1. The problem I’m having:
I followed the directions here to configure TLS for my domain. Everything worked on my internal network and all of my services use a wildcard certificate.
Next I wanted to add Tailscale into the mix in case I was away on travel or wanted to share some of my services with family members. So I built caddy with the caddy-tailscale module.
I was curious if the Caddyfile (below) could be improved at all or if this was a decent/sane approach? Thank you.
2. Error messages and/or full log output:
No problems; everything works. I just want some feedback on the approach.
3. Caddy version:
v2.10.2
4. How I installed and ran Caddy:
a. System environment:
TrueNAS Scale (Debian GNU/Linux 12 bookworm)
b. Command:
docker compose up -d
c. Service/unit/compose file:
# Dockerfile
FROM caddy:2.10.2-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/tailscale/caddy-tailscale
FROM caddy:2.10.2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
# compose file
services:
caddy:
build: .
container_name: caddy
hostname: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- MY_DOMAIN
- TS_DOMAIN
- CLOUDFLARE_API_TOKEN
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy_data:/data
- ./caddy_config:/config
- /mnt/tank/certs:/certs
networks:
default:
name: $DOCKER_MY_NETWORK
external: true
d. My complete Caddy config:
# Caddyfile
{
debug
acme_dns cloudflare {$CLOUDFLARE_API_TOKEN}
auto_https prefer_wildcard
tailscale {
auth_key tskey-auth-XXXX
}
}
jelly.{$MY_DOMAIN} {
reverse_proxy jellyfin:8096
}
jelly.{$TS_DOMAIN} {
bind tailscale/jelly
reverse_proxy jellyfin:8096
}