name: caddy-autogen services: caddy: build: context: ./caddy dockerfile: Dockerfile container_name: caddy-autogen restart: unless-stopped environment: TZ: ${TZ} CADDY_ADMIN: ${CADDY_ADMIN:-0.0.0.0:2019} CLOUDFLARE_API_TOKEN: ${CLOUDFLARE_API_TOKEN} ports: - target: 80 published: ${HTTP_PORT:-80} protocol: tcp - target: 443 published: ${HTTPS_PORT:-443} protocol: tcp volumes: - type: bind source: /DATA/AppData/$AppID/caddy/data target: /data - type: bind source: /DATA/AppData/$AppID/caddy/config target: /config extra_hosts: - host.docker.internal:host-gateway security_opt: - no-new-privileges:true x-casaos: envs: - container: CADDY_ADMIN description: en_us: Caddy admin endpoint bind address - container: CLOUDFLARE_API_TOKEN description: en_us: Cloudflare API token (Zone Read + DNS Edit) ports: - container: "80" description: en_us: HTTP ingress - container: "443" description: en_us: HTTPS ingress volumes: - container: /data description: en_us: Caddy runtime data and certificates - container: /config description: en_us: Caddy configuration state socket-proxy: image: lscr.io/linuxserver/socket-proxy:version-24.02.26 container_name: caddy-autogen-socket-proxy restart: unless-stopped environment: TZ: ${TZ} CONTAINERS: 1 EVENTS: 1 INFO: 1 NETWORKS: 1 PING: 1 POST: 0 VERSION: 1 read_only: true tmpfs: - /run volumes: - type: bind source: /var/run/docker.sock target: /var/run/docker.sock read_only: true security_opt: - no-new-privileges:true cap_drop: - ALL discovery-agent: build: context: ./agent dockerfile: Dockerfile container_name: caddy-autogen-discovery restart: unless-stopped depends_on: - caddy - socket-proxy environment: TZ: ${TZ} DOCKER_API_URL: ${DOCKER_API_URL:-http://socket-proxy:2375} CADDY_LOAD_URL: ${CADDY_LOAD_URL:-http://caddy:2019/load} BASE_DOMAIN: ${BASE_DOMAIN} WILDCARD_DOMAIN: ${WILDCARD_DOMAIN:-} CLOUDFLARE_API_TOKEN: ${CLOUDFLARE_API_TOKEN} CERT_EMAIL: ${CERT_EMAIL:-} REQUIRE_CLOUDFLARE: ${REQUIRE_CLOUDFLARE:-true} ALLOW_INTERNAL_TLS_FALLBACK: ${ALLOW_INTERNAL_TLS_FALLBACK:-false} ENV_PREFIX: ${ENV_PREFIX:-LABEL_CADDY_} POLL_SECONDS: ${POLL_SECONDS:-15} CONTAINER_NAME_DENYLIST: ${CONTAINER_NAME_DENYLIST:-caddy-autogen,caddy-autogen-discovery,caddy-autogen-socket-proxy} DEFAULT_SCHEME: ${DEFAULT_SCHEME:-http} DEFAULT_PATH: ${DEFAULT_PATH:-/} DEFAULT_HEALTH_URI: ${DEFAULT_HEALTH_URI:-} CONFIG_FILE: ${CONFIG_FILE:-/app/config/defaults.yaml} volumes: - type: bind source: /DATA/AppData/$AppID/config target: /app/config read_only: true read_only: true tmpfs: - /tmp security_opt: - no-new-privileges:true cap_drop: - ALL x-casaos: envs: - container: BASE_DOMAIN description: en_us: Base domain used for endpoints, e.g. home.example.com - container: WILDCARD_DOMAIN description: en_us: Optional wildcard certificate domain, e.g. home.example.com - container: REQUIRE_CLOUDFLARE description: en_us: Fail closed when Cloudflare token is missing - container: ALLOW_INTERNAL_TLS_FALLBACK description: en_us: Enable internal Caddy certificates when Cloudflare is unavailable - container: POLL_SECONDS description: en_us: Docker state reconciliation interval volumes: - container: /app/config description: en_us: Discovery defaults configuration (read-only) x-casaos: architectures: - amd64 - arm64 - arm main: caddy category: Network author: Zima Apps Team developer: Zima Apps Team icon: https://caddyserver.com/resources/images/caddy-circle-lock.svg tagline: en_us: Auto-generate Caddy endpoints from running containers description: en_us: >- Discovers ZimaOS containers through Docker API and generates Caddy routes on the fly. Uses explicit env-based opt-in (LABEL_CADDY_*) with fail-closed defaults, Cloudflare DNS-01 certificates, and local split-horizon DNS compatibility. title: en_us: Caddy AutoGen index: / port_map: ${HTTPS_PORT:-443} scheme: https