API configured Caddy and persistent configuration when docker host reboots

1. Caddy version (caddy version):

I am using the caddy:latest container image.

/srv # caddy version
v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=

2. How I run Caddy:

a. System environment:

CentOS Linux release 7.9.2009 (Core)
Docker CE Server Version: 20.10.17

b. Command:

docker-compose up

c. Service/unit/compose file:

version: "3.2"

services:
  caddy-int-01:
    image: caddy:latest
    container_name: ${name}
    hostname: ${name}
    restart: unless-stopped
    volumes:
      - ${vdata}:/data:rw
      - ${vsrv}:/srv:rw
      - ${vconfig}:/config:rw
      - ${vresolvconf}:/etc/resolv.conf:ro
      - ${vrootcert}:/root_ca.crt:ro
    networks:
       dck-macvlan0:
           ipv4_address: ${ipv4_address}
networks:
  dck-macvlan0:
    external:
      name: dck-macvlan0

d. My complete Caddyfile or JSON config:

{
    "admin": {
        "listen": ":2019"
    },
    "apps": {
        "http": {
            "servers": {
                "srv0": {
                    "listen": [
                        ":443"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "handler": "reverse_proxy",
                                                    "upstreams": [
                                                        {
                                                            "dial": "10.0.0.1:80"
                                                        }
                                                    ]
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ],
                            "match": [
                                {
                                    "host": [
                                        "1.example.com"
                                    ]
                                }
                            ],
                            "terminal": true
                        },
                        {
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "handler": "reverse_proxy",
                                                    "upstreams": [
                                                        {
                                                            "dial": "10.0.0.2:80"
                                                        }
                                                    ]
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ],
                            "match": [
                                {
                                    "host": [
                                        "2.example.com"
                                    ]
                                }
                            ],
                            "terminal": true
                        }
                    ]
                }
            }
        },
        "tls": {
            "automation": {
                "policies": [
                    {
                        "issuers": [
                            {
                                "ca": "https://pki.example.com:9000/acme/acme/directory",
                                "email": "pki@example.com",
                                "module": "acme",
                                "trusted_roots_pem_files": [
                                    "/root_ca.crt"
                                ]
                            }
                        ],
                        "subjects": [
                            "1.example.com",
                            "2.example.com"
                        ]
                    }
                ]
            }
        }
    }
}

3. The problem I’m having:

What is best way to make API managed caddy configure persistent when docker-compose is used?

My Docker host does automatic scheduled updates and reboots every other week.
How I can make this API managed configuration persistent when the docker container reboots? I know that there is --resume flag, but I don’t understand that how I can pass it every time when the container reboots.

I also have second problem caused by this. Because the API configuration isn’t persistent, I can’t load new configuration to Caddy because in default configuration the admin API is only exposed to localhost. Should I create a Caddyfile where I have these admin configuration, so API endpoint is open even when autosave.json couldn’t be loaded or is this bad practice?

4. Error messages and/or full log output:

5. What I already tried:

I tested that I can reload my configuration directly inside docker container and that worked.

6. Links to relevant resources:

Override the container’s command, you can do this in your docker-compose service definition. Use /usr/bin/caddy run --resume. This will make it pull the config from /config/autosave.json on startup.

Yeah, that makes sense. Having an initial config to set up the admin API is a supported pattern. It’s the recommended way to set up config loaders:

1 Like

Okay, that worked. Thank you very much!