You’ve got your server running, you’ve got your docker locked and loaded. Time to run a first docker compose.
Caddy is a webserver and a reverse proxy. Other option include nginx or HAproxy, which I both have used in other instances, but I like Caddy because it’s mostly OK out-of-the-box. Also SSL. So Caddy it is.
More specifically caddy-docker-proxy, which, with the help of some black magic and labels, allows the whole reverse proxy part to be defined in the containers behind said proxy.
First create the network on which the containers to expose to the internet will connect. Here I’m calling it caddy, but feel free to call it RobotUnicornAttack if your heart so desire.
docker network create caddy
Not much going on here, two variables, one the name of the network and the other the email address that will be sent to let’s encrypt when requesting a ssl certificate.
CADDY_NETWORK='internal caddy network - eg: caddy'
CADDY_EMAIL='email address to provide to lets encrypt'
Copy paste in a docker-compose.yml file.
Note : If your server has multiple IP addresses, you can set Caddy to serve on only one of them by prefixing the port with the desired IP address. Example : 192.168.0.15:80:80 instead of 80:80.
services:
caddy:
image: lucaslorentz/caddy-docker-proxy:ci-alpine
ports:
- 80:80
- 443:443
environment:
- CADDY_INGRESS_NETWORKS=$CADDY_NETWORK
networks:
caddy: {}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- caddy_data:/data
restart: unless-stopped
labels:
caddy.email: $CADDY_EMAIL
networks:
caddy:
external: true
name: $CADDY_NETWORK
volumes:
caddy_data: {}