Xcaddy

Xcaddy

Running multiple applications on one webserver is requiring a web proxy. Here comes Xcaddy into play. Caddy is a powerful, user-friendly web server known for automatic HTTPS and ease of use. It supports features like reverse proxying and static file serving. Combined with xcaddy, you can easily customize Caddy by building custom versions with additional plugins or modules, all through a simplified command-line tool without needing to manually edit code or handle dependencies. This makes both Caddy and xcaddy highly flexible and convenient for developers.

First we build all our required folders and the Caddyfile:

mkdir /opt/caddy/
mkdir /opt/caddy/certs
mkdir /opt/caddy/config
mkdir /opt/caddy/data
mkdir /opt/caddy/sites
touch /opt/caddy/Caddyfile

Now lets create our Dockerfile

FROM caddy:2.8.4-builder AS builder

RUN xcaddy build --with github.com/caddyserver/transform-encoder

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

and build the image:

docker build --rm --no-cache -f Dockerfile -t xcaddy .

In this example i'm providing xcaddy with the transform-encoder addon. This is likely to secure you're webserver later with fail2ban against DOS attacks which just read unstructured logs. ( Caddy by itself just logging in json format ) .

Now you can build your Caddyfile

vim /opt/caddy/Caddyfile
https://youre.domain:443 {
	
	
        tls /certs/ssl_certificate.cer key.key #optional just with own certification
	header Strict-Transport-Security max-age=31536000;
    	reverse_proxy localhost:8080
}

You don't need the tls section as caddy by itself has an auto-certification with letsencrypt. But this sometimes struggling so I'm preferring using my own certificates. Set you're domain and point to the port where ever you're docker application is running on.

version: "3.8"

services:
  caddy:
    image: xcaddy:latest
    container_name: xcaddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "2019:2019"
    network_mode: host
    volumes:
      - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /opt/caddy/certs:/certs
      - /opt/caddy/config:/config
      - /opt/caddy/data:/data
      - /opt/caddy/sites:/srv

and than compose it with:

docker-compose up -d

We're done if anything goes wrong just use:

docker logs xcaddy

to see what happened.

If you want to set up you're first application here is my guide to setup nextcloud behind a reverse proxy.