name: caddy-autogen services: caddy: image: joafri/caddy-autogen-caddy:main build: context: ./caddy dockerfile: Dockerfile container_name: caddy-autogen restart: unless-stopped environment: TZ: Europe/Stockholm CADDY_ADMIN: 0.0.0.0:2019 CLOUDFLARE_API_TOKEN: CHANGE_ME ports: - target: 80 published: 81 protocol: tcp - target: 443 published: 4431 protocol: tcp volumes: - type: bind source: /DATA/AppData/$AppID/caddy/data target: /data - type: bind source: /DATA/AppData/$AppID/caddy/config target: /config extra_hosts: - host.docker.internal:host-gateway security_opt: - no-new-privileges:true x-casaos: envs: - container: CADDY_ADMIN description: en_us: Caddy admin endpoint bind address - container: CLOUDFLARE_API_TOKEN description: en_us: Cloudflare API token (Zone Read + DNS Edit) ports: - container: "80" description: en_us: HTTP ingress - container: "443" description: en_us: HTTPS ingress volumes: - container: /data description: en_us: Caddy runtime data and certificates - container: /config description: en_us: Caddy configuration state socket-proxy: image: lscr.io/linuxserver/socket-proxy:version-3.0.9-r0 container_name: caddy-autogen-socket-proxy restart: unless-stopped environment: TZ: Europe/Stockholm CONTAINERS: 1 EVENTS: 1 INFO: 1 NETWORKS: 1 PING: 1 POST: 0 VERSION: 1 read_only: true tmpfs: - /run volumes: - type: bind source: /var/run/docker.sock target: /var/run/docker.sock read_only: true security_opt: - no-new-privileges:true cap_drop: - ALL discovery-agent: image: joafri/caddy-autogen-discovery-agent:main build: context: ./agent dockerfile: Dockerfile container_name: caddy-autogen-discovery restart: unless-stopped depends_on: - caddy - socket-proxy environment: TZ: Europe/Stockholm DOCKER_API_URL: http://socket-proxy:2375 CADDY_LOAD_URL: http://caddy:2019/load BASE_DOMAIN: example.com WILDCARD_DOMAIN: "" CLOUDFLARE_API_TOKEN: CLOUDFLARE_API_TOKEN CERT_EMAIL: "" REQUIRE_CLOUDFLARE: false ALLOW_INTERNAL_TLS_FALLBACK: false ENV_PREFIX: LABEL_CADDY_ POLL_SECONDS: 15 CONTAINER_NAME_DENYLIST: caddy-autogen,caddy-autogen-discovery,caddy-autogen-socket-proxy DEFAULT_SCHEME: http DEFAULT_PATH: / DEFAULT_HEALTH_URI: CONFIG_FILE: /app/config/defaults.yaml volumes: - type: bind source: /DATA/AppData/$AppID/config target: /app/config read_only: true read_only: true tmpfs: - /tmp security_opt: - no-new-privileges:true cap_drop: - ALL x-casaos: envs: - container: BASE_DOMAIN description: en_us: Base domain used for endpoints, e.g. home.example.com - container: WILDCARD_DOMAIN description: en_us: Optional wildcard certificate domain, e.g. home.example.com - container: REQUIRE_CLOUDFLARE description: en_us: Fail closed when Cloudflare token is missing - container: ALLOW_INTERNAL_TLS_FALLBACK description: en_us: Enable internal Caddy certificates when Cloudflare is unavailable - container: POLL_SECONDS description: en_us: Docker state reconciliation interval volumes: - container: /app/config description: en_us: Discovery defaults configuration (read-only) x-casaos: architectures: - amd64 - arm64 - arm main: caddy category: phirna author: Zima Apps Team developer: Zima Apps Team icon: https://cdn.simpleicons.org/caddy tagline: en_us: Auto-generate Caddy endpoints from running containers description: en_us: >- Discovers ZimaOS containers through Docker API and generates Caddy routes on the fly. Uses explicit env-based opt-in (LABEL_CADDY_*) with fail-closed defaults, Cloudflare DNS-01 certificates, and local split-horizon DNS compatibility. title: en_us: Caddy AutoGen index: / port_map: "443" scheme: https