caddy SHOULD work

docker/proxy/.env.example

@@ -0,0 +1,7 @@
+# Cloudflare
+CF_API_TOKEN=
+
+# Domains
+AUTH_DOMAIN=auth.orangeunilabs.com
+GIT_DOMAIN=git.orangeunilabs.com
+STATUS_PAGE_DOMAIN=status.orangeunilabs.com

docker/proxy/Caddyfile

@@ -0,0 +1,23 @@
+tls {
+	dns cloudflare {env.CF_API_TOKEN}
+	resolvers 1.1.1.1
+}
+
+servers {
+	metrics
+}
+
+# Uptime Kuma
+{env.STATUS_PAGE_DOMAIN} {
+	reverse_proxy uptime:3001
+}
+
+# Authentik
+{env.AUTH_DOMAIN} {
+	reverse_proxy auth:9000
+}
+
+# Git (Forgejo/Gitea - not sure which as of yet)
+{env.GIT_DOMAIN} {
+	reverse_proxy git:3000
+}

docker/proxy/Dockerfile

@@ -0,0 +1,10 @@
+ARG VERSION=2.7
+
+FROM caddy:${VERSION}-builder-alpine AS builder
+
+RUN xcaddy build \
+    --with github.com/caddy-dns/cloudflare
+
+FROM caddy:${VERSION}-alpine
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

docker/proxy/README.md

@@ -0,0 +1,9 @@
+# proxy
+
+This folder contains the setup for using Caddy with Cloudflare & the ACME DNS01 challenge
+
+# Environment Variables
+
+| Variable       | Description                                                          |
+| -------------- | -------------------------------------------------------------------- |
+| `CF_API_TOKEN` | Cloudflare API Token with Zone-Zone-Read & Zone-DNS-Edit permissions |

docker/proxy/compose.yml

@@ -0,0 +1,26 @@
+version: "3.9"
+
+services:
+  caddy:
+    build: ./Dockerfile
+    container_name: caddy
+    hostname: caddy
+    restart: unless-stopped
+    networks:
+      - proxynet
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./data:/data
+      - ./config:/config
+
+    env_file:
+      - .env
+
+networks:
+  proxynet:
+    attachable: true
+    driver: bridge

docker/proxy/reload.sh

@@ -0,0 +1,3 @@
+# !/bin/bash
+# Reload the caddy container to apply changes without downtime
+docker exec -w /etc/caddy caddy caddy reload