Tech Nest

Appearance

Caddy

Cloudflare is required for local off‑network TLS/SSL.

Docker Compose

The official caddy:latest image does not include the Cloudflare ACME and other rate‑limiting plugins. To add these, use Hotio's image or the Caddy image builder.

Ensure Caddyfile is a file and not a directory.

yaml
services:
  caddy:
    container_name: caddy
    image: caddy:latest
    ports:
      - "80:80"       # HTTP
      - "443:443"     # HTTPS
    restart: always
    volumes:
      - ./files/Caddyfile:/etc/caddy/Caddyfile
      - ./files/data:/data
      - ./files/config:/config

networks:
  default:
    name: proxy
    external: true

Jim's Garage Config

Config used by Jim's Garage: this handles obtaining one wildcard certificate and then nests all other subdomain reverse proxies. Cloudflare’s ability for offline certs requires the Hotio container or a custom build Dockerfile.

You must enable the ACME DNS challenge to have Caddy automatically manage wildcard certificates.

yaml
*.domain.lol {
        tls {
                dns cloudflare {env.CF_API_TOKEN}
                propagation_delay 2m
                resolvers 1.1.1.1
        }

        @webserver host web.domain.lol
        handle @webserver {
                root * /usr/share/caddy
                php_fastcgi localhost:80
                file_server
        }

        @jellyfin host domain.lol
        handle @jellyfin {
                reverse_proxy 100.64.0.1:8096
        }
}

Radge config

yaml
domain.com {
	@accounts path /accounts*
	reverse_proxy @accounts 100.64.0.1:8056 {
		@error status 404 502 503 504
		handle_response @error {
			root * /errors
			rewrite * /{rp.status_code}.html
			file_server
		}
	}

	@default not path /accounts*
	reverse_proxy @default 100.64.0.1:8096 {
		@error status 404 502 503 504
		handle_response @error {
			root * /errors
			rewrite * /{rp.status_code}.html
			file_server
		}
	}
}

Caddy shell aliases

I'm currently running Caddy on Docker, so I'm using the aliases below for easy access.

  1. caddy-mod - add the reverse proxy details.
  2. caddy-fmt - format the Caddyfile.
  3. caddy-rld - reload using new config.
bash
alias caddy-mod='nano ~/appdata/caddy-reverse-proxy/caddy/Caddyfile'
alias caddy-fmt='docker exec -w /etc/caddy caddy-reverse-proxy caddy fmt --overwrite'
alias caddy-rld='docker exec -w /etc/caddy caddy-reverse-proxy caddy reload'

Caddy Docker Proxy

https://github.com/lucaslorentz/caddy-docker-proxy

A nest of technical knowledge.