Caddy
Caddy is a free, open source, proxy server. It is designed to be easy to install and use, and is designed to be easy to deploy.
Preparation
Docker network
First, a Docker network should be created. This means that it is then no longer necessary to publish ports for each individual service. Ports 80 and 443 for the proxy manager are then sufficient, as well as others in certain cases if necessary.
caution
On some devices (especially on pre-build NAS devices) it is not possible to release port 80 and 443 because these ports are already used by another service. At this point you can first create a Macvlan network on which ports 80 and 443 can be released.
sudo docker network create proxy-network
Create directory
mkdir caddy
cd caddy
mkdir data
mkdir config
touch Caddyfile docker-compose.yml
Caddyfile
{
acme_ca https://acme.zerossl.com/v2/DV90
email mail@hello.com
}
homepage.domain.de {
reverse_proxy homepage:80
}
info
In meinem Beispiel wird ZeroSSL genutzt.
Example service
I will use a web server as an example service.
mkdir homepage
cd homepage
mkdir html
touch html/index.html
touch docker-compose.yml
<!DOCTYPE html>
<html>
<head>
<title>Homepage</title>
</head>
<body>
<h1>Homepage</h1>
<p>Dies ist die Homepage.</p>
</body>
</html>
version: "3.7"
networks:
proxy-network:
external:
name: proxy-network
### SERVICE ###
services:
homepage:
container_name: homepage
image: nginx:latest
restart: unless-stopped
networks:
- proxy-network
security_opt:
- no-new-privileges:true
volumes:
- /html:/usr/share/nginx/html:ro
sudo docker compose up -d
Installation
The web server is already running, but without Caddy it is not accessible. First you have to change back to the caddy directory.
cd [...]/caddy
version: "3.7"
networks:
proxy-network:
external:
name: proxy-network
services:
caddy:
image: caddy
container_name: caddy
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./data:/data
- ./config:/config
- ./Caddyfile:/etc/caddy/Caddyfile:ro
networks:
- proxy-network
sudo docker compose up -d
info
For Docker Compose version 1, the command is sudo docker-compose up -d
.
info
If you are on a network behind a router, you must forward ports 80 and 443 to the server.
The previously created homepage should now be accessible under homepage.domain.de.
Access restriction
An access restriction to certain IP addresses can be done in the caddyfile.
{
acme_ca https://acme.zerossl.com/v2/DV90
email mail@hello.com
}
(LAN_only) {
@not_local {
not remote_ip 192.168.0.0/16
}
respond @not_local 403
}
homepage.domain.de {
reverse_proxy homepage:80
import LAN_only
}
So only devices from the IP range 192.168.0.0 - 192.168.255.255 are allowed to access the homepage.
Update
Thanks to Docker and Docker Compose, updating Caddy is easy.
sudo docker compose pull
sudo docker compose down
sudo docker compose up -d