Caddy: web proxy in docker container

files/caddyproxy/Caddyfile.j2

@@ -0,0 +1,67 @@
+# -------------------------------------------------------------------
+# Global options
+# -------------------------------------------------------------------
+
+{
+    grace_period 15s
+}
+
+# -------------------------------------------------------------------
+# Netdata service
+# -------------------------------------------------------------------
+
+status.vakhrushev.me, :29999 {
+    tls anwinged@ya.ru
+
+    reverse_proxy {
+        to netdata:19999
+    }
+
+    basicauth / {
+       {{ netdata.login }} {{ netdata.password_hash }}
+    }
+}
+
+# -------------------------------------------------------------------
+# Applications
+# -------------------------------------------------------------------
+
+vakhrushev.me {
+    tls anwinged@ya.ru
+
+    reverse_proxy {
+        to homepage_app:80
+    }
+}
+
+git.vakhrushev.me {
+    tls anwinged@ya.ru
+
+    reverse_proxy {
+        to gitea_app:3000
+    }
+}
+
+kk.vakhrushev.me {
+    tls anwinged@ya.ru
+
+    reverse_proxy {
+        to keycloak_app:8080
+    }
+}
+
+outline.vakhrushev.me {
+    tls anwinged@ya.ru
+
+    reverse_proxy {
+        to outline_app:3000
+    }
+}
+
+gramps.vakhrushev.me {
+    tls anwinged@ya.ru
+
+    reverse_proxy {
+        to gramps_app:5000
+    }
+}

files/caddyproxy/docker-compose.yml.j2

@@ -0,0 +1,22 @@
+services:
+
+  {{ service_name }}:
+    image: caddy:2.9.1
+    restart: unless-stopped
+    container_name: {{ service_name }}
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    cap_add:
+      - NET_ADMIN      
+    volumes:
+      - {{ caddy_file_dir }}:/etc/caddy
+      - {{ data_dir }}:/data
+      - {{ config_dir }}:/config
+    networks:
+      - "{{ web_proxy_network }}"
+
+networks:
+  {{ web_proxy_network }}:
+    external: true

playbook-caddyproxy.yml

@@ -0,0 +1,67 @@
+---
+- name: "Configure caddy reverse proxy service"
+  hosts: all
+
+  vars_files:
+    - vars/ports.yml
+    - vars/vars.yml
+
+  vars:
+    app_name: "caddyproxy"
+    app_user: "{{ app_name }}"
+    base_dir: "/home/{{ app_user }}"
+
+    data_dir: "{{ (base_dir, 'data') | path_join }}"
+    config_dir: "{{ (base_dir, 'config') | path_join }}"
+    caddy_file_dir: "{{ (base_dir, 'caddy_file') | path_join }}"
+
+    service_name: "{{ app_name }}"
+
+  tasks:
+    - name: "Create user and environment"
+      ansible.builtin.import_role:
+        name: owner
+      vars:
+        owner_name: "{{ app_user }}"
+        owner_extra_groups:
+          - "docker"
+
+    - name: "Create internal application directories"
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: "directory"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0770"
+      loop:
+        - "{{ data_dir }}"
+        - "{{ config_dir }}"
+        - "{{ caddy_file_dir }}"
+
+    - name: "Copy caddy file"
+      ansible.builtin.template:
+        src: "./files/{{ app_name }}/Caddyfile.j2"
+        dest: "{{ (caddy_file_dir, 'Caddyfile') | path_join }}"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0640"
+
+    - name: "Copy docker compose file"
+      ansible.builtin.template:
+        src: "./files/{{ app_name }}/docker-compose.yml.j2"
+        dest: "{{ base_dir }}/docker-compose.yml"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0640"
+
+    - name: "Run application with docker compose"
+      community.docker.docker_compose_v2:
+        project_src: "{{ base_dir }}"
+        state: "present"
+        remove_orphans: true
+
+    - name: "Reload caddy"
+      community.docker.docker_compose_v2_exec:
+        project_src: '{{ base_dir }}'
+        service: "{{ service_name }}"
+        command: caddy reload --config /etc/caddy/Caddyfile