Traefik and Caddy support

[waterkip]

What are your opinions about Caddy and Traefik?

I could provide a plug and play system where Traefik terminates SSL and Caddy serves static files.

You essentially define Traefik:

services:
  traefik:
    image: traefik:v3.6
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./etc:/etc/traefik-config
      - ./etc/traefik.yml:/etc/traefik/traefik.yml

You configure Traefik:

logs:
  level: debug

api:
  insecure: true

providers:
  file:
    directory: /etc/traefik-config
    watch: true
  docker:
    exposedbydefault: false

entrypoints:
  web-secure:
    address: :443
  plain-http:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

You configure Caddy:

  web:
    build:
      context: .
      dockerfile: ./docker/caddy/Dockerfile
    expose:
      - 80
    networks:
      - default
    depends_on:
      pause:
        condition: service_started
    volumes:
      - ./:/var/www:rw
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web.rule=Host(`pause.localhost`)"
      - "traefik.http.routers.web.entrypoints=websecure"
      - "traefik.http.routers.web.tls=true"
      - "traefik.http.services.web.loadbalancer.server.port=80"
      - "traefik.http.middlewares.https-forward.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.web.middlewares=https-forward"

And the Dockerfile:

$ cat ./docker/caddy/Dockerfile
FROM caddy:2-alpine

COPY ./docker/caddy/Caddyfile /etc/caddy/Caddyfile
WORKDIR /var/www

With a simple Caddyfile:

:80 {
  root * /var/www/public
  file_server
}

If you have mkcert the stuff becomes even easier for the SSL certs.

If you want this, I can work on it, otherwise I'll leave it up so you can think about it :)

[Grinnz]

What would be the benefit of this?

[waterkip]

I personally like how Traefik makes it super easy to add services that can be exposed over the network. You just add a label, and you have a secondary service up and running. Additionally, you don't need to add site-enabled's or similar constructs to add a secondary service.

Caddy is easier (less config) than nginx.

I find that it takes care of all the annoying bits nginx has. If a backend is down, nginx cannot start (hate it) -- it first needs to be able to connect to a configured backend. Traefik just starts, and once your backend becomes available, it just serves the content.

You can add mailpit/mailhog/mailcrab via the same UI, and you get the SSL certs out of the box via Traefik:

  smtpd:
    image: "mailhog/mailhog"
    expose:
      - "1025"
      - "8025"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mailhog.tls=true"
      - "traefik.http.routers.mailhog.rule=Host(`mail.pause.localhost`)"
      - "traefik.http.services.mailhog.loadbalancer.server.port=8025"

You now have https://pause.localhost and https://mail.pause.localhost without having to tell nginx anything. Add redis and have a web UI:

  redis-commander-thing:
    image: "redis/commander" # this is a fake img
    expose:
      - "6666"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mailhog.tls=true"
      - "traefik.http.routers.mailhog.rule=Host(`redis.pause.localhost`)"
      - "traefik.http.services.mailhog.loadbalancer.server.port=6666"

https://redis.pause.localhost just became available.

All in all: I think the experience is a lot nicer than nginx.