1. Caddy version (caddy version
):
Docker 2-alpine image
2. How I run Caddy:
Using Docker and docker-compose. I have a Caddyfile mounted to the Caddy container.
a. System environment:
Docker v20.10.3
Docker Compose v1.28.2
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: '3.7'
services:
caddy:
image: custom-caddy:2-alpine
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- PROTOCOL=https
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy_data:/data
- caddy_config:/config
networks:
- master
volumes:
caddy_config:
caddy_data:
networks:
master:
external: true
d. My complete Caddyfile or JSON config:
https://sorry.internal.domain {
tls /ssl/sorry.internal.domain/fullchain.cer /ssl/sorry.internal.domain/sorry.internal.domain.key
encode {
gzip 6
zstd
}
root * /static-files/prod
file_server
}
3. The problem I’m having:
We have many services running on the internal development domain and to prevent the issuance of so many certificates on subdomains I create a custom caddy image that has a wildcard certificate of the domain in it. Now I can just use this custom image on all the services that run on the domain, and instead of issuing a certificate, Caddy can use the pre-inserted certificate in its image.
It works totally fine, except, the services should be able to fetch the new image every 2 months and restart Caddy with that updated image.
4. Error messages and/or full log output:
N/A
5. What I already tried:
There are various simple as well as complex things that I have tried.
- Setting up a cron job, however, is still an overhead of setting it up on every server we provision.
- Using
acme.sh
's post-hook to trigger the CI/CD tool to pull the new image and restart the container. This is prone to errors and infrastructure is very dynamic. - Using a solution provided here.
Definitely, Docker will have to pull the new image and restart the container, but if still, anyone has done anything similar before using any API/webhook from Caddy, I’d love to know how they achieved it.