phirna-pub/zima-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fddde0129009e7b80d49ece10e657d6ffdbd253
zima-apps/Apps/caddy-autogen/docker-compose.yaml
T
Joachim Friberg 9ea8ca421b Add caddy-autogen app, tests, and agent policy updates
2026-03-18 16:19:01 +01:00

163 lines
4.7 KiB
YAML
Raw Blame History

name: caddy-autogen
services:
caddy:
build:
context: ./caddy
dockerfile: Dockerfile
container_name: caddy-autogen
restart: unless-stopped
environment:
TZ: ${TZ}
CADDY_ADMIN: ${CADDY_ADMIN:-0.0.0.0:2019}
CLOUDFLARE_API_TOKEN: ${CLOUDFLARE_API_TOKEN}
ports:
- target: 80
published: ${HTTP_PORT:-80}
protocol: tcp
- target: 443
published: ${HTTPS_PORT:-443}
protocol: tcp
volumes:
- type: bind
source: /DATA/AppData/$AppID/caddy/data
target: /data
- type: bind
source: /DATA/AppData/$AppID/caddy/config
target: /config
extra_hosts:
- host.docker.internal:host-gateway
security_opt:
- no-new-privileges:true
x-casaos:
envs:
- container: CADDY_ADMIN
description:
en_us: Caddy admin endpoint bind address
- container: CLOUDFLARE_API_TOKEN
description:
en_us: Cloudflare API token (Zone Read + DNS Edit)
ports:
- container: "80"
description:
en_us: HTTP ingress
- container: "443"
description:
en_us: HTTPS ingress
volumes:
- container: /data
description:
en_us: Caddy runtime data and certificates
- container: /config
description:
en_us: Caddy configuration state
socket-proxy:
image: lscr.io/linuxserver/socket-proxy:version-24.02.26
container_name: caddy-autogen-socket-proxy
restart: unless-stopped
environment:
TZ: ${TZ}
CONTAINERS: 1
EVENTS: 1
INFO: 1
NETWORKS: 1
PING: 1
POST: 0
VERSION: 1
read_only: true
tmpfs:
- /run
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
discovery-agent:
build:
context: ./agent
dockerfile: Dockerfile
container_name: caddy-autogen-discovery
restart: unless-stopped
depends_on:
- caddy
- socket-proxy
environment:
TZ: ${TZ}
DOCKER_API_URL: ${DOCKER_API_URL:-http://socket-proxy:2375}
CADDY_LOAD_URL: ${CADDY_LOAD_URL:-http://caddy:2019/load}
BASE_DOMAIN: ${BASE_DOMAIN}
WILDCARD_DOMAIN: ${WILDCARD_DOMAIN:-}
CLOUDFLARE_API_TOKEN: ${CLOUDFLARE_API_TOKEN}
CERT_EMAIL: ${CERT_EMAIL:-}
REQUIRE_CLOUDFLARE: ${REQUIRE_CLOUDFLARE:-true}
ALLOW_INTERNAL_TLS_FALLBACK: ${ALLOW_INTERNAL_TLS_FALLBACK:-false}
ENV_PREFIX: ${ENV_PREFIX:-LABEL_CADDY_}
POLL_SECONDS: ${POLL_SECONDS:-15}
CONTAINER_NAME_DENYLIST: ${CONTAINER_NAME_DENYLIST:-caddy-autogen,caddy-autogen-discovery,caddy-autogen-socket-proxy}
DEFAULT_SCHEME: ${DEFAULT_SCHEME:-http}
DEFAULT_PATH: ${DEFAULT_PATH:-/}
DEFAULT_HEALTH_URI: ${DEFAULT_HEALTH_URI:-}
CONFIG_FILE: ${CONFIG_FILE:-/app/config/defaults.yaml}
volumes:
- type: bind
source: /DATA/AppData/$AppID/config
target: /app/config
read_only: true
read_only: true
tmpfs:
- /tmp
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
x-casaos:
envs:
- container: BASE_DOMAIN
description:
en_us: Base domain used for endpoints, e.g. home.example.com
- container: WILDCARD_DOMAIN
description:
en_us: Optional wildcard certificate domain, e.g. home.example.com
- container: REQUIRE_CLOUDFLARE
description:
en_us: Fail closed when Cloudflare token is missing
- container: ALLOW_INTERNAL_TLS_FALLBACK
description:
en_us: Enable internal Caddy certificates when Cloudflare is unavailable
- container: POLL_SECONDS
description:
en_us: Docker state reconciliation interval
volumes:
- container: /app/config
description:
en_us: Discovery defaults configuration (read-only)
x-casaos:
architectures:
- amd64
- arm64
- arm
main: caddy
category: Network
author: Zima Apps Team
developer: Zima Apps Team
icon: https://caddyserver.com/resources/images/caddy-circle-lock.svg
tagline:
en_us: Auto-generate Caddy endpoints from running containers
description:
en_us: >-
Discovers ZimaOS containers through Docker API and generates Caddy routes on the fly.
Uses explicit env-based opt-in (LABEL_CADDY_*) with fail-closed defaults, Cloudflare DNS-01
certificates, and local split-horizon DNS compatibility.
title:
en_us: Caddy AutoGen
index: /
port_map: ${HTTPS_PORT:-443}
scheme: https
Reference in New Issue View Git Blame Copy Permalink