43 lines
1.2 KiB
Text
43 lines
1.2 KiB
Text
# docker-compose.caddy.yml.example — copy to docker-compose.caddy.yml to
|
|
# enable automatic TLS via Caddy.
|
|
#
|
|
# Requirements:
|
|
# - FORGEJO_DOMAIN set to a real, DNS-resolvable domain in .env
|
|
# - Ports 80 and 443 reachable from wherever Caddy needs to provision certs
|
|
# (the public internet for Let's Encrypt, or your LAN for an internal CA)
|
|
# - FORGEJO_ROOT_URL=https://${FORGEJO_DOMAIN}/ in .env
|
|
#
|
|
# Bring the stack up with both files:
|
|
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d
|
|
#
|
|
# Caddy provisions Let's Encrypt automatically on first request. Persisted
|
|
# certs and ACME state live under ./data/caddy/.
|
|
|
|
name: forgejo-stack
|
|
|
|
services:
|
|
caddy:
|
|
image: caddy:2
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./data/caddy/data:/data
|
|
- ./data/caddy/config:/config
|
|
command:
|
|
- caddy
|
|
- reverse-proxy
|
|
- --from
|
|
- ${FORGEJO_DOMAIN}
|
|
- --to
|
|
- forgejo:3000
|
|
depends_on:
|
|
forgejo:
|
|
condition: service_healthy
|
|
networks: [internal]
|
|
|
|
forgejo:
|
|
# Don't expose 3000 on the host anymore — Caddy fronts ingress.
|
|
# Internal listening on 3000 stays the same; only the host publish is reset.
|
|
ports: !reset []
|