Caddy in Portainer?

1. The problem I’m having:

I’m trying to set up a simple Caddy instance in Portainer. Ultimately hoping to reverse-proxy some things. For now, I’m just trying to get:

caddy respond --listen :8080

to work at all. Any help would be great. When I go to my portainer machine’s IP:8080, I don’t get any response.

2. Error messages and/or full log output:

WRN ts=1685604643.706218 logger=admin msg=admin endpoint disabled
INF ts=1685604643.7075746 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc000500fc0
INF ts=1685604643.7087483 logger=http.log msg=server running name=static0 protocols=["h1","h2","h3"]
Server address: [::]:8080
INF ts=1685604643.7110264 logger=tls msg=cleaning storage unit description=FileStorage:/data/caddy
INF ts=1685604643.7111204 logger=tls msg=finished cleaning storage units

3. Caddy version:


4. How I installed and ran Caddy:

I’m using caddy:latest in portainer, I’ve added volumes for /data and /config, and set port 8080:8080.

a. System environment:

Portainer, running in an ubuntu VM on proxmox. I’ve opened the firewall of the ubuntu VM in proxmox, and have no issues accessing other sites hosted in portainer like this.

b. Command:

caddy respond --listen :8080

Trying to keep it simple to start.

c. Service/unit/compose file:

d. My complete Caddy config:

5. Links to relevant resources:

If you’re trying to proxy, then start with the proxy. Using respond doesn’t do anything useful for you. And I strongly recommend writing a Caddyfile instead of overriding the container’s run command.

What isn’t working, specifically? You haven’t shown evidence of a problem. Run curl -v to make a request and show what you get.

You said you configured Caddy to listen on port 8080, but did you configure the container’s port to be exposed?

As I said, I don’t get any response from caddy. I’ll paste a curl result when I’m in front of a computer again. Also as I said, in portainer I am forwarding port 8080 into the container, and I also have the firewall on portainers machine open.

I’m sure there is something simple I’m missing but I don’t know what it is yet, that’s why I am trying to go to the minimum example with “respond” just to try to get any communication with caddy.

Alright, as suggested I’ve set up a caddyfile to do my reverse proxy. It reads as follows:


:80 {
	reverse_proxy immich_proxy:8080

I’ve added it to the same network in portainer as my instance of immich and I am able to ping immich_proxy:8080 from my caddy container.

I am forwarding 8080->80 on my caddy container. Curl gives this output:

root@proxmox:~# curl -v
*   Trying
* Connected to ( port 8080 (#0)
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.74.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Date: Fri, 02 Jun 2023 00:11:32 GMT
< Location: /auth/login
< Server: Caddy
< Server: nginx/1.23.4
< Transfer-Encoding: chunked
* Connection #0 to host left intact

Caddy logs are:

2023-06-02T00:14:23.601767241Z DBG ts=1685664863.601454 logger=http msg=servers shutting down with eternal grace period
2023-06-02T00:14:23.605557754Z INF ts=1685664863.6052475 logger=tls.cache.maintenance msg=stopped background certificate maintenance cache=0xc0000ed110
2023-06-02T00:14:23.607151525Z INF ts=1685664863.6067083 logger=admin msg=stopped previous server address=localhost:2019
2023-06-02T00:14:23.607184402Z INF ts=1685664863.6067696 msg=shutdown complete signal=SIGTERM exit_code=0
2023-06-02T00:14:25.110896667Z INF ts=1685664865.110478 msg=using provided configuration config_file=/config/Caddyfile config_adapter=caddyfile
2023-06-02T00:14:25.116669250Z INF ts=1685664865.1162663 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//"]
2023-06-02T00:14:25.117931088Z WRN ts=1685664865.1177094 logger=http msg=server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server server_name=srv0 http_port=80
2023-06-02T00:14:25.117991454Z INF ts=1685664865.1179008 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc0003091f0
2023-06-02T00:14:25.119839048Z DBG ts=1685664865.1196165 logger=http msg=starting server loop address=[::]:80 tls=false http3=false
2023-06-02T00:14:25.119887026Z INF ts=1685664865.1197023 logger=http.log msg=server running name=srv0 protocols=["h1","h2","h3"]
2023-06-02T00:14:25.120406307Z INF ts=1685664865.1200953 msg=autosaved config (load with --resume flag) file=/config/caddy/autosave.json
2023-06-02T00:14:25.120450352Z INF ts=1685664865.1201358 msg=serving initial configuration
2023-06-02T00:14:25.121414734Z INF ts=1685664865.1212149 logger=tls msg=cleaning storage unit description=FileStorage:/data/caddy
2023-06-02T00:14:25.121771214Z INF ts=1685664865.121575 logger=tls msg=finished cleaning storage units
2023-06-02T00:14:29.237169233Z DBG ts=1685664869.2367954 logger=http.handlers.reverse_proxy msg=selected upstream dial=immich_proxy:8080 total_upstreams=1
2023-06-02T00:14:29.307956601Z DBG ts=1685664869.3075082 logger=http.handlers.reverse_proxy msg=upstream roundtrip upstream=immich_proxy:8080 duration=0.070542578 request={"remote_ip":"","remote_port":"36452","proto":"HTTP/1.1","method":"GET","host":"","uri":"/","headers":{"X-Forwarded-For":[""],"X-Forwarded-Proto":["http"],"X-Forwarded-Host":[""],"User-Agent":["curl/7.74.0"],"Accept":["*/*"]}} headers={"Location":["/auth/login"],"Server":["nginx/1.23.4"],"Date":["Fri, 02 Jun 2023 00:14:29 GMT"],"Connection":["keep-alive"]} status=302

Is there an obvious reason why I can’t see the site at immich_proxy:8080 when I navigate to Thanks for any tips, hopefully there is something obvious in the log or curl output.

This is working fine, your app is redirecting you to its login page, and this shows the request went through both Caddy and nginx (your upstream app is served by nginx it seems).

I’m not seeing any problem here. I don’t understand what you’re having trouble with.

Ah, I finally figured it out! It was some stupid caching with chrome I think. I was able to connect through incognito, so I cleared things out and I am able to connect now!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.