Caddy - NixOS Container Setup

Caddy is a simple open-source web server. I use Caddy as a local reverse proxy to access software within containers via a domain name served over HTTPS.

Configuration

Below I explain how I configured the container using Podman within NixOS. But I think my configuration is easy to translate to Podman or Docker running on another OS.

NixOS specific

If you are not using NixOS, skip the steps below and go to Container.

I put the Podman configuration for each container in a separate nix file. In the NixOS configuration.nix I refer to this nix file:

containers = {
	caddy = import ./containers/caddy.nix;
};

I also make sure that a macvlan network (net_macvlan) has been created via the NixOS configuration.nix so that the containers have their own network and their own IP address:

systemd.services.create-podman-network = with config.virtualisation.oci-containers; {
	serviceConfig.Type = "oneshot";
	wantedBy = [ "${backend}-caddy.service" ];
	script = ''${pkgs.podman}/bin/podman network exists net_macvlan || \ ${pkgs.podman}/bin/podman network create --driver=macvlan --gateway=192.168.xx.1 --subnet=192.168.xx.0/24 -o parent=ens18 net_macvlan'';
};

Adjust the following:

192.168.xx.1 and 192.168.xx.0/24
Replace xx with your own range / VLAN tag

parent=ens18
Replace ens18 with the name of your network interface

I’ve also added the following to make sure folders are created that are used by containers:

# Create directories for the containers
systemd.tmpfiles.rules =
[
  "d /home/USER/caddy/site 755 beheer users"
  "d /home/USER/caddy/data 755 beheer users"
  "d /home/USER/caddy/config 755 beheer users"
] ;

Adjust the following:

USER
Replace USER with your NixOS user

Here you can view the full NixOS configuration.nix.
Then I created caddy.nix:

mkdir -p /etc/nixos/containers # make sure the directory exists
sudo nano /etc/nixos/containers/caddy.nix

Container

The configuration below might also help you if you don’t use NixOS and use the podman/docker run command, for example.

Copy the below to caddy.nix:

{
  image = "caddy:latest";

  environment = {
    "TZ" = "Europe/Amsterdam";
  };

  volumes = [
    "/home/USER/caddy/Caddyfile:/etc/caddy/Caddyfile"
    "/home/USER/caddy/site:/usr/share/caddy"
    "/home/USER/caddy/data:/data"
    "/home/USER/caddy/config:/config"
  ];

  extraOptions = [
    "--pull=newer" # Pull if the image on the registry is newer than the one in the local containers storage
    "--name=caddy"
    "--hostname=caddy"
    "--network=net_macvlan"
    "--ip=IP"
    "--mac-address=MAC"
  ];
}

Adjust the following if needed:

“TZ” = “Europe/Amsterdam”
Pick the right timezone

volumes
Replace USER with your username

”–pull=newer”
Disable this option if you do not want the image to be automatically replaced by new versions

”–network=net_macvlan”
Make sure you have created a macvlan network. Replace net_macvlan with the name of your network

”–ip=IP”
Choose an IP address for this container. Make sure it is within the range of the macvlan network

”–mac-address=MAC”
Enter a (randomly generated) MAC address. Otherwise, every time the container is started, a new mac address will be used, which for example will be created as a new device within the Unifi Network Application. Or temporarily disable this option and use the mac address that is then generated (instead of random generation): sudo podman inspect homer |grep MacAddress|tr -d ' ,"'|sort -u

Exit Nano (CTRL-X) and save the changes.

Switch NixOS configuration

Now you can switch to the new configuration within NixOS, the image will be downloaded and the container will be created:

sudo nix-collect-garbage # optional: clean up
sudo nixos-rebuild switch

Check that the container is working properly:

journalctl -u podman-caddy.service

Example Caddyfile with Reverse Proxy

You can edit the Caddyfile with sudo nano /home/USER/caddy/Caddyfile (replace USER with your username). Please see this note for more information.

Read other notes