Restart Caddy docker container periodically to use new image

rishabhlakhotia · September 17, 2021, 5:19am

1. Caddy version (`caddy version`):

Docker 2-alpine image

2. How I run Caddy:

Using Docker and docker-compose. I have a Caddyfile mounted to the Caddy container.

a. System environment:

Docker v20.10.3
Docker Compose v1.28.2

b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: '3.7'

services:
  caddy:
    image: custom-caddy:2-alpine
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    environment:
      - PROTOCOL=https
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - master

volumes:
  caddy_config:
  caddy_data:

networks:
  master:
    external: true

d. My complete Caddyfile or JSON config:

https://sorry.internal.domain {
    tls /ssl/sorry.internal.domain/fullchain.cer /ssl/sorry.internal.domain/sorry.internal.domain.key
    encode {
        gzip 6
        zstd
    }
  root * /static-files/prod
  file_server
}

3. The problem I’m having:

We have many services running on the internal development domain and to prevent the issuance of so many certificates on subdomains I create a custom caddy image that has a wildcard certificate of the domain in it. Now I can just use this custom image on all the services that run on the domain, and instead of issuing a certificate, Caddy can use the pre-inserted certificate in its image.

It works totally fine, except, the services should be able to fetch the new image every 2 months and restart Caddy with that updated image.

4. Error messages and/or full log output:

N/A

5. What I already tried:

There are various simple as well as complex things that I have tried.

Setting up a cron job, however, is still an overhead of setting it up on every server we provision.
Using acme.sh's post-hook to trigger the CI/CD tool to pull the new image and restart the container. This is prone to errors and infrastructure is very dynamic.
Using a solution provided here.

Definitely, Docker will have to pull the new image and restart the container, but if still, anyone has done anything similar before using any API/webhook from Caddy, I’d love to know how they achieved it.

6. Links to relevant resources:

francislavoie · September 17, 2021, 9:12am

I strongly caution against automatically upgrading Docker images. There’s no guarantee that there won’t be breaking changes. You should always update with intent, regularly, with a human at the helm.

Follow the releases on GitHub (use the Watch button on the top-right of the repo and choose to watch releases). Note that Docker images aren’t released immediately when project releases are published though, because multiple manual steps are necessary to get new versions of the official Docker image updated.

system · October 17, 2021, 5:20am

This topic was automatically closed after 30 days. New replies are no longer allowed.