v2.0.0-beta.15,v2.0.0-beta.15-alpine,alpine,latestv2.0.0-beta.15-slim,scratchv2.0.0-beta.15-builder,builder
-
Where to get help:
the Caddy Community forum -
Where to file issues:
https://github.com/caddyserver/caddy-docker for issues with this image, or https://github.com/caddyserver/caddy for issues with Caddy itself.
Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.
Caddy requires write access to two locations: a data directory, and a configuration directory. While it's not necessary to persist the files stored in the configuration directory, it can be convenient. However, it's very important to persist the data directory.
From the docs:
The data directory must not be treated like a cache. Its contents are not ephemeral or merely for the sake of performance. Caddy stores TLS certificates, private keys, OCSP staples, and other necessary information to the data directory. It should not be purged without an understanding of the implications.
This image provides for two mount-points for volumes: /data and /config.
In the examples below, a named volume caddy_data is mounted to /data, so that data will be persisted.
Note that named volumes are persisted across container restarts and terminations, so if you move to a new image version, the same data and config directories can be re-used.
The default config file simply serves files from /usr/share/caddy, so if you want to serve index.html from the current working directory:
$ echo "hello world" > index.html
$ docker run -d -p 80:80 \
-v $(pwd)/index.html:/usr/share/caddy/index.html \
-v caddy_data:/data \
caddy/caddy
...
$ curl http://localhost/
hello worldTo override the default Caddyfile, you can mount a new one at /etc/caddy/Caddyfile:
$ docker run -d -p 80:80 \
-v $(pwd)/Caddyfile:/etc/caddy/Caddyfile \
-v caddy_data:/data \
caddy/caddyThe default Caddyfile only listens to port 80, and does not set up automatic TLS. However, if you have a domain name for your site, and its A/AAAA DNS records are properly pointed to this machine's public IP, then you can use this command to simply serve a site over HTTPS:
$ docker run -d -p 80:80 -p 443:443 \
-v /site:/usr/share/caddy \
-v caddy_data:/data \
-v caddy_config:/config \
caddy/caddy caddy file-server --domain example.comThe key here is that Caddy is able to listen to ports 80 and 443, both required for the ACME HTTP challenge.
See Caddy's docs for more information on automatic HTTPS support!
Most users deploying production sites will not want to rely on mounting files into a container, but will instead base their own images on caddy/caddy:
# note: never use the :latest tag in a production site
FROM caddy/caddy:v2.0.0
COPY Caddyfile /etc/caddy/Caddyfile
COPY site /siteCaddy is extendable through the use of "modules". See https://caddyserver.com/docs/extending-caddy for full details.
You can use the :builder image as a short-cut to building a new Caddy binary:
FROM caddy/caddy:v2.0.0-builder AS builder
RUN caddy-builder \
github.com/caddyserver/nginx-adapter \
github.com/hairyhenderson/caddy-teapot-module@v0.0.1
FROM caddy/caddy:v2.0.0
COPY --from=builder /usr/bin/caddy /usr/bin/caddyNote the second FROM instruction - this produces a much smaller image by simply overlaying the newly-built binary on top of the the regular caddy/caddy image.
The caddy-builder script is used to build a new Caddy entrypoint, with the provided modules. You can specify just a module name, or a name with a version (separated by @).
Note that the "standard" Caddy modules (github.com/caddyserver/caddy/v2/modules/standard) are always included.
Caddy does not require a full restart when configuration is changed. Caddy comes with a caddy reload command which can be used to reload its configuration with zero downtime.
When running Caddy in Docker, the recommended way to trigger a config reload is by executing the caddy reload command in the running container.
First, you'll need to determine your container ID or name. Then, pass the container ID to docker exec.
$ caddy_container_id=$(docker ps | grep caddy | awk '{print $1;}')
$ docker exec $caddy_container_id caddy reload --config /etc/caddy/Caddyfile --adapter caddyfileView license information for the software contained in this image.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.