Creating and managing a PEM certificate for another container

1. Caddy version (caddy version):

v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=

2. How I run Caddy:

via docker compose

a. System environment:


c. Service/unit/compose file:

    image: caddy:2
      - "80:80"
      - "443:443"
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./data/caddy/data:/data
      - ./data/caddy/config:/config
      - ./data/caddy/log:/var/log

3. The problem I’m having:

I want to secure my coturn server, it has to run in network mode host (too many ports to map from docker) so I don’t think I can proxy it directly from my caddy container (different networks). It has two options:


while caddy generates these files:


docker compose for coturn

    container_name: coturn
    image: coturn/coturn
    restart: unless-stopped
    # ports:
      ## STUN/TURN

      #- "3478:3478"
      #- "3478:3478/udp"
      #- "3479:3479"
      #- "3479:3479/udp"
      ## STUN/TURN SSL
      #- '5349:5349'
      #- '5349:5349/udp'
      #- '5350:5350'
      #- '5350:5350/udp'
      ## Relay Ports
      #- '64000-65535:64000-65535/udp'
    network_mode: host

5. What I already tried:

I understand that since I can’t proxy the coturn server directly (unless someone knows how!) I’d need to use caddy only for renewing the certificates. I’m currently using a caddyfile so If I’m not wrong I can’t use this directly (not sure).

I’d also need to create them first so to recap:

  1. create the certificates files
  2. Convert them to pem if not already in that form
  3. use caddy to keep them updated
    ??? profit.

Thanks anyone for their help

You can proxy to the host IP address.

If you’re using at least Docker v20.10.0 then you can add this to the Caddy docker-compose service to set up the hostname mapping:

      - "host.docker.internal:host-gateway"

Then you can do reverse_proxy host.docker.internal:<port> in your Caddyfile.

It’s historically been a different solution on Linux than on Windows/Mac, so that extra_hosts line is necessary for Linux to have that hostname, since support for it was added in Merge pull request #40007 from arkodg/add-host-docker-internal · moby/moby@ca20bc4 · GitHub

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.