feat: add Caddy override template for TLS upgrade path
This commit is contained in:
parent
06e11f4220
commit
63ce385efd
1 changed files with 43 additions and 0 deletions
43
docker-compose.caddy.yml.example
Normal file
43
docker-compose.caddy.yml.example
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
# docker-compose.caddy.yml.example — copy to docker-compose.caddy.yml to
|
||||
# enable automatic TLS via Caddy.
|
||||
#
|
||||
# Requirements:
|
||||
# - FORGEJO_DOMAIN set to a real, DNS-resolvable domain in .env
|
||||
# - Ports 80 and 443 reachable from wherever Caddy needs to provision certs
|
||||
# (the public internet for Let's Encrypt, or your LAN for an internal CA)
|
||||
# - FORGEJO_ROOT_URL=https://${FORGEJO_DOMAIN}/ in .env
|
||||
#
|
||||
# Bring the stack up with both files:
|
||||
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d
|
||||
#
|
||||
# Caddy provisions Let's Encrypt automatically on first request. Persisted
|
||||
# certs and ACME state live under ./data/caddy/.
|
||||
|
||||
name: forgejo-stack
|
||||
|
||||
services:
|
||||
caddy:
|
||||
image: caddy:2
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- ./data/caddy/data:/data
|
||||
- ./data/caddy/config:/config
|
||||
command:
|
||||
- caddy
|
||||
- reverse-proxy
|
||||
- --from
|
||||
- ${FORGEJO_DOMAIN}
|
||||
- --to
|
||||
- forgejo:3000
|
||||
depends_on:
|
||||
forgejo:
|
||||
condition: service_healthy
|
||||
networks: [internal]
|
||||
|
||||
forgejo:
|
||||
# Don't expose 3000 on the host anymore — Caddy fronts ingress.
|
||||
# Internal listening on 3000 stays the same; only the host publish is reset.
|
||||
ports: !reset []
|
||||
Loading…
Add table
Reference in a new issue