/caddy-docker-upstreams

Docker dynamic upstreams for Caddy.

Primary LanguageGoMIT LicenseMIT

Docker Dynamic Upstreams for Caddy.

This package implements a docker dynamic upstreams module for Caddy.

Requires Caddy 2+.

Installation

Download from official website or build yourself using xcaddy.

Here is a Dockerfile example.

FROM caddy:<version>-builder AS builder

RUN xcaddy build \
    --with github.com/invzhi/caddy-docker-upstreams

FROM caddy:<version>

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

Caddyfile Syntax

List all your domain or use On-Demand TLS.

app1.example.com,
app2.example.com,
app3.example.com {
    reverse_proxy {
        dynamic docker
    }
}

Docker Labels

This module requires the Docker Labels to provide the necessary information.

Label Description
com.caddyserver.http.enable required, should be true
com.caddyserver.http.network optional, specify the docker network which caddy connecting through (if it is empty, the first network of container will be specified)
com.caddyserver.http.upstream.port required, specify the port

As well as the labels corresponding to the matcher.

Label Matcher
com.caddyserver.http.matchers.protocol protocol
com.caddyserver.http.matchers.host host
com.caddyserver.http.matchers.method method
com.caddyserver.http.matchers.path path
com.caddyserver.http.matchers.query query
com.caddyserver.http.matchers.expression expression

Here is a docker-compose.yml example with vaultwarden.

vaultwarden:
  image: vaultwarden/server:${VAULTWARDEN_VERSION:-latest}
  restart: unless-stopped
  volumes:
    - ${VAULTWARDEN_ROOT}:/data
  labels:
    com.caddyserver.http.enable: true
    com.caddyserver.http.upstream.port: 80
    com.caddyserver.http.matchers.host: vaultwarden.example.com
  environment:
    DOMAIN: https://vaultwarden.example.com

Docker Client

Environment variables could configure the docker client:

  • DOCKER_HOST to set the URL to the docker server.
  • DOCKER_API_VERSION to set the version of the API to use, leave empty for latest.
  • DOCKER_CERT_PATH to specify the directory from which to load the TLS certificates ("ca.pem", "cert.pem", "key.pem').
  • DOCKER_TLS_VERIFY to enable or disable TLS verification (off by default).