1. Caddy version (caddy version
):
caddy:2.4.2-alpine
2. How I run Caddy:
{$SERVICE_DOMAIN} {
reverse_proxy service:3000
}
{$APP_DOMAIN} {
root * /var/www/html/app
encode gzip zstd
try_files {path} {path}/ /index.html
file_server
}
a. System environment:
Docker image 2.4.2-alpine
b. Command:
docker compose up
c. Service/unit/compose file:
version: '3.7'
services:
app:
container_name: app
image: ${APP_IMAGE}
volumes:
- static-content:/home/node/app/dist/app
service:
container_name: service
image: ${SERVICE_IMAGE}
environment:
- DB_HOST=database
- NODE_ENV=${NODE_ENV}
- DB_PASSWORD=${DB_PASSWORD}
- JWT_SECRET=${JWT_SECRET}
networks:
- backend
depends_on:
- database
restart: unless-stopped
database:
container_name: database
image: postgres:13.1-alpine
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- pgdata:/var/lib/postgresql/data
networks:
- backend
restart: unless-stopped
webserver:
container_name: webserver
image: caddy:2.4.2-alpine
environment:
- APP_DOMAIN=${APP_DOMAIN}
- SERVICE_DOMAIN=${SERVICE_DOMAIN}
ports:
- "80:80"
- "443:443"
- "3000:3000"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- static-content:/var/www/html/app
- caddy_data:/data
- caddy_config:/config
networks:
- backend
restart: unless-stopped
networks:
backend:
name: backend
volumes:
static-content:
caddy_data:
caddy_config:
pgdata:
name: pgdata
d. My complete Caddyfile or JSON config:
{$SERVICE_DOMAIN} {
reverse_proxy service:3000
}
{$APP_DOMAIN} {
root * /var/www/html/app
encode gzip zstd
try_files {path} {path}/ /index.html
file_server
}
3. The problem I’m having:
My question: will restarting the Caddy Docker container dozens of times per day (CI/CD) cause constant renewals for HTTPS certificates?
I have read the documentation Automatic HTTPS — Caddy Documentation as well as the samples on Docker Hub. Currently, I have the front end application building its static content into a shared Docker volume between the app container and the Caddy container. The front end code is being updated all the time. In order to re-attach the latest app volume to the Caddy container I would need to stop the Caddy container, refresh the volume and restart the Caddy container. Does this initiate an certificate renewal each time? I had assumed that it would check the disk (/data or /config) to determine whether a renewal is required but I don’t see this documented anywhere.
Alternatively, is there a better approach to this (fairly common) scenario?
4. Error messages and/or full log output:
None yet
5. What I already tried:
I am currently using HTTP only in my Caddyfile by specifying :3000 and :80 for the service and web application, respectively