Skip to content

Repository for managing the build process for the alexandzors/caddy container and binary.

Notifications You must be signed in to change notification settings

alexandzors/caddy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Third Party Note

This is a third party build for https://caddyserver.com/. Please do not use this in a production environment. This is merely available for me and anyone else that needs a quick docker image / binary with the below plugins already installed. You can always use the download page @ https://caddyserver.com/download to generate your own binary.

Both the docker image and binary are built from Caddy sources with only the below-mentioned plugins!

Caddy

Caddy

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.

Docs: https://caddyserver.com/docs/

Website: https://caddyserver.com/

Community: https://caddy.community/

GitHub: https://github.com/caddyserver/caddy

Parent Image: https://hub.docker.com/_/caddy

Build Repo: https://github.com/alexandzors/caddy

Binary Releases: https://github.com/alexandzors/caddy/releases

Tags:

Note: Tags have changed. The 'v' has been stripped from image tags. Please update your run/compose files!

amd64

  • :latest -- most recent Caddy stable version.
  • :#.#.# -- tagged stable version of Caddy (v2.7.6+ only)
  • :dev -- used for testing stuff. DO NOT USE :)

arm64/v8

  • :latest-arm64 -- most recent Caddy stable version for arm64.
  • :#.#.#-arm64 -- tagged stable version of Caddy for arm64 (v2.7.6+ only)

Windows Container version is currently not planned.

Added Modules:

This image is built with the default modules + the following:

*Note: sjtug/caddy2-filter has been replaced with caddyserver/replace-response

*Note: RussellLuo/caddy-ext/ratelimit has been replaced with mholt/caddy-ratelimit

Deploying with Docker Compose

This example includes an external docker network for other containers to attach to. This makes it, so you can deploy this, attach other containers to the network, and then call said containers via their dns name rather then container ip. To create the network: docker network create caddy-dockerinternal-net then in each service you want exposed by caddy, add both networks: blocks to their compose files. Caddy will use both the bridge network using ports 80/443 and talk to other containers over the caddy-dockerinternal-net network.

# For use with <alexandzors/caddy>
# Created by github.com/alexandzors 08-18-2023
version: '3'
services:
  caddy:
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500k"
        max-file: "1"
    networks:
      - caddy
    image: alexandzors/caddy
    env_file: .env
    ports:
      - 80:80
      - 443:443
    volumes:
      - ${PWD}/Caddyfile:/etc/caddy/Caddyfile:ro # Caddyfile for configuration
      - ${PWD}/config:/etc/caddy/config # Optional if you want outside config files not polluting caddy parent dir
      - ${PWD}/.data:/data # Location of on host cert storage.
      - ${PWD}/logs:/logs # Optional if you want to set up domain logging files.

networks:
  caddy:
    name: caddy-dockerinternal-net
    external: true

.env file:

CLOUDFLARETOKEN=YOUR_CLOUDFLARE_TOKEN_HERE

A more in depth docs breakdown can be found in the official Caddy docker image repository.

Using the Cloudflare DNS module

https://github.com/caddy-dns/cloudflare#config-examples

*Note: You will need to create a scoped API token for Caddy. DO NOT USE GLOBAL API KEYS. See here.

Json API

{
	"module": "acme",
	"challenges": {
		"dns": {
			"provider": {
				"name": "cloudflare",
				"api_token": "{env.CLOUDFLARETOKEN}"
			}
		}
	}
}

Caddyfile

Make it a reusable block:

(tls) {
    tls {
        dns cloudflare {env.CLOUDFLARETOKEN}
    }
}

Call said block:

domain.tld {
  import tls
  reverse_proxy 127.0.0.1:81
}

Using weidideng/caddy-cloudflare-ip

Pulls Cloudflare endpoint IPs for use in trusted_proxies global config

JSON API

{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "listen": [
            ":443"
          ],
          "trusted_proxies": {
            "interval": 43200000000000,
            "source": "cloudflare",
            "timeout": 15000000000
          }
        }
      }
    }
  }
}

Caddyfile

# Global Config
{
  servers {
    trusted_proxies cloudflare {
      interval 12h
      timeoute 15s
    }
  }
}

mysite.com {
  respond * "Hello there"
}

Using NTLM-Transport

http_ntlm acts the same as http except HTTP its always version 1.1 and Keep-Alive is disabled.

JSON API

{
  "match": [
    {
      "host": ["wac.domain.tld"]
    }
  ],
  "handle": [
    {
      "handler": "subroute",
      "routes": [
        {
          "handle": [
            {
              "encodings": {
                "gzip": {}
              },
              "handler": "encode"
            },
            {
              "handler": "reverse_proxy",
              "transport": {
                "protocol": "http_ntlm",
                "tls": {
                  "insecure_skip_verify": true
                }
              },
              "upstreams": {
                {
                  "dial": "192.168.1.5:443"
                }
              }
            }
          ]
        }
      ]
    }
  ]
}

Caddyfile

wac.domain.tld {
  import tls
  encode gzip
  reverse_proxy {
    transport http_ntlm {
      tls_insecure_skip_verify
    }
    to 192.168.1.5:443
  }
}

Other Modules

About

Repository for managing the build process for the alexandzors/caddy container and binary.

Resources

Stars

Watchers

Forks

Packages

No packages published