Caddy Reverse Proxy

beginner

Caddy web server with automatic HTTPS and reverse proxy configuration.

Overview

Caddy is a modern web server developed in Go that revolutionizes SSL/TLS certificate management through automatic HTTPS provisioning with Let's Encrypt. Unlike traditional web servers that require complex configuration files, Caddy uses a simple Caddyfile syntax that can automatically obtain, renew, and manage SSL certificates without manual intervention, making it particularly attractive for developers who want secure websites without the operational overhead. This Caddy reverse proxy configuration creates a powerful gateway that can route incoming requests to backend applications while handling all SSL/TLS termination automatically. Caddy sits at the edge of your infrastructure, receiving HTTPS traffic on ports 80 and 443 (including HTTP/3 via UDP), and forwards requests to upstream services based on domain names or path patterns defined in the Caddyfile. The setup includes persistent volumes for certificate storage and configuration data, ensuring certificates survive container restarts. This stack is ideal for developers running multiple web applications who want a simple yet robust reverse proxy solution without the complexity of Nginx or Apache configurations. Small businesses, homelab enthusiasts, and development teams benefit from Caddy's zero-configuration HTTPS, while still getting enterprise features like HTTP/3 support, on-demand TLS for dynamic domains, and zero-downtime configuration reloads through Caddy's admin API.

Key Features

Automatic HTTPS certificate provisioning and renewal via Let's Encrypt integration
HTTP/3 support with QUIC protocol for improved performance over unreliable networks
Zero-downtime configuration reloads without dropping existing connections
Simple Caddyfile syntax for reverse proxy rules and domain routing
On-demand TLS certificate generation for dynamic subdomain scenarios
Built-in health checks and automatic failover between upstream servers
Comprehensive access logging with customizable formats and destinations
Native support for WebSocket proxying and HTTP/2 server push

Common Use Cases

1Personal homelab running multiple web services on different ports requiring HTTPS
2Small business hosting WordPress, API, and static sites under different subdomains
3Development team needing staging environments with automatic SSL for feature branches
4Static site hosting with automatic HTTPS for Jekyll, Hugo, or React applications
5Microservices architecture requiring SSL termination and service routing
6Content delivery setup with caching and compression for improved performance
7Local development proxy for testing HTTPS-required features and integrations

Prerequisites

Minimum 256MB RAM available for Caddy container and certificate management
Ports 80, 443 (TCP), and 443 (UDP) available and not used by other services
Valid domain names pointing to your server's IP address for Let's Encrypt validation
Caddyfile configuration file created in the same directory as docker-compose.yml
Backend services running and accessible from Caddy container network
Basic understanding of reverse proxy concepts and domain name configuration

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

1services: 
2  caddy: 
3    image: caddy:2-alpine
4    container_name: caddy
5    ports: 
6      - "80:80"
7      - "443:443"
8      - "443:443/udp"
9    volumes: 
10      - ./Caddyfile:/etc/caddy/Caddyfile:ro
11      - caddy_data:/data
12      - caddy_config:/config
13    restart: unless-stopped
14    networks: 
15      - caddy-network
16
17volumes: 
18  caddy_data: 
19  caddy_config: 
20
21networks: 
22  caddy-network: 
23    driver: bridge

.env Template

.env

1# Caddy
2# Configuration via Caddyfile

Usage Notes

1Create Caddyfile for configuration
2Automatic HTTPS with Let's Encrypt
3Simple reverse proxy syntax
4HTTP/3 support
5Example: example.com { reverse_proxy app:8080 }

Quick Start

terminal

1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  caddy:
5    image: caddy:2-alpine
6    container_name: caddy
7    ports:
8      - "80:80"
9      - "443:443"
10      - "443:443/udp"
11    volumes:
12      - ./Caddyfile:/etc/caddy/Caddyfile:ro
13      - caddy_data:/data
14      - caddy_config:/config
15    restart: unless-stopped
16    networks:
17      - caddy-network
18
19volumes:
20  caddy_data:
21  caddy_config:
22
23networks:
24  caddy-network:
25    driver: bridge
26EOF
27
28# 2. Create the .env file
29cat > .env << 'EOF'
30# Caddy
31# Configuration via Caddyfile
32EOF
33
34# 3. Start the services
35docker compose up -d
36
37# 4. View logs
38docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal

1curl -fsSL https://docker.recipes/api/recipes/caddy-reverse-proxy/run | bash

Troubleshooting

Certificate provisioning fails with 'acme: error 403': Ensure domain DNS points to server IP and ports 80/443 are accessible from internet
Backend service connection refused: Verify upstream services are running and accessible on caddy-network, check container name resolution
Configuration reload fails: Validate Caddyfile syntax using 'caddy validate --config /etc/caddy/Caddyfile' before mounting
HTTP/3 not working: Confirm UDP port 443 is open in firewall and client supports HTTP/3 protocol
Certificate renewal failures: Check disk space in caddy_data volume and verify Let's Encrypt rate limits not exceeded
WebSocket connections dropping: Add 'header_up Connection {http.request.header.Connection}' directive to proxy block

Community Notes

Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

caddy

Related Recipes

Ad Space

Shortcuts: C CopyF FavoriteD Download