46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
# Optional Caddy overlay — adds auto-HTTPS (Let's Encrypt) in front
|
|
# of the omnigent container. Use this when you're deploying on a
|
|
# VPS/EC2/home server with a public domain pointed at it and you
|
|
# don't already have a reverse proxy.
|
|
#
|
|
# Usage:
|
|
#
|
|
# # 1. Edit .env and set:
|
|
# # OMNIGENT_DOMAIN=omnigent.example.com
|
|
# # (No ACME email needed — Let's Encrypt registers anonymously.
|
|
# # To get expiry notices, add a global `email` block to Caddyfile.)
|
|
# #
|
|
# # 2. Point DNS A/AAAA records for the domain at this host.
|
|
# #
|
|
# # 3. Bring it up with BOTH compose files:
|
|
# docker compose -f docker-compose.yaml -f docker-compose.https.yaml up -d
|
|
#
|
|
# Caddy auto-provisions and renews the TLS cert via Let's Encrypt
|
|
# (HTTP-01 challenge on :80). The omnigent container stops being
|
|
# directly exposed — only :80 and :443 from Caddy are published.
|
|
|
|
services:
|
|
omnigent:
|
|
# Drop the direct 8000 publish; Caddy proxies in over the docker network.
|
|
ports: !reset []
|
|
|
|
caddy:
|
|
image: caddy:2-alpine
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- omnigent
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "443:443/udp"
|
|
environment:
|
|
OMNIGENT_DOMAIN: ${OMNIGENT_DOMAIN:?set OMNIGENT_DOMAIN in .env}
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- caddy-data:/data
|
|
- caddy-config:/config
|
|
|
|
volumes:
|
|
caddy-data:
|
|
caddy-config:
|