The Caddy web server
Using the
Caddy web server as a reverse proxy and a file server.
Specify the
replace_data_directory
directory to keep all
data
where you want it.
Choose a name for the container
replace_container
,
for the volume
replace_volume
and
for the network
replace_network
.
Use one or more Docker networks to hide services behind the reverse proxy.
In this setup, applications do not publish any ports.
Instead, they are added to networks where they communicate with other containers, including
the reverse proxy server.
It becomes a single configuration point that terminates TLS and routes requests.
Create the directories. Create the volume and the network.
data_directory="replace_data_directory" # data_directory=/data/services
container=replace_container # container=caddy
volume=replace_volume # volume=caddy
network=replace_network # network=services
sudo mkdir --parents "$data_directory/caddy"
sudo chmod --recursive a+rwX "$data_directory/caddy/"
mkdir "$data_directory/caddy/configuration"
mkdir "$data_directory/caddy/data"
mkdir "$data_directory/caddy/logs"
mkdir "$data_directory/caddy/tls"
mkdir "$data_directory/caddy/content"
docker volume create \
--name $volume \
--driver local-persist \
--opt mountpoint="$data_directory/caddy/"
docker network create $network
Place the
configuration file.
Put your TLS key and certificate pair
replace_key
into the server directory and
point the configuration file to them.
Alternatively, configure
automatic provisioning of keys and certificates.
cp caddy.configuration "$data_directory/caddy/"
mv replace_key.key "$data_directory/caddy/tls/"
mv replace_key.crt "$data_directory/caddy/tls/"
Finally, start the container.
docker run --detach --restart unless-stopped \
--name $container \
--hostname $container \
--network $network \
--publish 80:80 \
--publish 443:443 \
--mount type=volume,source=$volume,destination=/caddy \
--mount type=tmpfs,destination=/config,tmpfs-size=0,tmpfs-mode=000 \
--mount type=tmpfs,destination=/data,tmpfs-size=0,tmpfs-mode=000 \
--workdir /caddy \
--env XDG_CONFIG_HOME=/caddy/configuration \
--env XDG_DATA_HOME=/caddy/data \
--mount type=bind,source=/etc/timezone,destination=/etc/timezone,readonly \
--mount type=bind,source=/etc/localtime,destination=/etc/localtime,readonly \
caddy \
caddy run --config caddy.configuration --adapter caddyfile