forgejo-stack/docker-compose.caddy.yml.example

43 lines
1.2 KiB
Text

# docker-compose.caddy.yml.example — copy to docker-compose.caddy.yml to
# enable automatic TLS via Caddy.
#
# Requirements:
# - FORGEJO_DOMAIN set to a real, DNS-resolvable domain in .env
# - Ports 80 and 443 reachable from wherever Caddy needs to provision certs
# (the public internet for Let's Encrypt, or your LAN for an internal CA)
# - FORGEJO_ROOT_URL=https://${FORGEJO_DOMAIN}/ in .env
#
# Bring the stack up with both files:
# docker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d
#
# Caddy provisions Let's Encrypt automatically on first request. Persisted
# certs and ACME state live under ./data/caddy/.
name: forgejo-stack
services:
caddy:
image: caddy:2
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./data/caddy/data:/data
- ./data/caddy/config:/config
command:
- caddy
- reverse-proxy
- --from
- ${FORGEJO_DOMAIN}
- --to
- forgejo:3000
depends_on:
forgejo:
condition: service_healthy
networks: [internal]
forgejo:
# Don't expose 3000 on the host anymore — Caddy fronts ingress.
# Internal listening on 3000 stays the same; only the host publish is reset.
ports: !reset []