Caddy - NixOS Container Setup
Caddy is a simple open-source web server. I use Caddy as a local reverse proxy to access software within containers via a domain name served over HTTPS.
Configuration
This container is configured for use with NixOS and Podman. My configuration is probably easy to translate to Podman or Docker running on another OS.
NixOS specific
If you are not using NixOS, skip the steps below and go to Container.
For each container I put the Podman container configuration in a separate nix file. Then I refer to this file in the NixOS configuration.nix
like this:
containers = {
caddy = import ./containers/caddy.nix;
};
I also make sure that a macvlan network (net_macvlan
) has been created via the NixOS configuration.nix
so that the containers have their own network and their own IP address:
systemd.services.create-podman-network = with config.virtualisation.oci-containers; {
serviceConfig.Type = "oneshot";
wantedBy = [ "${backend}-caddy.service" ];
script = ''${pkgs.podman}/bin/podman network exists net_macvlan || \ ${pkgs.podman}/bin/podman network create --driver=macvlan --gateway=192.168.xx.1 --subnet=192.168.xx.0/24 -o parent=ens18 net_macvlan'';
};
Adjust the following:
192.168.xx.1 and 192.168.xx.0/24
Replace xx with your own range / VLAN tag
parent=ens18
Replace ens18 with the name of your network interface
Also add the following to the NixOS configuration.nix
to make sure the folders are created that are used by containers:
# Create directories for the containers
system.activationScripts = {
script.text = ''
install -d -m 755 /home/USER/caddy/site -o root -g root
install -d -m 755 /home/USER/caddy/data -o root -g root
install -d -m 755 /home/USER/caddy/config -o root -g root
test -f /home/USER/caddy/Caddyfile || echo -e "#{\n# debug\n#}" > /home/USER/caddy/Caddyfile
'';
};
Adjust the following:
USER
Replace USER with your NixOS user
Here you can view the full NixOS configuration.nix
.
Then I created caddy.nix
:
mkdir -p /etc/nixos/containers # make sure the directory exists
sudo nano /etc/nixos/containers/caddy.nix
Container
The configuration below might also help you if you don’t use NixOS and use the podman/docker run command, for example.
Copy the below to caddy.nix
:
{
image = "caddy:latest";
environment = {
"TZ" = "Europe/Amsterdam";
};
volumes = [
"/home/USER/caddy/Caddyfile:/etc/caddy/Caddyfile"
"/home/USER/caddy/site:/usr/share/caddy"
"/home/USER/caddy/data:/data"
"/home/USER/caddy/config:/config"
];
extraOptions = [
"--pull=newer" # Pull if the image on the registry is newer than the one in the local containers storage
"--name=caddy"
"--hostname=caddy"
"--network=net_macvlan"
"--ip=IP"
"--mac-address=MAC"
];
}
Adjust the following if needed:
“TZ” = “Europe/Amsterdam”
Pick the right timezone
volumes
Replace USER with your username
”–pull=newer”
Disable this option if you do not want the image to be automatically replaced by new versions
”–network=net_macvlan”
Make sure you have created a macvlan network. Replace net_macvlan with the name of your network
”–ip=IP”
Choose an IP address for this container. Make sure it is within the range of the macvlan network
”–mac-address=MAC”
Enter a (randomly generated) MAC address. Otherwise, every time the container is started, a new mac address will be used, which for example will be created as a new device within the Unifi Network Application. Or temporarily disable this option and use the mac address that is then generated (instead of random generation):sudo podman inspect homer |grep MacAddress|tr -d ' ,"'|sort -u
Exit Nano (CTRL-X) and save the changes.
Switch NixOS configuration
Now you can switch to the new configuration within NixOS, the image will be downloaded and the container will be created:
sudo nix-collect-garbage # optional: clean up
sudo nixos-rebuild switch
Check that the container is working properly:
journalctl -u podman-caddy.service
Example Caddyfile with Reverse Proxy
You can edit the Caddyfile with sudo nano /home/USER/caddy/Caddyfile
(replace USER with your username). Please see this note for more information.
Read other notes
Tags
Notes mentioning this note
- Caddy - Reverse Proxy with Pi-hole Local DNS Setup
Since I create Docker/Podman containers with a macvlan and a reserved IP address, I also wanted to use my local...
- NixOS - Server Configuration and Switch to Podman
For some time now I have been looking for an interesting lightweight linux distribution that could replace Ubuntu
Comments
No comments found for this note.
Join the discussion for this note on this ticket. Comments appear on this page instantly.