A perfect mix of Caddy
, docker-gen
, and forego
. Inspired by nginx-proxy
.
Using Caddy
as your primary web server is super simple.
But when you need to scale your application Caddy is limited to its static configuration.
To overcome this issue we are using docker-gen
to generate configuration everytime a container spawns or dies.
Now scaling is easy!
This image is created to be used in a single container.
version: "3"
services:
caddy-gen:
container_name: caddy-gen
image: "wemakeservices/caddy-gen:latest"
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro # needs socket to read events
- ./certs/acme:/etc/caddy/acme # to save acme
- ./certs/ocsp:/etc/caddy/ocsp # to save certificates
ports:
- "80:80"
- "443:443"
depends_on:
- whoami
whoami: # this is your service
image: "katacoda/docker-http-server:v2"
labels:
- "virtual.host=myapp.com example.com" # your domains separated with a space
- "virtual.alias=www.myapp.com" # alias for your domain (optional)
- "virtual.port=80" # exposed port of this container
- "virtual.tls-email=admin@myapp.com" # ssl is now on
- "virtual.websockets" # enable websocket passthrough
- "virtual.auth.username=admin" # Optionally add http basic authentication
- "virtual.auth.password=1234" # By specifying both username and password
Or see docker-compose.yml
example file.
caddy-gen
is configured with labels
.
The main idea is simple.
Every labeled service exposes a virtual.host
to be handled.
Then, every container represents a single upstream
to serve requests.
There are several options to configure:
virtual.host
is basically a domain name, seeCaddy
docsvirtual.alias
(optional) domain alias, useful forwww
prefix with redirect. For examplewww.myapp.com
. Alias will always redirect to the host above.virtual.port
exposed port of the containervirtual.tls-email
could be empty, unset or set to valid emailvirtual.tls
(alias ofvirtual.tls-email
) could be empty, unset or set to a valid set of tls directive value(s)virtual.websocket
when set, enables websocket connection passthroughvirtual.auth.username
when set, along withvirtual.auth.password
, http basic authentication is enabledvirtual.auth.password
needs to be specified, along withvirtual.auth.usernmae
, to enable http basic authentication
Note, that options should not differ for containers of a single service.
Certificates are stored in /etc/caddy/acme/
and /etc/caddy/ocsp
folders.
Make them volume
s to save them on your host machine.
This image supports three build-time arguments:
CADDY_VERSION
to change the current version ofCaddy
FOREGO_VERSION
to change the current version offorego
DOCKER_GEN_VERSION
to change the current version ofdocker-gen
- Raw
Caddy
image - Django project template with
Caddy
- Tool to limit your
docker
image size
Full changelog is available here.
MIT. See LICENSE for more details.