Caddy Web Server

• HTTPS/TLS for custom domains
• Dynamically provision certificates
• Massively scale your TLS

Caddyfile

TLS API (cloudflare)

(cloudflare-tls) {
      tls {
        dns cloudflare {token}
      }
}

domain.com {
        reverse_proxy :20843 {
                header_up X-Forwarded-Host {host}
                header_up X-Forwarded-Proto {scheme}
        }
        import cloudflare-tls
}

basicauth

:20843 {
        basicauth {
                # Username "Wayne", password "xxxxx"
                Wayne {generate_password}
        }
        reverse_proxy :20800
}

file bowser

files.9af5b700.nip.io {
        # respond "Cloud Service is now upgrading"
        file_server * {
                root    /opt/space/web/
        }
}

simple location

service.nip.io {
    respond /.well-known/cf-2fa-verify.txt "IWe16SxESyoD8drSQAGw" 200 {
            close
    }
}

# 语法解析
respond {location} "{response}" {status} {
        close # 发送完响应后立即关闭客户端连接
}

CaddyManager

其实没什么用，这个 manager 自带一个前端后端，然后再去连接Caddy，除了不用ssh登陆改配置，好像提升不了什么效率。只是界面好看。

• https://caddymanager.online/#/docs

docker-compose:

services:
  # Backend API server
  backend:
    image: caddymanager/caddymanager-backend:latest
    container_name: caddymanager-backend
    restart: unless-stopped
    environment:
      - PORT=3000
      # Database Engine Configuration (defaults to SQLite)
      - DB_ENGINE=sqlite  # Options: 'sqlite' or 'mongodb'
      # SQLite Configuration (used when DB_ENGINE=sqlite)
      - SQLITE_DB_PATH=/app/data/caddymanager.sqlite
      - CORS_ORIGIN=http://localhost:80
      - LOG_LEVEL=debug
      - CADDY_SANDBOX_URL=http://localhost:2019
      - PING_INTERVAL=30000
      - PING_TIMEOUT=2000
      - AUDIT_LOG_MAX_SIZE_MB=100
      - AUDIT_LOG_RETENTION_DAYS=90
      - METRICS_HISTORY_MAX=1000  # Optional: max number of in-memory metric history snapshots to keep
      - JWT_SECRET=your_jwt_secret_key_here  # Change for production!
      - JWT_EXPIRATION=24h
    # Backend is now only accessible through frontend proxy
    volumes:
      - sqlite_data:/app/data  # SQLite database storage
    networks:
      - caddymanager

  # Frontend web UI
  frontend:
    image: caddymanager/caddymanager-frontend:latest
    container_name: caddymanager-frontend
    restart: unless-stopped
    depends_on:
      - backend
    environment:
      - BACKEND_HOST=backend:3000
      - APP_NAME=Caddy Manager
      - DARK_MODE=false
    ports:
      - "3080:80"  # Expose web UI
    networks:
      - caddymanager

networks:
  caddymanager:
    driver: bridge

volumes:
  sqlite_data:   # SQLite database storage

# Notes:
# - SQLite is the default database engine - no additional setup required!
# - To use MongoDB instead, set DB_ENGINE=mongodb and start with: docker-compose --profile mongodb up
# - For production, use strong passwords and consider secrets management.
# - The backend uses SQLite by default, storing data in a persistent volume.
# - The frontend proxies all /api/* requests to the backend service.
# - Backend is not directly exposed - all API access goes through the frontend proxy.