Skip to content

Instantly share code, notes, and snippets.

@gordinmitya

gordinmitya/Caddyfile

Last active September 10, 2025 04:27
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save gordinmitya/8b9034620cae5cbccac819268b154a8c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save gordinmitya/8b9034620cae5cbccac819268b154a8c to your computer and use it in GitHub Desktop.
Download ZIP
Sample setup for self-hosting inside tailscale vpn network with proper https.
Raw
README.md

Sample setup for self-hosting inside tailscale vpn network with proper https.

  1. In cloudflare DNS settings assign *.yourdomain.net to your server's ip address in tailscale network.
  2. Because sites are not publicly available we can't use default letsencrypt challendge to issue tls certificates. We have to use cloudflare api with Caddy plugin. link. Make token and save it in caddy.env CLOUDFLARE_API_TOKEN="blahblah".
  3. Open up your firewall sudo ufw allow in on tailscale0
  4. Manually create docker network so we can use it in multiple docker-compose files sudo docker network create tunnel-proxy-local
Raw
Caddyfile
{
admin off
email admin@gordinmitya.me
}
# sample-service is docker container name in the same docker network
sample.gordinmitya.me {
reverse_proxy sample-service:80
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
Raw
docker-compose-service.yaml
services:
caddy:
image: caddy:2
container_name: sample-service
networks:
- tunnel-proxy-local
# no need to expose ports - everything is inside docker network
restart: unless-stopped
networks:
tunnel-proxy-local:
external: true
Raw
docker-compose.yaml
services:
proxy:
build:
context: .
dockerfile: Dockerfile
container_name: proxy-local
restart: unless-stopped
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_local_data:/data
- caddy_local_config:/config
ports:
- "80:80"
- "443:443"
env_file:
- ./caddy.env
networks:
- tunnel-proxy-local
volumes:
caddy_local_data:
caddy_local_config:
# this network is created manually:
# sudo docker network create tunnel-proxy-local
networks:
tunnel-proxy-local:
external: true
Raw
Dockerfile
FROM caddy:2-builder-alpine AS builder
# we have to build caddy to include the cloudflare dns plugin
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/mholt/caddy-l4
FROM caddy:2-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment