Public | Automated Build

Last pushed: 8 months ago
Short Description
Caddyserver-based proxy which allows for easy use of Let's Encrypt in front of another application.
Full Description

This image runs Caddyserver as a simple proxy. By setting two environment variables you can move it from development to your (simple) production server with Let's Encrypt enabled.

By default this proxy points from localhost:80 to web:8000 and does not enable Let's Encrypt. To alter this behavior, set these environment variables:

  • PROXY_FROM domain
  • PROXY_TO local:port
  • MAX_CERTS If set to >1, enables "on-demand" certificates, allowing Caddy to obtain certificates as domains are requested. See the 0.8.2 release notes for the initial idea.

PROXY_FROM can be set to a specific port, but this may break Let's Encrypt certificates. To leave Let's Encrypt disabled, set ACME_EMAIL to "off" (or leave it at the default).

For example, Google might use this by setting PROXY_FROM = and ACME_EMAIL =

For development, you may want to set PROXY_FROM = :80. This will allow Caddy to be accessible from any host, useful if you're using other devices/VMs to access the dev site.

Saving Certificates

Let's Encrypt certificates are saved by default to $HOME/.caddy. You should mount this as a volume. If you do not, you risk overrunning your LE limit.

You can also set CADDYPATH to define a different location inside the container for certificates to be stored. This is probably the safest option as it ensures any future docker image changes don't interfere with your ability to save certificates!


Dumb-init is the hottest thing since sliced bread. If you've ever had issues with signals being sent to your Docker containers, check out


This Dockerfile was originally taken from

Docker Pull Command
Source Repository