An out-of-the-box template for running Caddy with Docker.
- caddy-dns/cloudflare
caddy-dns/dnspod- caddy-dns/alidns
- caddy-dns/tencentcloud
Note: Starting from Caddy 2.10, libdns has graduated to a stable 1.0 version which includes many breaking API changes. The libdns/dnspod has not yet adapted to this update, causing the latest builds to no longer include the
caddy-dns/dnspodmodule until libdns/dnspod resolves this issue. In the meantime, you can usecaddy-dns/tencentcloudas an alternative.
There is also a plus version of the image, which includes the following additional modules:
- caddyserver/replace-response
- mholt/caddy-dynamicdns
If you need these modules, you can use the image with the tag plus, for example xm798/caddy:plus.
git clone https://github.com/Xm798/docker-caddy.git- Users in mainland China can use
registry.cn-shanghai.aliyuncs.com/xm798/caddy:latestinstead ofxm798/caddy:latestto avoid image pull failures due to network issues. - Use
user: 1000:1000to configure the user and group ID (1000:1000 should be set to the desired user and group ID) to avoid security risks associated with running as the root user. - Modify
portsif not using the standard ports. - If you do not want to use a bridge network, you can directly use
network_mode: host.
Add the corresponding configuration at the top of the global configuration section in Caddyfiles/Caddyfile, for example:
Cloudflare:
email user@example.com
acme_dns cloudflare "YOUR_CLOUDFLARE_TOKEN"Ali DNS:
email user@example.com
acme_dns alidns {
access_key_id "YOUR_KEY"
access_key_secret "YOUR_ID"
}Create new files ending with .Caddyfile in the Caddyfiles folder, such as proxy.Caddyfile (you can also directly add configurations to Caddyfile, but separate files are easier to manage), and add site configurations as needed.
The following configuration snippet can start a reverse proxy, 172.17.0.1:8080 is the target address. If the container has joined the caddy_default network, then you can directly use container:port to specify.
hello.example.com {
reverse_proxy 172.17.0.1:8080
}The following configuration snippet can start a proxy with a backend over HTTPS.
https.example.com {
reverse_proxy https://test.example.com
}The following configuration snippet can start a proxy with a backend over HTTPS and ignore certificate validation, which is effective for some untrusted self-signed certificates.
https.example.com {
reverse_proxy {
to https://10.0.0.10:443
transport http {
tls
tls_insecure_skip_verify
}
}
}The following configuration snippet can configure a site that requires PHP.
php83-fpm:9000 is the address of the php-fpm docker, /srv/php-api is the site root directory, modify as necessary.
php-api.example.com {
root * /srv/php-api
php_fastcgi php83-fpm:9000
file_server
}To set logs, you can add the following snippet:
import log app_nameThis will automatically store logs in ./log/app_name/access.log and apply roll rules.
Use import rp_ipwl 10.0.0.8:1234 to reverse proxy a site that only allows access from certain IPs, as discussed in: 一行代码快速配置 Caddy 站点日志——复用 Caddy 配置段 - Cyrus's Blog. The whitelist IP ranges are configured in Caddyfile under rp_ipwl. This can be very convenient for reverse proxying services that are only allowed within a local network.
docker network create -d bridge caddy_defaultmkdir data config log srvIf a user is specified in the compose file, you need to adjust the permissions accordingly:
sudo chown -R 1000:1000 .After completing the configuration, start the container:
docker compose up -dAfter modifying the Caddyfile, use the following command to reload the configuration safely and quickly:
docker exec -w /etc/caddy caddy sh -c "caddy fmt --overwrite && caddy reload"