It is my understanding that the base caddy image includes bash for troubleshooting via curl commands. Can this be included in this image? It makes it very challenging to debug issues without this functionality.

docker exec -it <container> bash

docker exec -it caddy bash
OCI runtime exec failed: exec failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown

Is it possible to simultaneously use this and an explicit Caddyfile?

Hi there, I keep getting flooded with logs such as:

{"level":"info","ts":1682275271.4406505,"logger":"admin.api","msg":"received request","method":"GET","host":"127.0.0.1:2019","uri":"/config","remote_ip":"127.0.0.1","remote_port":"51052","headers":{"Accept":["*/*"],"User-Agent":["curl/8.0.1"]}}

is this normal? Is there a way to suppress these?

I would like to use my own caddyfile directive without labels for services that live on another docker host that are not tied to an existing container where caddy is running. It does not appear to be getting picked up. What is the correct volume mapping?

Volumes:
  - /share/docker/appdata/caddy/data/Caddyfile:/etc/caddy/Caddyfile

I've noticed that in Docker Hub there are no tags for the Docker Images. It would be great to be able to pin a deployment to a specific version instead of using latest.

Thanks in advance

When CF encyrption mode is set to flexible, when a request hits CF and it's proxied there, then CF will send the request to the upstream unencrypted. The Caddy reverse proxy will then redir the request to port 443. So the HTTP response never makes it back to the CF server and it throws a "308 redirect too many times" error.

I found that I could use an API call to edit the Caddy config and change "listen" from ":443" to ":80", ":443" so that the reverse would no longer force the redirect. Unfortunately (1) as soon as something happens it rewrites the file and (2) this affects ALL sites on the proxy not just the one I want to modify.

I need a way to tell the proxy to stop doing the 80->443 redirect for this one site.

Is there already a way to do this?

I have disabled the proxy/https thing on Cloudflare because it's probably more important for me to have end-to-end encyrption than to have caching and IP hiding at Cloudflare?

Hi there, may I suggest including also the module github.com/mholt/caddy-dynamicdns?

By so doing, the IP address will be kept up-to-date.

This is how the module works:

{
	dynamic_dns {
		provider cloudflare {$CLOUDFLARE_API_TOKEN}
		domains {
			my-website.com
		}
		check_interval 5m
		versions ipv6
	}
}

Looking for an example of a docker compose file that shows which networks need to be defined. Or do you need to define any to use this container?

{"level":"error","ts":1644178009.2990136,"logger":"docker-proxy","msg":"Failed to get ingress networks","error":"Cannot find container id in cgroups: 0::/\n"}

{"level":"info","ts":1644178009.386654,"logger":"docker-proxy","msg":"Skipping default Caddyfile because no path is set"}

{"level":"info","ts":1644178014.2153318,"logger":"admin.api","msg":"received request","method":"GET","host":"127.0.0.1:2019","uri":"/config","remote_addr":"127.0.0.1:60384","headers":{"Accept":

If deploying in a swarm, what options would need to be configured?

Greetings I'm using caddy reverse proxy for Plex remote access, everything works but I'm not getting a real client IP for remote clients. All traffic appears using the local caddy IP. I'm using Cloudflare for DNS without proxy to host the domain. As I understand it caddy should get the real IP from my remote clients by default without any additional configs. The host is a QNAP on IP 192.X.X.10, reverse_proxy is a bridge device network 172.X.X.0/24 which houses both caddy and plex container.

All my streams local or remote are showing the 172.x.x.3 IP. Any ideas on what to look at?

Network:

networks:
  reverse_proxy:
    external: true

Caddy service:

  caddy:
    image: homeall/caddy-reverse-proxy-cloudflare:latest
    container_name: caddy
    restart: always
    networks:
      reverse_proxy:
        ipv4_address: 172.X.X.3
    ports:
      - 4480:80
      - 4443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${APPDATA}/caddy/data/Caddyfile:/data/Caddyfile:rw
      - ${APPDATA}/caddy/data:/data:rw
    labels: 
      caddy.email: [email protected] #### needs for acme CERT registration account

Plex service:

  plex:
    container_name: plex
    networks:
      reverse_proxy:
        ipv4_address: 172.X.X.6
    ports: 
     - "32400:32400" 
    image: linuxserver/plex:latest
    restart: always
    environment:
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
      - PLEX_CLAIM=${PLEX_CLAIM}
    devices:
      - /dev/dri:/dev/dri
    volumes:
      - ${APPDATA}/plex:/config
      - ${APPDATA}/plex/transcode:/transcode
      - ${MEDIA}:/data/media
      - ${EXT_MEDIA}:/external/data/media
    labels:
      caddy: plex.********.com
      caddy.reverse_proxy: "{{upstreams 32400}}"
      caddy.tls.dns: "cloudflare ${CF_API_TOKEN}"
      caddy.tls.resolvers: "1.1.1.1"

This scheduled workflow is disabled because there hasn't been activity in this repository for at least 60 days.
But it can be enabled again to resume scheduled runs.