1. Caddy version (caddy version
):
2.5.1 (docker)
2. How I run Caddy:
docker compose up -d
a. System environment:
Debian Bullseye; Docker (version 20.10.17, build 100c701)
b. Command:
Paste command here.
c. Service/unit/compose file:
docker-compose.yml:
version: ‘3.5’
services:
caddy:
image: caddy:latest
restart: unless-stopped
container_name: caddy
ports:
- 80:80
- 443:443
volumes:
- /etc/caddy/Caddyfile:/etc/caddy/Caddyfile
- /etc/caddy/cert.pem:/etc/caddy/cert.pem:ro
- “/etc/ssl/certs/00_ca.pem:/etc/ssl/ca_cert.pem:ro”
- “/etc/ssl/private/00_ca.key:/etc/ssl/ca_key.pem:ro”
- “caddy-config:/config”
- “caddy-data:/data”
environment:
- LOG_FILE=/data/access.log
networks:
- baikal-network
volumes:
caddy-config:
caddy-data:
networks:
baikal-network:
external: true
name: baikal_baikal-network
d. My complete Caddyfile or JSON config:
{
# General Options
debug
# PKI Options
pki {
ca acme {
name "Caddy ACME Server"
root_cn ca.intern.domain.xyz
intermediate_cn ca.intern.domain.xyz
root {
format pem
cert /etc/ssl/ca_cert.pem
key /etc/ssl/ca_key.pem
}
}
}
}
acme_server ca.intern.domain.xyz {
ca local
}
###########################################################################################
Baikal ### Baikal ### Baikal ### Baikal ### Calendarserver ####### Baikal
###########################################################################################
calendarserver.intern.domain.xyz:443 {
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Proxy everything to calendarserver
reverse_proxy baikal_nginx:80
tls {
ca /etc/ssl/ca_cert.pem
}
}
3. The problem I’m having:
Is it possible to run Caddy in one container and that it acts as a reverse proxy and as acme server which use my own root certificate to create the certificates for the services?
I have one server with some services on it. Every service is running in its own docker container/stack and to separate them every service has its own network and its own subdomain. I already created my own root ca and intermediate and the certificates of this ca are accepted on all devices but it is really time consuming (and annoying) to renew and create new certificates all the time.
Or is it better to use one Caddy container as reverse proxy and one container as acme server?
4. Error messages and/or full log output:
caddy | {“level”:“info”,“ts”:1656939407.3449724,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“caddyfile”}
caddy | run: adapting config using caddyfile: /etc/caddy/Caddyfile:21: unrecognized directive: ca
caddy exited with code 0
caddy exited with code 0
caddy exited with code 1
caddy exited with code 1
5. What I already tried:
Added a tls block to the global options but I got confused and removed it