logo
Caddy:现代化的 Web 服务器

Caddy Docker 部署指南

本文将详细介绍如何在 Docker 环境中部署和运行 Caddy 服务器。

基础部署

使用官方镜像

# 拉取官方镜像
docker pull caddy:latest

# 运行基础容器
docker run -d \
    --name caddy \
    -p 80:80 \
    -p 443:443 \
    caddy

使用自定义 Caddyfile

# 创建配置文件目录
mkdir -p /path/to/caddy/config

# 创建 Caddyfile
cat > /path/to/caddy/config/Caddyfile <<EOF
example.com {
    root * /srv
    file_server
}
EOF

# 运行带配置的容器
docker run -d \
    --name caddy \
    -p 80:80 \
    -p 443:443 \
    -v /path/to/caddy/config/Caddyfile:/etc/caddy/Caddyfile \
    -v caddy_data:/data \
    -v caddy_config:/config \
    caddy

Docker Compose 配置

基础配置

version: '3.7'

services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

与其他服务集成

version: '3.7'

services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - web

  webapp:
    image: nginx:alpine
    container_name: webapp
    restart: unless-stopped
    volumes:
      - ./webapp:/usr/share/nginx/html
    networks:
      - web

networks:
  web:
    driver: bridge

对应的 Caddyfile:

example.com {
    reverse_proxy webapp:80
}

自定义镜像

Dockerfile 示例

FROM caddy:builder AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare \
    --with github.com/greenpau/caddy-security

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy
COPY Caddyfile /etc/caddy/Caddyfile

构建和运行

# 构建镜像
docker build -t custom-caddy .

# 运行容器
docker run -d \
    --name custom-caddy \
    -p 80:80 \
    -p 443:443 \
    custom-caddy

生产环境配置

完整的 Docker Compose 配置

version: '3.7'

services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"  # For HTTP/3
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config
      - ./logs:/var/log/caddy
    environment:
      - TZ=Asia/Shanghai
    networks:
      - web
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      resources:
        limits:
          memory: 1G
        reservations:
          memory: 512M

volumes:
  caddy_data:
    driver: local
  caddy_config:
    driver: local

networks:
  web:
    driver: bridge

生产环境 Caddyfile

{
    email admin@example.com
    acme_ca https://acme-v02.api.letsencrypt.org/directory
    
    servers {
        protocols h1 h2 h2c h3
    }
    
    log {
        output file /var/log/caddy/access.log {
            roll_size 10mb
            roll_keep 10
        }
    }
}

example.com {
    root * /srv
    encode gzip
    
    log {
        output file /var/log/caddy/example.com.log {
            roll_size 10mb
            roll_keep 10
        }
    }
    
    handle_errors {
        root * /srv/errors
        rewrite * /{http.error.status_code}.html
        file_server
    }
    
    file_server
}

常见问题处理

权限问题

# 设置正确的文件权限
chmod -R 755 /path/to/site
chown -R 1000:1000 /path/to/site

# 或在 docker run 时指定用户
docker run -u $(id -u):$(id -g) ...

证书持久化

version: '3.7'

services:
  caddy:
    volumes:
      - ./caddy/certificates:/data/caddy/certificates
      - ./caddy/config:/config

日志轮转

services:
  caddy:
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

监控和维护

健康检查

services:
  caddy:
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

资源限制

services:
  caddy:
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M