Caddy Setup

We use Caddy Server to handle the domain and SSL certificates for our applications. In this exercise, you will learn how to set up Caddy Server to serve your application over HTTPS as a reverse proxy.

Caddy is a powerful, enterprise-ready, open-source web server with automatic HTTPS written in Go. It is designed to be easy to use and configure while providing a secure and efficient web server. Caddy is a great choice for serving web applications and websites, especially when you need to handle HTTPS and domain management. Later in the semester, we will also use Caddy to serve static web pages for deploying frontend React applications.

1. You will need to have a Docker Image on Docker Hub with your Javalin application. If not, then follow the Actions and Docker Hub tutorial tutorial first.
2. You should also have a Javalin application running on your Droplet in a Docker Container. If that is not the case, then follow the Hotel API tutorial tutorial first.
3. You will need to buy a domain name and setup the DNS at Digital Ocean.
4. You should have created a subdomain for your Javalin application. For example, if your domain is mydomain.com, then you could create a subdomain like hotel.mydomain.com for your Javalin application.

Move to the ~jetty/deployment folder on your Droplet and open the docker-compose.yml file in an editor (nano).

To add the Caddy server to this Docker Compose file, you can connect it to both the backend network (to interact with db) and an additional frontend network for communication with the hotelAPI. This setup allows Caddy to serve as a reverse proxy for the Javalin API while keeping the db service on its dedicated network.

Here’s how you can modify the Docker Compose file to include Caddy:

  caddy:
    image: caddy:2.7.6
    restart: unless-stopped
    container_name: caddy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - ./caddy_data:/data
      - ./caddy_config:/config
    networks:
      - frontend
    depends_on:
      hotelAPI:
        condition: service_healthy

volumes:
  caddy_data:
  caddy_config:
  logs:

• Networks:

  • backend: The hotelAPI and db services are connected to this network to allow them to communicate internally.
  • frontend: A network for the hotelAPI and caddy services. This enables the Caddy server to proxy requests to hotelAPI without exposing the database on this network.

• Caddy Service Configuration:

  • Caddy is only connected to the frontend network, as it doesn’t need to access the database.
  • It uses volumes to mount the Caddyfile and persist configuration data.

In the Caddyfile, configure the reverse proxy for the Javalin API:

nano Caddyfile

Enter the following configuration with you own domain name:

hotel.showcode.dk {
        reverse_proxy hotelAPI:7070
}

To start everything, use:

docker compose up -d

This setup ensures that:

• Caddy can serve requests from hotel.showcode.dk and route them to the hotelAPI.
• The db service is isolated on the backend network and isn’t accessible from the frontend, which enhances security by reducing direct access to the database from outside sources.
• Notice the healthcheck configuration for the db and hotelAPI services. This ensures that the database is running before the hotelAPI container starts, and that the hotelAPI needs to be in a healty state before Caddy starts routing requests to it.

Below is a visual representation of the network configuration for the services:

As a last step we will add Watchtower to the Docker Compose file to ensure that the containers are always up-to-date. Follow the Watchtower Setup tutorial to complete the deployment pipeline setup.