From c2ce3f0791aa9061984331637da97d697a3e6790 Mon Sep 17 00:00:00 2001
From: Michael Housh <mhoush@houshhomeenergy.com>
Date: Fri, 14 Mar 2025 14:06:14 -0400
Subject: [PATCH] feat: Adds caddy readme.

---
 caddy/README.md   | 36 ++++++++++++++++++++++++++++++++++++
 caddy/compose.yml | 13 +++++++++----
 2 files changed, 45 insertions(+), 4 deletions(-)
 create mode 100644 caddy/README.md

diff --git a/caddy/README.md b/caddy/README.md
new file mode 100644
index 0000000..0055c06
--- /dev/null
+++ b/caddy/README.md
@@ -0,0 +1,36 @@
+# Caddy
+
+Caddy is a web-server, commonly used as a reverse proxy (meaning it sits in
+front of other services and routes traffic to them).  It offers SSL certificates
+via Let's Encrypt.
+
+## Usage
+
+This directory has the basic set of files needed to create a caddy server.
+Because caddy uses a plugin architecture, the Dockerfile builds the image that
+is used, which includes cloudflare's DNS provider for verifying the domain of
+the server in order for it to obtain SSL certificates.
+
+## Environment Variables
+
+The `.env` file has the common environment variables needed in order to obtain
+SSL certificates, these values need to be updated.
+
+## Caddyfile
+
+The configuration for the caddy server is found in the `caddy/Caddyfile`.  There
+is a block included as an example of setting up a reverse proxy that will issue
+a wildcard certificate for the domains that are listed.
+
+## Network
+
+The proxy network needs to be created prior to starting the container.  You can
+use the following command to create the network:
+
+```bash
+docker network create --driver=bridge proxy
+```
+
+This allows you to place other containers running on the same host on this
+network and configure the reverse proxy using their container name.
+
diff --git a/caddy/compose.yml b/caddy/compose.yml
index 1736af7..e12b69c 100644
--- a/caddy/compose.yml
+++ b/caddy/compose.yml
@@ -1,10 +1,13 @@
+# This network needs created prior to running the container.
+#
+# docker network create --driver=bridge proxy
+#
 networks:
   proxy:
     external: true
 
 volumes:
   caddy_config:
-  caddy_data:
 
 services:
   caddy:
@@ -23,12 +26,14 @@ services:
       - 80:80
       - 443:443
       - "443:443/udp"
-      - 2019:2019
+      - 2019:2019 # only needed if you want to access the api.
     cap_add:
       - NET_ADMIN
     volumes:
-      - $PWD/config:/etc/caddy
-      - caddy_data:/data
+      - ./config:/etc/caddy
+      - ./data:/data
       - caddy_config:/config
     networks:
       - proxy
+    security_opt:
+      - no-new-privileges:true