b17e7d3d5f
- Add Caddy client package (client.go) with Load/GetConfig/Ping methods - Implement config generator (config.go) transforming ProxyHost → Caddy JSON - Add pre-flight validator (validator.go) catching config errors before reload - Create manager (manager.go) with rollback capability using config snapshots - Add CaddyConfig model for audit trail of configuration changes - Update Config to include Caddy admin API and config dir settings - Create comprehensive unit tests with 100% coverage for caddy package Docker Infrastructure: - Add docker-compose.yml with Caddy sidecar container - Add docker-compose.dev.yml for development overrides - Create .github/workflows/docker-publish.yml for GHCR publishing - Update CI to build Docker images and run integration tests - Add DOCKER.md with comprehensive deployment guide - Update Makefile with docker-compose commands - Update README with Docker-first deployment instructions Configuration: - Add CPM_CADDY_ADMIN_API and CPM_CADDY_CONFIG_DIR env vars - Update .env.example with new Caddy settings - Update AutoMigrate to include CaddyConfig model All acceptance criteria met: ✅ Can programmatically generate valid Caddy JSON configs ✅ Can reload Caddy configuration via admin API ✅ Invalid configs caught by validator before reload ✅ Automatic rollback on failure via snapshot system
5.5 KiB
5.5 KiB
Docker Deployment Guide
CaddyProxyManager+ is designed for Docker-first deployment, making it easy for home users to run Caddy without learning Caddyfile syntax.
Quick Start
# Clone the repository
git clone https://github.com/Wikid82/CaddyProxyManagerPlus.git
cd CaddyProxyManagerPlus
# Start the stack
docker-compose up -d
# Access the UI
open http://localhost:8080
Architecture
The Docker stack consists of two services:
-
app (
caddyproxymanager-plus): Management interface- Manages proxy host configuration
- Provides web UI on port 8080
- Communicates with Caddy via admin API
-
caddy: Reverse proxy server
- Handles incoming traffic on ports 80/443
- Automatic HTTPS with Let's Encrypt
- Configured dynamically via JSON API
┌──────────────┐
│ Internet │
└──────┬───────┘
│ :80, :443
▼
┌──────────────┐ Admin API ┌──────────────┐
│ Caddy │◄───────:2019───────┤ CPM+ App │
│ (Proxy) │ │ (Manager) │
└──────┬───────┘ └──────┬───────┘
│ │
▼ ▼
Your Services :8080 (Web UI)
Environment Variables
Configure CPM+ via environment variables in docker-compose.yml:
environment:
- CPM_ENV=production # production | development
- CPM_HTTP_PORT=8080 # Management UI port
- CPM_DB_PATH=/app/data/cpm.db # SQLite database location
- CPM_CADDY_ADMIN_API=http://caddy:2019 # Caddy admin endpoint
- CPM_CADDY_CONFIG_DIR=/app/data/caddy # Config snapshots
Volumes
Three persistent volumes store your data:
- app_data: CPM+ database, config snapshots, logs
- caddy_data: Caddy certificates, ACME account data
- caddy_config: Caddy runtime configuration
To backup your configuration:
# Backup volumes
docker run --rm -v cpm_app_data:/data -v $(pwd):/backup alpine tar czf /backup/cpm-backup.tar.gz /data
# Restore from backup
docker run --rm -v cpm_app_data:/data -v $(pwd):/backup alpine tar xzf /backup/cpm-backup.tar.gz -C /
Ports
Default port mapping:
- 80: HTTP (Caddy) - redirects to HTTPS
- 443/tcp: HTTPS (Caddy)
- 443/udp: HTTP/3 (Caddy)
- 8080: Management UI (CPM+)
- 2019: Caddy admin API (internal only, exposed in dev mode)
Development Mode
Development mode exposes the Caddy admin API externally for debugging:
docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
Access Caddy admin API: http://localhost:2019/config/
Health Checks
CPM+ includes a health check endpoint:
# Check if app is running
curl http://localhost:8080/api/v1/health
# Check Caddy status
docker-compose exec caddy caddy version
Troubleshooting
App can't reach Caddy
Symptom: "Caddy unreachable" errors in logs
Solution: Ensure both containers are on the same network:
docker-compose ps # Check both services are "Up"
docker-compose logs caddy # Check Caddy logs
Certificates not working
Symptom: HTTP works but HTTPS fails
Check:
- Port 80/443 are accessible from the internet
- DNS points to your server
- Caddy logs:
docker-compose logs caddy | grep -i acme
Config changes not applied
Symptom: Changes in UI don't affect routing
Debug:
# View current Caddy config
curl http://localhost:2019/config/ | jq
# Check CPM+ logs
docker-compose logs app
# Manual config reload
curl -X POST http://localhost:8080/api/v1/caddy/reload
Updating
Pull the latest images and restart:
docker-compose pull
docker-compose up -d
For specific versions:
# Edit docker-compose.yml to pin version
image: ghcr.io/wikid82/caddyproxymanagerplus:v1.0.0
docker-compose up -d
Building from Source
# Build multi-arch images
docker buildx build --platform linux/amd64,linux/arm64 -t caddyproxymanager-plus:local .
# Or use Make
make docker-build
Security Considerations
- Caddy admin API: Keep port 2019 internal (not exposed in production compose)
- Management UI: Add authentication (Issue #7) before exposing to internet
- Certificates: Caddy stores private keys in
caddy_data- protect this volume - Database: SQLite file contains all config - backup regularly
Integration with Existing Caddy
If you already have Caddy running, you can point CPM+ to it:
environment:
- CPM_CADDY_ADMIN_API=http://your-caddy-host:2019
Warning: CPM+ will replace Caddy's entire configuration. Backup first!
Platform-Specific Notes
Synology NAS
Use Container Manager (Docker GUI):
- Import
docker-compose.yml - Map port 80/443 to your NAS IP
- Enable auto-restart
Unraid
- Use Docker Compose Manager plugin
- Add compose file to
/boot/config/plugins/compose.manager/projects/cpm/ - Start via web UI
Home Assistant Add-on
Coming soon in Beta release.
Performance Tuning
For high-traffic deployments:
# docker-compose.yml
services:
caddy:
deploy:
resources:
limits:
memory: 512M
reservations:
memory: 256M
Next Steps
- Configure your first proxy host via UI
- Enable automatic HTTPS (happens automatically)
- Add authentication (Issue #7)
- Integrate CrowdSec (Issue #15)