Just a quick cheatsheet-ish post as I figure out how to move my home server off nginx and onto caddy-docker-proxy, which I hope will make configuration easier in the long run. Figuring out what labels to attach to get Caddy to do what I want is a minor stumbling block.
In this case, it’s working with the Collabora server that my Nextcloud instance uses to enable online editing of office-type files. The sticking point is that the server complains if Nextcloud connects over plain HTTP, but Caddy (though which Nextcloud will connect) complained about the Collabora server’s self-signed SSL certificate.
This docker-compose.yml is what I ended up using:
services:
collabora:
image: collabora/code
container_name: collabora
restart: unless-stopped
environment:
extra_params: --o:ssl.enable=true
networks:
- www
labels:
caddy: collabora.alfter.us
caddy.reverse_proxy: https://collabora.www:9980
caddy.reverse_proxy.transport: http
caddy.reverse_proxy.transport.tls_insecure_skip_verify:
networks:
www:
name: www
external: trueThe “www” network connects Nginx and Caddy (eventually just Caddy) to all of the containers to be proxied. The first two labels are pretty normal, but the last two are what tell Caddy to ignore Collabora’s self-signed certificate. The part of the Caddyfile that handles collabora.alfter.us ends up looking something like this:
collabora.alfter.us {
reverse_proxy https://collabora.www {
transport http {
tls_insecure_skip_verify
}
}
}