Skip to content



This guide has been rewritten on 2023-02-03 following some excellent advice from /u/maxghost


A time comes in a homelabber’s journey where it isn’t enough to simply publish ports, or map ports from docker. There are many limitations to simply having a bunch of web services on different ports:

  • Browsers expect HTTP to be served on port 80 and HTTPS on port 443. That limits you to a single “correctly” mapped service per IP.
  • Speaking of HTTPS, most services get published on unencrypted HTTP, or HTTPS with self-signed certs. Browsers dislike http and really dislike https on untrusted certs.
  • No descriptive names. What service are you running on what port?

These are all problems that a reverse proxy can solve.


This guide will:

  • Install the caddy web server into a docker container
  • set caddy to proxy a docker service
  • show the following capabilities with caddy:
  • Snippets
  • Hot Reloading
  • IP Whitelisting
  • Proxying self signed TLS services
  • Serving with Self Signed TLS
  • Using ACME based providers for signed SSL certificates


Like most of my guides, this guide will be docker oriented. You will need:

  • A docker server (this guide will be running a minimal fedora installation with docker)
  • If following the let’s encrypt components, a valid registered domain with a registrar like cloudflare.

Moving on

Let’s get started with basic usage of caddy