1. Caddy version (caddy version
):
v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=
2. How I run Caddy:
a. System environment:
Running on RaspberryPi 4 4GB using portainer with docker compose on top of OpenMediaVault5. I am running adguard and dnsmasq to resolve my subdomains.
b. Command:
caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
c. Service/unit/compose file:
version: "2"
services:
caddy:
image: caddy
container_name: caddy
hostname: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- MY_DOMAIN
volumes:
- /srv/dev-disk-by-label-data/data/appdata/Config/Caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- /srv/dev-disk-by-label-data/data/appdata/Config/Caddy/data:/data
- /srv/dev-disk-by-label-data/data/appdata/Config/Caddy/config:/config
networks:
default:
external:
name: bridge
MY_DOMAIN = lxiscs.duckdns.org
d. My complete Caddyfile or JSON config:
Caddyfile
lxiscs.duckdns.org
{
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
tiddlywiki.{$MY_DOMAIN} {
reverse_proxy 192.168.0.29:8081
}
grocy.{$MY_DOMAIN} {
reverse_proxy https://192.168.0.29:32771 {
transport http {
tls_insecure_skip_verify
}
}
}
3. The problem I’m having:
I am just getting into self hosting applications and needed a way to use HTTPS with grocy(in order to access from Android app) and since I would like to be able to access services(home assistant, grocy, eventually from outside my network I started with Caddy. My current setup seems to be working ok, I am mostly concerned if I am opening up any security risks with the tls_insecure_skip_verify between Caddy and the end applications when they are both running inside my network? Is there anything else I should keep in mind as I add more servers/services?