I currently use docker-compose to manage a number of containers, and I’ve been using traefik as a reverse proxy and to interface with letsencrypt for management of SSH keys.

However, I’ve also been reading a bit about caddy, which seems like an easier alternative to traefik, in the sense of its handling wildcard certificates. All my containers have a public facing url, like this:

blog.mysite.org

mealie.mysite.org

nextcloud.mysite.org

photos.mysite.org

which I would have thought would be tailor-made for caddy. However, in my rough searches I haven’t found out quite how to set up caddy to do this. I’ve also read (can’t remember where) that this use of caddy is ok for homelab, but shouldn’t be used for public facing sites.

So I just need a bit of advice - should I indeed switch to caddy, and if so, how? (All I need is a few pointers to good examples.)

Or should I stay with traefik, in which case, what is the easiest setup?

(I got some help with traefik a few years ago, but I’m having a lot of trouble now extending my current config files to manage a new container.)

I’m also very far from being a sysadmin expert, I usually flail around until something works.

Thanks!!

  • giopas@alien.topBEnglish
    1·
    10 months ago

    Here is an example of a working Caddyfile to start from.

    In the first example (jelly.user.com), every query to http://jelly.user.com is automatically translated in https and handled over to http://192.168.1.10:7548.

    In the second instance, you do not use https (TLS) and every query to http://well.user.com is directly passed along to the service running under http://192.168.1.13:5960.

    Note that certificates are automatically handled and renewed by Caddy, giving your email address.

    I also added a log for each subdomain for convenience.

    I hope this is helpful.

    ~:/etc/caddy $ cat Caddyfile { log { output file /home/userCaddy-logs/caddy2.log } email user@user.com }

    jelly.user.com { log { output file /home/user/Caddy-logs/jelly.log } encode gzip header Strict-Transport-Security max-age1536000; reverse_proxy http://192.168.1.10:7548 }

    http://well.user.com { log { output file /home/user/Caddy-logs/well.log } encode gzip header Strict-Transport-Security max-age1536000; reverse_proxy http://192.168.1.13:5960 }

    • amca01@alien.topOPBEnglish
      1·
      10 months ago

      I meant to say thank you at least a day ago - so thank you very much! You’ve kindly provided a lot of detail, which I hope I can use for my own site. We’ll see how we go… Thanks again.