services: web: container_name: caddy-proxy-manager-web image: ghcr.io/fuomag9/caddy-proxy-manager-web:latest build: context: . dockerfile: docker/web/Dockerfile args: # User and group IDs for rootless operation # Set these to match your host user to avoid permission issues # Find your UID/GID with: id -u / id -g PUID: ${PUID:-10001} PGID: ${PGID:-10001} restart: unless-stopped ports: - "3000:3000" environment: # Node environment NODE_ENV: production # REQUIRED: Session secret for encrypting cookies and sessions # Generate with: openssl rand -base64 32 # SECURITY: You MUST set this to a unique value in production! SESSION_SECRET: ${SESSION_SECRET:?ERROR - SESSION_SECRET is required} # Caddy API endpoint (internal communication) CADDY_API_URL: ${CADDY_API_URL:-http://caddy:2019} # Public base URL for the application BASE_URL: ${BASE_URL:-http://localhost:3000} # Database configuration DATABASE_PATH: /app/data/caddy-proxy-manager.db DATABASE_URL: file:/app/data/caddy-proxy-manager.db # NextAuth configuration NEXTAUTH_URL: ${BASE_URL:-http://localhost:3000} # REQUIRED: Admin credentials for login # SECURITY: You MUST set these to secure values in production! # Password must be 12+ chars with uppercase, lowercase, numbers, and special chars ADMIN_USERNAME: ${ADMIN_USERNAME:?ERROR - ADMIN_USERNAME is required} ADMIN_PASSWORD: ${ADMIN_PASSWORD:?ERROR - ADMIN_PASSWORD is required} # OAuth2/OIDC Authentication (Optional - works with Authentik, Authelia, Keycloak, etc.) OAUTH_ENABLED: ${OAUTH_ENABLED:-false} OAUTH_PROVIDER_NAME: ${OAUTH_PROVIDER_NAME:-OAuth2} OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID:-} OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET:-} OAUTH_ISSUER: ${OAUTH_ISSUER:-} OAUTH_AUTHORIZATION_URL: ${OAUTH_AUTHORIZATION_URL:-} OAUTH_TOKEN_URL: ${OAUTH_TOKEN_URL:-} OAUTH_USERINFO_URL: ${OAUTH_USERINFO_URL:-} OAUTH_ALLOW_AUTO_LINKING: ${OAUTH_ALLOW_AUTO_LINKING:-false} volumes: - caddy-manager-data:/app/data - geoip-data:/usr/share/GeoIP:ro,z depends_on: caddy: condition: service_healthy networks: - caddy-network healthcheck: test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/api/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"] interval: 30s timeout: 10s retries: 3 start_period: 40s caddy: container_name: caddy-proxy-manager-caddy image: ghcr.io/fuomag9/caddy-proxy-manager-caddy:latest build: context: . dockerfile: docker/caddy/Dockerfile args: # User and group IDs for rootless operation # Set these to match your host user to avoid permission issues # Find your UID/GID with: id -u / id -g PUID: ${PUID:-10000} PGID: ${PGID:-10000} restart: unless-stopped ports: - "80:80" - "443:443" # Admin API (port 2019) is only exposed on internal network for security # Web UI accesses via http://caddy:2019 internally # Uncomment the line below to expose metrics externally for Grafana/Prometheus # - "9090:9090" # Metrics available at http://localhost:9090/metrics (configure in Settings first) environment: # Primary domain for Caddy configuration PRIMARY_DOMAIN: ${PRIMARY_DOMAIN:-caddyproxymanager.com} volumes: - caddy-data:/data - caddy-config:/config - caddy-logs:/logs - geoip-data:/usr/share/GeoIP:ro,z networks: - caddy-network healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "-O", "/dev/null", "http://localhost:2019/config/"] interval: 30s timeout: 10s retries: 3 start_period: 10s geoipupdate: container_name: geoipupdate-${HOSTNAME} image: ghcr.io/maxmind/geoipupdate profiles: [geoipupdate] restart: always environment: - GEOIPUPDATE_ACCOUNT_ID=${GEOIPUPDATE_ACCOUNT_ID:-} - GEOIPUPDATE_LICENSE_KEY=${GEOIPUPDATE_LICENSE_KEY:-} - 'GEOIPUPDATE_EDITION_IDS=GeoLite2-ASN GeoLite2-City GeoLite2-Country' - GEOIPUPDATE_FREQUENCY=72 volumes: - geoip-data:/usr/share/GeoIP:z networks: - caddy-network networks: caddy-network: driver: bridge volumes: caddy-manager-data: caddy-data: caddy-config: caddy-logs: geoip-data: