Simplest HTTPS/SSL server ever
Meet Caddy - a powerful, extensible platform (ZeroSSL project) to serve web sites, services and apps, written in Go.
It's also works from within a Docker container with automatic HTTPS with Let's Encrypt.
Let's spin up an SSL-hardened Caddy-powered reverse proxy. It will serve as a gateway to our other services.
So, the easiest way to get started is:
1. Create data and configuration directories:
mkdir /opt/caddy_data
mkdir /opt/caddy_config
Caddy will save important stuff here.
2. Create default index.html file
echo "This works with HTTPS, isn't it?! ;-)" > /opt/index.html
3. Create Caddyfile
Place very simple reverse proxy configuration inside Caddyfile:
echo "mydomain.example.com {" > /opt/Caddyfile
echo "reverse_proxy 127.0.0.1:8080" >> /opt/Caddyfile
echo "}" >> /opt/Caddyfile
4. Start simple HTTP worker
Let's use Python3 command just to serve our index.html file:
cd /opt
python3 -m http.server 8080
5. Start Dockerized Caddy
docker run --network=host -p 80:80 -p 443:443 -p 443:443/udp \
-v /opt/index.html:/usr/share/caddy/index.html \
-v /opt/caddy_data:/data \
-v /opt/caddy_config:/config \
-v /opt/Caddyfile:/etc/caddy/Caddyfile \
caddy:2.6.2-alpine
Ports are not necessary here (because of --network=host), but I like to have them explicitly mentioned.
Add -d (docker run -d ...) option to run it in detached (non-interactive, background) mode.
6. Check it out
Visit mydomain.example.com
and you should see your index.html content with HTTPS connection.
In case of any questions, please, check out Caddy documentation, especially Automatic HTTPS section and Common Caddyfile Patterns with Sample Caddyfile.
7. Docker compose
How to run Caddy as a part of docker-compose.yml file?
Here's a piece of docker-compose.yml
for Plausible.io project:
caddy:
image: caddy:2.6.2-alpine
network_mode: "host"
restart: always
volumes:
- /opt/caddy_data:/data
- /opt/caddy_config:/config
- /opt/Caddyfile:/etc/caddy/Caddyfile
depends_on:
- plausible
- plausible_db
- plausible_events_db
- mail
ports:
- 80:80
- 443:443/tcp
- 443:443/udp
Check source docker-compose.yml
file here