# yaml-language-server: $schema=https://schema.zeabur.app/template.json apiVersion: zeabur.com/v1 kind: Template metadata: name: Caddy spec: description: Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go. coverImage: https://miro.medium.com/v2/resize:fit:914/1*bCx0_WDnOSnlqarXkTOB8A.png icon: https://cdn.zeabur.com/caddy.png variables: - key: PUBLIC_DOMAIN type: DOMAIN name: Domain description: Domain of your Caddy service. tags: - proxy - http server readme: | ## [Features](https://caddyserver.com/features) - **Easy configuration** with the [Caddyfile](https://caddyserver.com/docs/caddyfile) - **Powerful configuration** with its [native JSON config](https://caddyserver.com/docs/json/) - **Dynamic configuration** with the [JSON API](https://caddyserver.com/docs/api) - [**Config adapters**](https://caddyserver.com/docs/config-adapters) if you don't like JSON - **Automatic HTTPS** by default - [ZeroSSL](https://zerossl.com) and [Let's Encrypt](https://letsencrypt.org) for public names - Fully-managed local CA for internal names & IPs - Can coordinate with other Caddy instances in a cluster - Multi-issuer fallback - **Stays up when other servers go down** due to TLS/OCSP/certificate-related issues - **Production-ready** after serving trillions of requests and managing millions of TLS certificates - **Scales to hundreds of thousands of sites** as proven in production - **HTTP/1.1, HTTP/2, and HTTP/3** all supported by default - **Highly extensible** [modular architecture](https://caddyserver.com/docs/architecture) lets Caddy do anything without bloat - **Runs anywhere** with **no external dependencies** (not even libc) - Written in Go, a language with higher **memory safety guarantees** than other servers - Actually **fun to use** - So much more to [discover](https://caddyserver.com/features) ## Configuration The default Caddyfile prints a welcome message, with request logging and compression (gzip and zstd) enabled. You can configure the Caddyfile in the [Config Editor](https://zeabur.com/docs/data-management/config-edit) and restart the service to apply the changes. For more examples of Caddyfiles, please refer to [the official documentation](https://caddyserver.com/docs/caddyfile/patterns). ### Trust Zeabur's ingress proxy Zeabur's ingress proxy will add the `X-Forwarded-For` and `X-Real-IP` headers to the requests. You can trust these headers by adding the following configuration to the Caddyfile. ```Caddyfile { servers { trusted_proxies static private_ranges trusted_proxies_strict client_ip_headers X-Forwarded-For X-Real-IP } } ``` ### Example: Password-Protected site Your website must be a containerized service. You can remove the public domain after binding your service to Caddy. ```Caddyfile { servers { trusted_proxies static private_ranges trusted_proxies_strict client_ip_headers X-Forwarded-For X-Real-IP } } :80 { basic_auth { # username password # `password` must be bcrypt-hashed, use https://bcrypt-generator.com # to generate the hash # The default username and password are "zeabur" and "zeabur". zeabur $2a$12$6XKjSRketHN2qIzPHRLqC.FEpGxt/LJWVH2ZvWXAWF7H433YPQVKq } # Use [Networking] > [Private Network] to connect to your service. # This way, unauthenticated users cannot find any endpoints to # connect to your original service. reverse_proxy rsshub.zeabur.internal:1200 # Remember to remove the public domain after binding your service to Caddy. } ``` services: - name: caddy icon: https://cdn.zeabur.com/caddy.png template: PREBUILT spec: source: image: caddy:2-alpine ports: - id: web port: 80 type: HTTP configs: - path: /etc/caddy/Caddyfile template: | { servers { trusted_proxies static private_ranges trusted_proxies_strict client_ip_headers X-Forwarded-For X-Real-IP } } :80 { log encode respond "Welcome to Caddy server deployed on Zeabur, update Caddyfile in configs to add your own rule!" } permission: null envsubst: null domainKey: PUBLIC_DOMAIN