This repository is docker container of caddy including :
- Ovh dns provider module
- Azure dns provider module
- Cloudflare dns provider module
- php-fpm or reverse proxy preconfiguration
This is the fastest way to provide https protocol in your application ! 🚀✨
This docker image is configuratble by env vars
Availaible vars :
-
Global vars :
-
DOMAIN
:Default value is
localhost
This is your domain name such as
foo.bar.domain
-
DOMAIN_PORT
:Default value is
443
Listening port for your domain configuration
-
CADDY_MODE
:Default value is
reverse-proxy
This is the default snippet used for configuration
Possible value :
reverse-proxy
,php-fpm
,html
orfalse
(to disable) -
CADDY_DOMAIN_EXTRA_CONFIG
:Default value is
nul
Give caddy custom extra config for domain scope
Example :
header x-domain-from "{env.DOMAIN}"
Note: Use the syntaxe {env.XXX} instead of {$XXX} to use environnement variable for this block
You can use snippet that is defined in CaddyFile (view Snippet section)
-
CADDY_GLOBAL_EXTRA_CONFIG
:Default value is
null
Give caddy custom extra global configuration such as
localhost:80 { respond "Hello, world!" }
Note: Use the syntaxe {env.XXX} instead of {$XXX} to use environnement variable for this block
Tips: to provide multiline value for a env var in a docker-compose.yml use "
|
" likeCADDY_DOMAIN_EXTRA_CONFIG: | localhost:80 { respond "Hello, world!" }
Dot not use the
>
because he not add \n at the end of each line it cause some issues in many caseYou can use snippet that is defined in CaddyFile (view Snippet section)
-
TLS_PROVIDER
:Default value is
tls-ovh
The is your tls provider
Possible value :
tls-ovh
,tls-azure
,tls-cloudflare
orfalse
(to disable) -
WHITELIST_IPS
:Default value is
0.0.0.0/0
(all ip and ip scope is allowed)Provide a list of ip or ip range to whitelist
Give 403 return response for all request that is not in scope
You can provide ip like
127.0.0.1
or scope like127.0.0.0/24
You need to sperate each by space such as example
127.0.0.1 10.0.0.0/24
-
-
Caddy reverse-proxy specific :
-
BACKEND_ENDPOINT
:Default value is
nginx:80
This is your endpoint to which requests are forwarded such as
http://foo.bar:8000
orwordpress:80
-
-
Caddy reverse-proxy specific :
-
WEBROOT
:Default value is
/var/www/html
Set the default web root for the web server
-
-
Caddy php-fpm specific :
-
WEBROOT
:Default value is
/var/www/html
Set the default web root for the web server
-
PHP_FASTCGI
:Default value is
php:9000
This is your php fastcgi backend adress such as
unix//run/php/php8.2-fpm.sock
if running socket ormy-phpfpm-container:9000
-
-
TLS provider specific :
- OVH :
OVH_ENDPOINT
: defaultovh-eu
OVH_APPLICATION_KEY
OVH_APPLICATION_SECRET
OVH_CONSUMER_KEY
- Azure :
AZURE_TENANT_ID
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET
AZURE_SUBSCRIPTION_ID
AZURE_RESOURCE_GROUP_NAME
- Cloudflare :
CLOUDFLARE_API_TOKEN
- OVH :
This is an example to provide TLS for qbittorrent web application using reverse-proxy configuration with ip range or specific ip white list
version: "3.8"
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
TZ: Europe/Paris
WEBUI_PORT: 8080
networks:
- proxy
caddy:
image: ghcr.io/times-z/caddy-preconfigured/caddy:latest
container_name: caddy
ports:
- 80:80
- 443:443
environment:
DOMAIN: "qbittorrent.timesz.fr"
OVH_APPLICATION_KEY: "my ovh application key"
OVH_APPLICATION_SECRET: "my ovh application secret"
OVH_CONSUMER_KEY: "my ovh consumer key"
BACKEND_ENDPOINT: "qbittorrent:8080"
WHITELIST_IPS: 192.168.1.0/24 172.18.0.0/24 10.0.1.21
volumes:
- caddy_data:/data
networks:
- proxy
networks:
proxy:
name: proxy
volumes:
caddy_data:
This is an other example to provide a http server with https for my php-fpm container
version: "3.8"
services:
application:
image: php:8.1.16-fpm
container_name: php-fpm
environment:
TZ: Europe/Paris
volumes:
- application_root:/var/www/html:rw
networks:
- caddy
caddy:
image: ghcr.io/times-z/caddy-preconfigured/caddy:latest
container_name: caddy
ports:
- 80:80
- 443:443
environment:
DOMAIN: "application.timesz.fr"
CADDY_MODE: "php-fpm"
OVH_APPLICATION_KEY: "my ovh application key"
OVH_APPLICATION_SECRET: "my ovh application secret"
OVH_CONSUMER_KEY: "my ovh consumer key"
PHP_FASTCGI: "application:9000"
volumes:
- caddy_data:/data:rw
- application_root:/var/www/html:ro
networks:
- caddy
networks:
caddy:
name: caddy
volumes:
caddy_data:
application_root:
tls-ovh
: use caddy-dns/ovh plugin to provide TLStls-cloudflare
: use caddy-dns/cloudflare plugin to provide TLStls-azure
: use caddy-dns/azure plugin to provide TLSreverse-proxy
: use reverse_proxy directive to provide a simple reverse proxy to a backend wich defined withBACKEND_ENDPOINT
environnement variable (see configuration)php-fpm
: provide a default configuration for php (see configuration)html
: simple html/css/js serverwhitelist-ip
: use directive not remote_ip to block all request that is not whitelisted client. First param is trusted IPs