Packaged as a docker image: ghcr.io/syp1975/caddy.
I use it to proxy containerized apps to my Duck DNS subdomain trough a secure connection with a wildcard certificate issued by Let's Encrypt.
Image is automatically rebuilt when the base image caddy:2-builder or plugins are updated.
| Component | Description |
|---|---|
| caddy | Open source web server |
| caddy-docker-proxy | Caddy as a reverse proxy for Docker |
| duckdns | Duck DNS module for Caddy |
| caddy-auth-portal | Authentication Plugin for Caddy v2 |
| caddy-authorize | Authorization Plugin for Caddy v2 (JWT/PASETO) |
| caddy-exec | Caddy v2 module for running one-off commands |
docker network create caddy
docker run --name caddy -d --restart=unless-stopped \
--network=caddy -p 443:443 -p 80:80 \
-v /var/run/docker.sock:/var/run/docker.sock \
-l caddy.acme_dns='duckdns your_duckdns_token' \
-l caddy.email=your_email \
-e CADDY_INGRESS_NETWORKS=caddy \
ghcr.io/syp1975/caddydocker run --name app_name -d \
--network=caddy \
-l caddy='*.your_sub_domain.duckdns.org' \
-l caddy.@app_name.host='app_name.your_sub_domain.duckdns.org' |
-l caddy.reverse_proxy='@app_name {{upstreams app_port}}' \
app_image* There is no need to publish app_port, caddy proxy server already has access to the app port trough the caddy network
And your application will be proxied at https://app_name.your_sub_domain.duckdns.org
- Configure authentication