What should I persist with docker compose in production?

I’ve got my setup working both locally and in production! But I imagine when I remove/replace my caddy container, it will request new certs from Let’s Encrypt. The way around this, I assume, is to persist the directory that the certs are stored in as a volume. But which directory should this be? The entire $HOME (/root) directory? That seems more than necessary, so thought I’d check as I couldn’t seem to find the answer in existing questions.

Thanks!

Also, in case anyone else stumbles upon this, my working docker-compose.yml file has this for the caddy service:

version: '3'
services:
  reverse-proxy:
    container_name: reverse-proxy
    image: caddy/caddy:alpine
    restart: always
    ports:
      - "80:80"
      - "443:443"
    user: root
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
1 Like

If you’re running as root, then I think /root/.caddy is all you need to persist.

Also, I’d recommend not using restart: always, but instead restart: unless-stopped. If you run into problems with certificate issuance, you don’t want to have Caddy continually restart, because then you’ll hit rate limits and potentially lock yourself from using your domain until the rate limits time out (which is usually 1 week).

1 Like

Hm, that directory doesn’t seem to exist (at least on the alpine image). Here’s what I see in /root:

  • /root/.config/caddy/autosave.json
  • /root/.local/share/caddy/ contains 3 directories: acme, locks, and ocsp.

Am I missing something? If not, what should be persisted?

EDIT: Actually, shouldn’t I be able to set the location where they’re stored? I was planning on mounting a volume to my droplet/VM, so I’ll need to put them in a specific place if I truly want to persist them, no?

Caddy 2 respects the XDG standard. Here’s the respective documentation page.

3 Likes

My mistake for giving you incorrect information - thanks @Mohammed90 for linking to the right place

Yes, those two directories you mentioned are all you should need to persist.

/root/.config/caddy and /root/.local/share/caddy

You can set the XDG environment variables on your container to change those base paths as well if you prefer.

2 Likes

Great, thanks both of you

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.