How To Set Up A Reverse Proxy With Free SSL Using Caddy

No Comments
Modified: 14.05.2023

Are you looking to set up a domain for your hosted application and secure it with a free SSL certificate? Look no further! In this comprehensive guide, we’ll take you through the entire process step-by-step. From purchasing a domain and setting up DNS records to using Caddy as a reverse proxy and automating SSL certificates, we’ll cover everything you need to know to quickly bring your side project online!

Don’t want to read? Watch the video instead!

Introduction

In this four-part series, we already learned how to set up a server (VPS), and we successfully hosted a simple application using Docker, making it accessible through a domain using an A record. The next essential step is to secure our application with SSL to ensure safe data transfer between the server and the client. With services like Let’s Encrypt, obtaining an SSL certificate has become a breeze, and it’s free! So, in this post, we will learn how to set up a reverse proxy for your application and how to secure it with free SSL certificates using Caddy. Meaning by the end of this post, you’ll be able to access your application under your domain with HTTPS, giving your project a more professional and secure look.

Server icon

VPS Hosting Course

Learn everything you need to know about servers and hosting your own applications!

This post has two alternatives

You can read a comparison here.

Use Caddy as a reverse proxy with free SSL for your application

Now that we set up the domain for the server (If you did not set up a domain yet, do so before continuing. Learn how to do in the last post.), we can use Caddy as a reverse proxy to direct the traffic from a certain domain to a certain container. Caddy uses a simple configuration file called Caddyfile where we configure the reverse proxy.

First, edit the docker-compose.yml file of the last post and add a container called caddy and a network called caddy-net. In addition, we also need to add the network to the frontend container.

Need help or want to share feedback? Join my discord community!

version: '3'
services:
  caddy:
    image: caddy
    ports: 
      - "80:80"
      - "443:443"
    networks:
      - caddy-net
    volumes:
      - ./caddy/data/:/data/
      - ./caddy/config/:/config/
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile

  frontend:
    container_name: frontend
    image: ghcr.io/<username>/<image-name>:latest
    networks:
      - caddy-net

networks:
  caddy-net:

The caddy container has a port mapping of 80 and 443 to expose HTTP and HTTPS to the web. In addition, we need three volumes. The data, config, and Caddyfile volumes. Before recreating the containers, set up a new folder called caddy on the same layer as the docker-compose.yml. Inside this directory, we need to create the Caddyfile.

{
    email <your@email.tld>
}

<domain.tld> {
    reverse_proxy http://frontend:8000
}

We basically define the reverse proxy to point at port 8000 of the frontend container. To do so, the container needs to be in the same network as the caddy container, and the other container has to expose a port. We did this inside the Dockerfile in the last post, but you can also do so using the expose property inside the docker compose file.

KOFI Logo

If this guide is helpful to you and you like what I do, please support me with a coffee!

Additionally, we have to set the email property for Let’s Encrypt, a service that allows you to request free SSL certificates.

After we configured the reverse proxy inside Caddy and the Caddyfile we have to recreate both containers running docker compose up -d.

You can now access your application under <domain.tld>, and the traffic is secured using SSL.

To add a new container, you have to configure it inside the Caddyfile and restart caddy using docker compose restart caddy.

Conclusion

In this series of posts, we learned how to set up a server (VPS), how to host our first application using docker, and lastly, how to set up a domain and secure it using a reverse proxy with free SSL certificates. Our application is now reachable through https and our chosen domain!

I hope these posts were helpful to you. If so, share them with your friends, and let me know if you have questions!

In case you liked this consider subscribing to my newsletter and joining my discord community!

[convertkit form=2303042]

Discussion (0)