Automated Caddy reverse proxy for docker containers
Caddy,
docker-gen, and
forego. Inspired by
nginx-proxy.
Using
Caddyas your primary web server is super simple. But when you need to scale your application Caddy is limited to its static configuration.
To overcome this issue we are using
docker-gento generate configuration everytime a container spawns or dies. Now scaling is easy!
BREAKING CHANGES since version 0.3.0!
Options to configure:
virtual.hostdomain name, don't pass
http://or
https://, you can separate them with space,
virtual.aliasdomain alias, e.q.
wwwprefix,
virtual.portport exposed by container, e.g.
3000for React apps in development,
virtual.tls-emailthe email address to use for the ACME account managing the site's certificates,
virtual.auth.usernameand
virtual.auth.passwordtogether provide HTTP basic authentication.
Password should be a string
base64encoded from
bcrypthash. You can use https://bcrypt-generator.com/ with default config and https://www.base64encode.org/.
To backup certificates make a volume:
services: caddy: volumes: - ./caddy-info:/data/caddy
This image is created to be used in a single container.
version: "3" services: caddy-gen: container_name: caddy-gen image: "wemakeservices/caddy-gen:latest" restart: always volumes: - /var/run/docker.sock:/tmp/docker.sock:ro # needs socket to read events - ./caddy-info:/data/caddy # needs volume to back up certificates ports: - "80:80" - "443:443" depends_on: - whoamiwhoami: # this is your service image: "katacoda/docker-http-server:v2" labels: - "virtual.host=myapp.com" # your domain - "virtual.alias=www.myapp.com" # alias for your domain (optional) - "virtual.port=80" # exposed port of this container - "[email protected]" # ssl is now on - "virtual.auth.username=admin" # Optionally add http basic authentication - "virtual.auth.password=JDJ5JDEyJEJCdzJYM0pZaWtMUTR4UVBjTnRoUmVJeXQuOC84QTdMNi9ONnNlbDVRcHltbjV3ME1pd2pLCg==" # By specifying both username and password hash
docker-compose.ymlexample file.
caddy-genis configured with
labels.
The main idea is simple. Every labeled service exposes a
virtual.hostto be handled. Then, every container represents a single
upstreamto serve requests.
There are several options to configure:
virtual.hostis basically a domain name, see
Caddydocs
virtual.alias(optional) domain alias, useful for
wwwprefix with redirect. For example
www.myapp.com. Alias will always redirect to the host above.
virtual.portexposed port of the container
virtual.tls-emailcould be empty, unset or set to valid email
virtual.tls(alias of
virtual.tls-email) could be empty, unset or set to a valid set of tls directive value(s)
virtual.auth.usernamewhen set, along with
virtual.auth.password, http basic authentication is enabled
virtual.auth.passwordneeds to be specified, along with
virtual.auth.usernmae, to enable http basic authentication
Note, that options should not differ for containers of a single service.
To backup certificates make a volume:
services: caddy: volumes: - ./caddy-info:/data/caddy
This image supports two build-time arguments:
FOREGO_VERSIONto change the current version of
forego
DOCKER_GEN_VERSIONto change the current version of
docker-gen
Caddyimage
Caddy
dockerimage size
Full changelog is available here.
MIT. See LICENSE for more details.