Custom build - cherrypick modules

1. The problem I’m having:

I want to build a minimal caddy image for a small static site server deployed in kubernetes. I’ve previously used xcaddy, but it adds a lot of stuff I don’t need. I’ve been looking through the caddy modules, but aren’t quite sure which once I actually need.

These are the modules I think I need:

• “github.com/caddyserver/caddy/v2/caddyconfig/caddyfile”
• “github.com/caddyserver/caddy/v2/modules/caddyhttp/standard”
• “github.com/caddyserver/caddy/v2/modules/logging”
• “github.com/caddyserver/caddy/v2/modules/metrics”

I’m not sure if the caddy-events modules are needed?
Also, I don’t need everything from caddyhttp, but it’s not clear to me which (maybe apart from the reverseproxy module) I can leave out.

Everything to do with https/certificates etc. I can leave out, as this is handled by other parts of my cluster.

I’ve included the metrics module as I’m using prometheus to scape metrics in my cluster.

2. Error messages and/or full log output:

3. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

a. System environment:

• Building from scratch image for linux/amd64
• Kubernetes v1.31.1

c. Service/unit/compose file:

This is my current Dockerfile (using xcaddy):

# use Go as Builder
FROM golang:1.23.2 AS builder
RUN mkdir /build
WORKDIR /build
# renovate: datasource=github-tags depName=caddyserver/xcaddy
RUN go install github.com/caddyserver/xcaddy/cmd/xcaddy@v0.4.2

ARG GOOS=linux
ARG GOARCH=amd64
# renovate: datasource=github-tags depName=caddyserver/caddy
RUN xcaddy build v2.8.4

# Use the build image
FROM scratch
COPY --from=builder /build/caddy /bin/caddy
WORKDIR /var/www/html
USER 314:314

# add site files
COPY ./public /var/www/html
# add Caddyfile
COPY Caddyfile /var/www/html/Caddyfile

# Set container labels
LABEL caddy-version="2.8.4"
LABEL org.opencontainers.image.source="https://github.com/chrede88/qubtDocker"
LABEL org.opencontainers.image.description="My personal website."
LABEL org.opencontainers.image.licenses="MIT"

# Expose port 8080
EXPOSE 8080
# Expose port 2016 for metrics
EXPOSE 2019

# run binary
ENTRYPOINT ["/bin/caddy"]
CMD ["run"]

d. My complete Caddy config:

{
	http_port 8080
	auto_https off
	admin off
	servers {
		metrics
	}
}

:8080 {
	encode zstd gzip
	file_server {
	}
	handle_errors {
		@404 {
			expression {http.error.status_code} == 404
		}
		rewrite @404 /404.html
		file_server
	}
	log {
		output stdout
	}
}

:2019 {
	metrics /metrics {
		disable_openmetrics
	}
}

Caddy isn’t designed to let you remove anything included in the standard distribution. Why do you think you need to do that? There’s not really any practical benefit to doing so.

You can use our existing Docker images: Build from source — Caddy Documentation

I see. From the text in the main.go file, it just seemed that this would be possible. I.e. this snippet:

// There is no need to modify the Caddy source code to customize your
// builds. You can easily build a custom Caddy with these simple steps:
//
//  1. Copy this file (main.go) into a new folder
//  2. Edit the imports below to include the modules you want plugged in
//  3. Run `go mod init caddy`
//  4. Run `go install` or `go build` - you now have a custom binary!

As for the “why”. If I don’t need it, there is no reason to include it. This will also minimize the image size (and attack surface).

That’s about adding plugins, not removing standard modules.

You’re best off forking if you really want that. But really, no need to be pinching pennies, you won’t gain much from it. All of it is under the same security policy.

Okay, thanks for your input

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.