This is a third party build for https://caddyserver.com/. Please do not use this in a production environment. This is merely available for me and anyone else that needs a quick docker image / binary with the below plugins already installed. You can always use the download page @ https://caddyserver.com/download to generate your own binary.
Both the docker image and binary are built from Caddy sources with only the below-mentioned plugins!
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.
Docs: https://caddyserver.com/docs/
Website: https://caddyserver.com/
Community: https://caddy.community/
GitHub: https://github.com/caddyserver/caddy
Parent Image: https://hub.docker.com/_/caddy
Build Repo: https://github.com/alexandzors/caddy
Binary Releases: https://github.com/alexandzors/caddy/releases
Note: Tags have changed. The 'v' has been stripped from image tags. Please update your run/compose files!
:latest
-- most recent Caddy stable version.:#.#.#
-- tagged stable version of Caddy (v2.7.6+ only):dev
-- used for testing stuff. DO NOT USE :)
:latest-arm64
-- most recent Caddy stable version for arm64.:#.#.#-arm64
-- tagged stable version of Caddy for arm64 (v2.7.6+ only)
This image is built with the default modules + the following:
- dns.providers.cloudflare
- WeidiDeng/caddy-cloudflare-ip
- caddyserver/ntlm-transport
- caddyserver/replace-response
- greenpau/caddy-security
- caddyserver/transform-encoder
- caddyserver/nginx-adapter
- github.com/mholt/caddy-ratelimit
This example includes an external docker network for other containers to attach to. This makes it, so you can deploy this, attach other containers to the network, and then call said containers via their dns name rather then container ip. To create the network: docker network create caddy-dockerinternal-net
then in each service you want exposed by caddy, add both networks:
blocks to their compose files. Caddy will use both the bridge network using ports 80/443 and talk to other containers over the caddy-dockerinternal-net
network.
# For use with <alexandzors/caddy>
# Created by github.com/alexandzors 08-18-2023
version: '3'
services:
caddy:
restart: always
logging:
driver: "json-file"
options:
max-size: "500k"
max-file: "1"
networks:
- caddy
image: alexandzors/caddy
env_file: .env
ports:
- 80:80
- 443:443
volumes:
- ${PWD}/Caddyfile:/etc/caddy/Caddyfile:ro # Caddyfile for configuration
- ${PWD}/config:/etc/caddy/config # Optional if you want outside config files not polluting caddy parent dir
- ${PWD}/.data:/data # Location of on host cert storage.
- ${PWD}/logs:/logs # Optional if you want to set up domain logging files.
networks:
caddy:
name: caddy-dockerinternal-net
external: true
CLOUDFLARETOKEN=YOUR_CLOUDFLARE_TOKEN_HERE
A more in depth docs breakdown can be found in the official Caddy docker image repository.
https://github.com/caddy-dns/cloudflare#config-examples
*Note: You will need to create a scoped API token for Caddy. DO NOT USE GLOBAL API KEYS. See here.
{
"module": "acme",
"challenges": {
"dns": {
"provider": {
"name": "cloudflare",
"api_token": "{env.CLOUDFLARETOKEN}"
}
}
}
}
Make it a reusable block:
(tls) {
tls {
dns cloudflare {env.CLOUDFLARETOKEN}
}
}
Call said block:
domain.tld {
import tls
reverse_proxy 127.0.0.1:81
}
Pulls Cloudflare endpoint IPs for use in trusted_proxies
global config
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"trusted_proxies": {
"interval": 43200000000000,
"source": "cloudflare",
"timeout": 15000000000
}
}
}
}
}
}
# Global Config
{
servers {
trusted_proxies cloudflare {
interval 12h
timeoute 15s
}
}
}
mysite.com {
respond * "Hello there"
}
http_ntlm
acts the same as http
except HTTP its always version 1.1 and Keep-Alive is disabled.
{
"match": [
{
"host": ["wac.domain.tld"]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"encodings": {
"gzip": {}
},
"handler": "encode"
},
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http_ntlm",
"tls": {
"insecure_skip_verify": true
}
},
"upstreams": {
{
"dial": "192.168.1.5:443"
}
}
}
]
}
]
}
]
}
wac.domain.tld {
import tls
encode gzip
reverse_proxy {
transport http_ntlm {
tls_insecure_skip_verify
}
to 192.168.1.5:443
}
}
- Replace-Response usage: https://github.com/caddyserver/replace-response
- Caddy-Security usage: https://authp.github.io/docs/intro
- Transform Encoder usage: https://github.com/caddyserver/transform-encoder
- Nginx Adapter usage: https://github.com/caddyserver/nginx-adapter
- Ratelimit usage: https://github.com/mholt/caddy-ratelimit