Skill
Caddy Reverse Proxy
Caddy Reverse Proxy Integration Skill
Overview
Caddy runs on Ubuntu server as automatic HTTPS reverse proxy for all services.
Features:
- ✅ Automatic HTTPS (Let's Encrypt)
- ✅ HTTP/2 and HTTP/3
- ✅ Zero-downtime config reloads
- ✅ Automatic certificate renewal
Caddyfile Configuration
# /mnt/storage/new-stack/caddy/Caddyfile
# API Backend
api.proyaro.com {
reverse_proxy api-backend:8000
# Enable WebSocket support
@websocket {
header Connection *Upgrade*
header Upgrade websocket
}
reverse_proxy @websocket api-backend:8000
# CORS headers
header {
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers *
}
}
# Frontend
app.proyaro.com {
reverse_proxy frontend:3000
# Enable compression
encode gzip
# Cache static assets
@static {
path *.js *.css *.png *.jpg *.ico *.woff*
}
header @static Cache-Control "public, max-age=31536000"
}
# Additional domains
intagmedia.proyaro.com {
reverse_proxy frontend:3000
}
Docker Compose Integration
services:
caddy:
image: caddy:2-alpine
container_name: proyaro-caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- ./volumes/caddy_data:/data
- ./volumes/caddy_config:/config
networks:
- proyaro_network
depends_on:
- api-backend
- frontend
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/health"]
interval: 30s
timeout: 10s
retries: 3
networks:
proyaro_network:
driver: bridge
Common Operations
Reload Configuration
# Reload without downtime
cd /mnt/storage/new-stack
docker compose exec caddy caddy reload --config /etc/caddy/Caddyfile
# Check configuration
docker compose exec caddy caddy validate --config /etc/caddy/Caddyfile
View Logs
# Caddy logs
docker compose logs -f caddy
# Access logs
docker compose exec caddy cat /data/caddy/logs/access.log
# Error logs
docker compose logs caddy | grep -i error
Certificate Management
# List certificates
docker compose exec caddy caddy list-certificates
# Force renewal
docker compose exec caddy caddy renew
# Check certificate expiry
docker compose exec caddy caddy certificates
Adding New Domain
- Update Caddyfile:
newdomain.proyaro.com {
reverse_proxy service-name:port
}
- Reload Caddy:
docker compose exec caddy caddy reload --config /etc/caddy/Caddyfile
- DNS Configuration: Point DNS A record to Ubuntu server IP (10.0.0.11 or public IP)
Advanced Features
Rate Limiting
api.proyaro.com {
rate_limit {
zone api {
key {remote_host}
events 100
window 1m
}
}
reverse_proxy api-backend:8000
}
Custom Error Pages
api.proyaro.com {
handle_errors {
@500 expression {http.error.status_code} >= 500
rewrite @500 /error_pages/{http.error.status_code}.html
file_server
}
reverse_proxy api-backend:8000
}
Basic Auth
admin.proyaro.com {
basicauth {
admin $2a$14$hashed_password
}
reverse_proxy admin-panel:3000
}
Troubleshooting
# Check if Caddy is running
docker compose ps caddy
# Restart Caddy
docker compose restart caddy
# View real-time logs
docker compose logs -f --tail=50 caddy
# Check port bindings
ss -tlnp | grep -E ':(80|443)'
# Test HTTPS
curl -I https://api.proyaro.com/health
# Check certificate
echo | openssl s_client -connect api.proyaro.com:443 -servername api.proyaro.com 2>/dev/null | openssl x509 -noout -dates
Best Practices
- Always use
docker compose reloadnotrestart - Test config with
caddy validatebefore applying - Keep Caddyfile in version control
- Monitor certificates - auto-renewal should work but verify
- Use health checks for all upstream services
- Enable compression for frontend assets
- Set proper cache headers for static content
Version: 1.0
Note: Use docker compose not docker-compose
ProYaro AI Infrastructure Documentation • Version 1.2