Simplest HTTPS/SSL server ever

by Dmitrijs Zaharovs linux | https | devops

Meet Caddy - a powerful, extensible platform (ZeroSSL project) to serve web sites, services and apps, written in Go.

It's also works from within a Docker container with automatic HTTPS with Let's Encrypt.

Let's spin up an SSL-hardened Caddy-powered reverse proxy. It will serve as a gateway to our other services.

So, the easiest way to get started is:

1. Create data and configuration directories:

mkdir /opt/caddy_data
mkdir /opt/caddy_config

Caddy will save important stuff here.

2. Create default index.html file

echo "This works with HTTPS, isn't it?! ;-)" > /opt/index.html

3. Create Caddyfile
Place very simple reverse proxy configuration inside Caddyfile:

echo "mydomain.example.com {" > /opt/Caddyfile
echo "reverse_proxy 127.0.0.1:8080" >> /opt/Caddyfile
echo "}" >> /opt/Caddyfile

4. Start simple HTTP worker
Let's use Python3 command just to serve our index.html file:

cd /opt
python3 -m http.server 8080

5. Start Dockerized Caddy

docker run --network=host -p 80:80 -p 443:443 -p 443:443/udp \
-v /opt/index.html:/usr/share/caddy/index.html \
-v /opt/caddy_data:/data \
-v /opt/caddy_config:/config \
-v /opt/Caddyfile:/etc/caddy/Caddyfile \
caddy:2.6.2-alpine

Ports are not necessary here (because of --network=host), but I like to have them explicitly mentioned.

Add -d (docker run -d ...) option to run it in detached (non-interactive, background) mode.

6. Check it out
Visit mydomain.example.com and you should see your index.html content with HTTPS connection.

In case of any questions, please, check out Caddy documentation, especially Automatic HTTPS section and Common Caddyfile Patterns with Sample Caddyfile.

7. Docker compose
How to run Caddy as a part of docker-compose.yml file?
Here's a piece of docker-compose.yml for Plausible.io project:

  caddy:
    image: caddy:2.6.2-alpine
    network_mode: "host"
    restart: always
    volumes:
      - /opt/caddy_data:/data
      - /opt/caddy_config:/config
      - /opt/Caddyfile:/etc/caddy/Caddyfile

    depends_on:
      - plausible
      - plausible_db
      - plausible_events_db
      - mail
    ports:
      - 80:80
      - 443:443/tcp
      - 443:443/udp

Check source docker-compose.yml file here