installation:
 //
+// Option 1 - Using caddy add-package (recommended if Caddy is already installed):
+//
+//	caddy add-package github.com/fabriziosalmi/caddy-waf
+//
+// Option 2 - Building from source with xcaddy:
+//
 //	xcaddy build --with github.com/fabriziosalmi/caddy-waf
 //
 // Basic usage in Caddyfile:
diff --git a/docs/README.md b/docs/README.md
@@ -8,8 +8,9 @@ This documentation provides everything you need to deploy and manage the Caddy W
 
 ### 🚀 Getting Started
 
-1.  **[Introduction](introduction.md)** - *Overview of the Caddy WAF, its purpose, and key benefits.
+1.  **[Introduction](introduction.md)** - *Overview of the Caddy WAF, its purpose, and key benefits.*
 2.  **[Installation](installation.md)** - *Instructions for installing the Caddy WAF middleware.* 
+3.  **[Using caddy add-package](add-package-guide.md)** - *Quick guide for installing with the `caddy add-package` command.* 
 
 ### ⚙️ Core Configuration
 
diff --git a/docs/add-package-guide.md b/docs/add-package-guide.md
@@ -0,0 +1,174 @@
+# Using `caddy add-package` to Install Caddy WAF
+
+This guide demonstrates how to install the Caddy WAF module using Caddy's built-in `caddy add-package` command.
+
+## Prerequisites
+
+- Caddy v2.7 or higher already installed on your system
+- Internet connection (to download the custom binary)
+- Appropriate permissions to replace the Caddy binary
+
+## Quick Installation
+
+To add the Caddy WAF module to your existing Caddy installation:
+
+```bash
+caddy add-package github.com/fabriziosalmi/caddy-waf
+```
+
+That's it! The command will:
+1. Detect your current Caddy installation and modules
+2. Send a build request to Caddy's remote build service
+3. Download a new binary with the WAF module included
+4. Backup your current Caddy binary
+5. Replace the binary with the new one
+
+## Verification
+
+After installation, verify the module is loaded:
+
+```bash
+caddy list-modules | grep waf
+```
+
+Expected output:
+```
+http.handlers.waf
+```
+
+You can also check the full list of modules:
+```bash
+caddy list-modules --packages
+```
+
+## Usage Example
+
+Once installed, you can use the WAF module in your Caddyfile:
+
+```caddyfile
+{
+    auto_https off
+    admin localhost:2019
+}
+
+:8080 {
+    log {
+        output stdout
+        format console
+        level INFO
+    }
+
+    route {
+        waf {
+            metrics_endpoint /waf_metrics
+            rule_file rules.json
+            ip_blacklist_file ip_blacklist.txt
+            dns_blacklist_file dns_blacklist.txt
+            anomaly_threshold 10
+            
+            rate_limit {
+                requests 100
+                window 60s
+                cleanup_interval 300s
+            }
+        }
+
+        respond "Hello, World!" 200
+    }
+}
+```
+
+## Advanced Options
+
+### Keep Backup
+
+By default, the command deletes the backup after successful replacement. To keep the backup:
+
+```bash
+caddy add-package --keep-backup github.com/fabriziosalmi/caddy-waf
+```
+
+The backup will be saved as `caddy.backup` in the same directory.
+
+### Version Pinning
+
+To install a specific version of the module:
+
+```bash
+caddy add-package github.com/fabriziosalmi/caddy-waf@vX.Y.Z
+```
+
+Replace `vX.Y.Z` with the desired version tag (e.g., `v0.1.3`). You can find available versions on the [GitHub releases page](https://github.com/fabriziosalmi/caddy-waf/releases).
+
+## Troubleshooting
+
+### Command Not Found
+
+If the `caddy add-package` command is not available, you may be using an older version of Caddy:
+
+```bash
+caddy version
+```
+
+You need Caddy v2.7 or higher. To update Caddy, visit [caddyserver.com/download](https://caddyserver.com/download) and follow the instructions for your operating system and architecture.
+
+### Permission Denied
+
+If you get a permission denied error, run the command with sudo:
+
+```bash
+sudo caddy add-package github.com/fabriziosalmi/caddy-waf
+```
+
+### Build Service Unavailable
+
+If Caddy's remote build service is unavailable, you can build from source instead:
+
+```bash
+# Install xcaddy
+go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
+
+# Build with the module
+xcaddy build --with github.com/fabriziosalmi/caddy-waf
+```
+
+### Module Already Exists
+
+If you get an error that the package already exists, the module is already installed. To update:
+
+```bash
+# Remove the package first
+caddy remove-package github.com/fabriziosalmi/caddy-waf
+
+# Then add it again
+caddy add-package github.com/fabriziosalmi/caddy-waf
+```
+
+## Removing the Module
+
+To remove the Caddy WAF module:
+
+```bash
+caddy remove-package github.com/fabriziosalmi/caddy-waf
+```
+
+## Comparison with Other Installation Methods
+
+| Method | Pros | Cons |
+|--------|------|------|
+| `caddy add-package` | Simple, no build tools needed, keeps existing modules | Requires internet, depends on remote build service |
+| `xcaddy build` | Full control, works offline (after dependencies cached), good for development | Requires Go and build tools, more complex |
+| Quick script | Automated setup with sample configs | Downloads and builds from source, requires build tools |
+
+## Next Steps
+
+- Read the [Configuration Guide](configuration.md) to customize your WAF rules
+- Learn about [Rate Limiting](ratelimit.md) configuration
+- Explore [GeoIP Blocking](geoblocking.md) features
+- Check out the [Metrics](metrics.md) endpoint for monitoring
+
+## References
+
+- [Caddy Command Line Documentation](https://caddyserver.com/docs/command-line)
+- [Caddy Module System](https://caddyserver.com/docs/extending-caddy)
+- [xcaddy Build Tool](https://github.com/caddyserver/xcaddy)
diff --git a/docs/installation.md b/docs/installation.md
@@ -1,6 +1,34 @@
 # Installation
 
-## Quick Start
+## Method 1: Using `caddy add-package` (Recommended)
+
+If you already have Caddy installed, you can add the WAF plugin directly:
+
+```bash
+caddy add-package github.com/fabriziosalmi/caddy-waf
+```
+
+This command will download and install a new Caddy binary with the WAF module included. It uses Caddy's remote build service to compile a custom binary with the module.
+
+**Advantages:**
+- No need to install Go or build tools
+- Keeps your existing Caddy modules intact
+- Automatic backup of your current binary
+- Quick and simple installation
+
+**Options:**
+- `--keep-backup` - Keep the backup of your previous Caddy binary
+
+**Note:** This is an experimental Caddy feature introduced in Caddy v2.7.
+
+After installation, verify the module is loaded:
+```bash
+caddy list-modules | grep waf
+```
+
+You should see `http.handlers.waf` in the output.
+
+## Method 2: Quick Script Installation
 
 ```bash
 curl -fsSL -H "Pragma: no-cache" https://raw.githubusercontent.com/fabriziosalmi/caddy-waf/refs/heads/main/install.sh | bash
@@ -20,7 +48,9 @@ INFO    Rules loaded    {"file": "rules.json", "total_rules": 70, "invalid_rules
 INFO    WAF middleware provisioned successfully
 ```
 
-## Step by step installation
+## Method 3: Build from Source (Advanced)
+
+For development or if you need full control over the build process:
 
 ```bash
 # Step 1: Clone the caddy-waf repository from GitHub
