This guide has been rewritten on 2023-02-03 following some excellent advice from /u/maxghost
A time comes in a homelabber’s journey where it isn’t enough to simply publish ports, or map ports from docker. There are many limitations to simply having a bunch of web services on different ports:
- Browsers expect HTTP to be served on port 80 and HTTPS on port 443. That limits you to a single “correctly” mapped service per IP.
- Speaking of HTTPS, most services get published on unencrypted HTTP, or HTTPS with self-signed certs. Browsers dislike http and really dislike https on untrusted certs.
- No descriptive names. What service are you running on what port?
These are all problems that a reverse proxy can solve.
This guide will:
- Install the caddy web server into a docker container
- set caddy to proxy a docker service
- show the following capabilities with caddy:
- Hot Reloading
- IP Whitelisting
- Proxying self signed TLS services
- Serving with Self Signed TLS
- Using ACME based providers for signed SSL certificates
Like most of my guides, this guide will be docker oriented. You will need:
- A docker server (this guide will be running a minimal fedora installation with docker)
- If following the let’s encrypt components, a valid registered domain with a registrar like cloudflare.
Let’s get started with basic usage of caddy