Caddy

The Caddy web server

Using the Caddy web server as a reverse proxy and a file server.

Specify the replace_data_directory directory to keep all data where you want it.
Choose a name for the container replace_container, for the volume replace_volume and for the network replace_network.
Use one or more Docker networks to hide services behind the reverse proxy. In this setup, applications do not publish any ports. Instead, they are added to networks where they communicate with other containers, including the reverse proxy server. It becomes a single configuration point that terminates TLS and routes requests.

Create the directories. Create the volume and the network.



data_directory="replace_data_directory" # data_directory=/data/services

container=replace_container # container=caddy
volume=replace_volume # volume=caddy
network=replace_network # network=services

sudo mkdir --parents "$data_directory/caddy"
sudo chmod --recursive a+rwX "$data_directory/caddy/"

mkdir "$data_directory/caddy/configuration"
mkdir "$data_directory/caddy/data"
mkdir "$data_directory/caddy/logs"
mkdir "$data_directory/caddy/tls"
mkdir "$data_directory/caddy/content"

docker volume create \
--name $volume \
--driver local-persist \
--opt mountpoint="$data_directory/caddy/"

docker network create $network

Place the configuration file.

Put your TLS key and certificate pair replace_key into the server directory and point the configuration file to them.
Alternatively, configure automatic provisioning of keys and certificates.



cp caddy.configuration "$data_directory/caddy/"

mv replace_key.key "$data_directory/caddy/tls/"
mv replace_key.crt "$data_directory/caddy/tls/"

Finally, start the container.



docker run --detach --restart unless-stopped \
--name $container \
--hostname $container \
--network $network \
--publish 80:80 \
--publish 443:443 \
--mount type=volume,source=$volume,destination=/caddy \
--mount type=tmpfs,destination=/config,tmpfs-size=0,tmpfs-mode=000 \
--mount type=tmpfs,destination=/data,tmpfs-size=0,tmpfs-mode=000 \
--workdir /caddy \
--env XDG_CONFIG_HOME=/caddy/configuration \
--env XDG_DATA_HOME=/caddy/data \
--mount type=bind,source=/etc/timezone,destination=/etc/timezone,readonly \
--mount type=bind,source=/etc/localtime,destination=/etc/localtime,readonly \
caddy \
caddy run --config caddy.configuration --adapter caddyfile