Ansible Role: dbrennand.caddy_docker

This Ansible role is used to set up Caddy in a Docker container.

Requirements

• Docker

• Docker SDK for Python

• community.docker Ansible collection:

  ansible-galaxy collection install community.docker
  

Role Variables

caddy_docker_state: present

Controls whether to keep or remove the Caddy directories, Caddyfile, Docker networks, images, and containers. Set to absent to delete these resources.

caddy_docker_config_directory:
  path: ~/.config/caddy/
  # Optional
  # owner: owner
  # group: group
  # mode: 0755
caddy_docker_data_directory:
  path: ~/.local/share/caddy/

Specify where the Caddy configuration and data directories should be created. These will be attached to the container.

caddy_docker_caddyfile: |-
  localhost
  respond "Hello, world!"

Define the contents of the Caddyfile for configuring Caddy.

caddy_docker_caddyfile_file:
  path: ~/.config/Caddyfile

The path for the Caddyfile that will be created and attached to the container.

caddy_docker_image: caddy:2.7.4-alpine
caddy_docker_builder_image: caddy:2.7.4-builder

The images used for running Caddy in a container. The builder image is used if any plugins are specified.

caddy_docker_builder_directory:
  path: /tmp/caddy-builder/

The path for the directory used to build the container. Override this if you are using a custom Dockerfile.

caddy_docker_builder_template: dockerfile.j2

The template for the Dockerfile used to build the Caddy container, applicable when you use plugins.

caddy_docker_builder_force: false

Set to true to force a rebuild of the Caddy container when using plugins.

caddy_docker_plugins: []
# Example
# caddy_docker_plugins:
#   - github.com/caddy-dns/cloudflare
#   - github.com/lucaslorentz/caddy-docker-proxy/v2

A list of plugins to include in the Caddy container.

caddy_docker_networks:
  - name: caddy

Names of Docker networks to create and connect to the Caddy container.

caddy_docker_network_mode: default

Set the Docker network mode for the Caddy container.

caddy_docker_command: caddy run --config /etc/caddy/Caddyfile --adapter caddyfile

The command used to start the Caddy container. You might need to modify this for plugins.

caddy_docker_restart_policy: unless-stopped

The restart policy for the Caddy container.

caddy_docker_ports:
  - 80:80
  - 443:443
  - "443:443/udp"
caddy_docker_exposed_ports: []
# Example
# caddy_docker_exposed_ports:
#   - 9000

Ports to open on the Caddy container.

caddy_docker_etc_hosts: {}
# Example
# caddy_docker_etc_hosts:
#   host.docker.internal: host-gateway

Hostname to IP mappings for the Caddy container's /etc/hosts file.

caddy_docker_extra_volumes: []
# Example
# caddy_docker_extra_volumes:
#   - /site:/srv

Additional volumes to attach to the Caddy container.

caddy_docker_environment_variables: {}
# Example
# caddy_docker_environment_variables:
#   DOMAIN: example.com

Environment variables for the Caddy container.

Dependencies

None.

Example Playbook

- name: dbrennand.caddy_docker
  hosts: all
  vars:
    pip_install_packages:
      - name: docker
  pre_tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: true
  roles:
    - geerlingguy.pip
    - geerlingguy.docker
    - dbrennand.caddy_docker

Example - Cloudflare DNS-01 Challenge

This example uses the Cloudflare module for Caddy to get certificates from Let's Encrypt for a Cloudflare managed domain without needing to open port 80.

1. Go to the Cloudflare dashboard profile page.
2. Click on API Tokens > Create Token.
3. Select the template named Edit zone DNS.
4. Name the token as you like.
5. Under Permissions, select + Add more and add Zone / Zone / Read.
6. Under Zone Resources, include your zone: Include / Specific zone / example.tld.
7. Optionally, configure Client IP Address Filtering.
8. Click Continue to summary > Create Token.

- name: dbrennand.caddy_docker - Cloudflare
  hosts: all
  vars:
    pip_install_packages:
      - name: docker
    caddy_docker_caddyfile: |-
      {
              email {$ACME_EMAIL}
      }

      (cloudflare) {
              tls {
                      dns cloudflare {$CLOUDFLARE_API_TOKEN}
              }
      }

      service.{$DOMAIN} {
              import cloudflare
              reverse_proxy container:port
      }
    caddy_docker_plugins:
      - github.com/caddy-dns/cloudflare
    caddy_docker_environment_variables:
      DOMAIN: domain.tld
      ACME_EMAIL: [email protected]
      CLOUDFLARE_API_TOKEN: token
  pre_tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: true
  roles:
    - geerlingguy.pip
    - geerlingguy.docker
    - dbrennand.caddy_docker

Example - Tailscale

This example sets up Tailscale and configures Caddy to obtain a Let's Encrypt certificate for your Tailscale node.

- name: dbrennand.caddy_docker - Tailscale
  hosts: all
  vars:
    pip_install_packages:
      - name: docker
    tailscale_authkey: key
    caddy_docker_caddyfile: |-
      {
              email {$ACME_EMAIL}
      }

      (tailscale) {
              tls {
                      get_certificate tailscale
              }
      }

      node.{$TAILNET} {
              import tailscale
              reverse_proxy container:port
      }
    caddy_docker_extra_volumes:
      - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock
    caddy_docker_environment_variables:
      ACME_EMAIL: [email protected]
      TAILNET: domain-alias.ts.net
  pre_tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: true
  roles:
    - geerlingguy.pip
    - geerlingguy.docker
    - artis3n.tailscale
    - dbrennand.caddy_docker

Molecule Tests 🧪

Use molecule test to test the role.

License

This project is licensed under the MIT License. See the LICENSE for details.

Authors & Contributors

dbrennand - Author